Access Compliance

One of the greatest areas of security concern for many organizations is having controls in place to ensure users only have access to what they need to properly do their jobs. With improved access to sensitive consumer and corporate information comes increased risk. Providing preventative controls around who has access to what and when is critically important, but often difficult to achieve. Courion’s access compliance solutions provide strong controls by examining user access, how they compare against policy, and automating remediation and corrective action. This provides a platform for sound business management, as well as fulfilling regulatory requirements such as specified in Sarbanes-Oxley, HIPAA, GLB, PCI, and others.

Courion’s access compliance solutions provide the ability to:

  • Ensure who has access to what and when
  • Compare user access against policy
  • Automate remediation and corrective action.

Access Control and Role Management

RoleCourier - Role management, access verification and access control policy compliance software solution.

RoleCourier®, Courion's role management software solution, automates the process of role management through creating and managing enterprise roles. RoleCourier enables organizations to automate the often manual, cumbersome, and inefficient process of role creation and ongoing access control management. Unlike third party role creation tools with limited capabilities that lack true, real-time integration with the user provisioning process, RoleCourier creates a foundation for robust ongoing access control and role lifecycle management that flexibly adapts to the constant stream of access control changes in today’s business environment.

Audit Compliance Software

ComplianceCourier

ComplianceCourier, Courion's user access attestation and compliance software solution, enables business managers to periodically review and verify employee access rights. Increased compliance requirements across almost all industries have tangible top- and bottom-line implications on your business. Achieving compliance can increase your cost of operations due to heightened security and manual compliance procedures. ComplianceCourier access control, verification and compliance software can help by automating user resource analysis management as well as tying critical application access to passing policy awareness tests as ways to proactively meet regulatory compliance requirements while simultaneously reducing operational costs.

Compliance with Segregation of Duties

An important aspect of role management for compliance purposes is to perform checks for segregation of duties violations. Checking segregation of duties is particularly critical in compliance environments where users perform multiple roles, and where assignments of users to roles change on a frequent basis. To address this need, RoleCourier software provides the ability to perform “what if” role modeling. This process examines a set of specified roles against the access control security policy to see if the superset of access rights across all the roles would compromise compliance with segregation of duties policies. A similar process is used to detect attribute-level conflicts across multiple roles.

Managing Role Lifecycles

In addition to role creation and SoD checking, enterprises deploying roles need lifecycle management capabilities to keep up with changes that occur over time. This includes the ability to modify or delete attributes associated with roles, to enable or disable roles, and track the history of changes associated with roles. Role history analysis is a particularly important capability for compliance analysis and reporting.

Another key role management capability is role comparison and consolidation. This enables organizations to iteratively examine their role definitions and determine opportunities for merging similar roles, thereby simplifying management and administration of security policy.

Integrated Access Control, Verification and Provisioning

Without a centralized view of users and their access rights, role definition is often a difficult process. In recognition of this, AccountCourier integrates with the RoleCourier™ role management solution to automate role creation, provide access control and role lifecycle management, and assign users to one or more roles as part of the provisioning process. However, for organizations that are not yet ready to define a role-based access control infrastructure, the flexibility of the Courion approach allows provisioning to be deployed without roles.

Courion Enterprise Provisioning Suite™ Solution

All of Courion's enterprise provisioning solutions leverage a common technology platform − Courion's Enterprise Provisioning Platform − which provides common services and connectors to customers' existing IT environment. This component - based approach is superior to competitive solutions because it allows Courion solutions to quickly integrate with and leverage a customer's existing directories, databases and help desk systems. It also permits customers to choose which applications they want to implement first, without having to implement a "heavy" infrastructure. This architecture enables customers to easily add new managed systems and new technologies as their business needs change, and as they acquire additional organizations or bring in new applications. Our component- based model also assists Courion in delivering additional capabilities quickly and efficiently − including new features and expanded platform coverage.

Back To top

Related Products

Accomplish all of the above with the following products:
 
Copyright © 2008 Courion Corporation. All rights reserved.