Security Benefits
User Provisioning
ID-Synch® improves the security of user access administration processes:
- When users leave the organization, their systems access is terminated promptly and reliably.
- All access changes are subject to a rigorous, globally-enforced approvals process.
- Audit reports listing accounts per user and access privileges for users across systems, can be generated easily and can be used to identify and remove inappropriate access privileges.
- Access change history, including who submitted each request, who approved it and the change details, are logged and are available as an audit trail.
- Orphan and dormant accounts are easily identified and are subsequently deactivated and deleted.
- New accounts are created in compliance with security policy and standards.
- Initial passwords are never set to default, guessable values and are never transmitted in plaintext e-mail.
Password Management
P-Synch® improves the security of authentication processes:
- A global password policy ensures that no passwords are easily guessed, and all passwords are regularly changed.
- Password synchronization helps users to remember their passwords, rather than writing them down.
- Strong authentication ensures that users are properly authenticated prior to a self-service or assisted password reset.
- Delegation allows help desk analysts to reset passwords for users without having administrator credentials on managed systems.
- Extensive audit logs create accountability for password resets.
- Encryption ensures that no sensitive data are stored or transmitted in plaintext.
Administrator Credentials
ID-Archive™ helps organizations to secure administrative passwords:
- Eliminate static and shared administrative credentials.
- Enforce strong authorization controls over which IT user can access which administrative password and when.
- Authenticate IT staff, personally, before granting access to administrative credentials.
- Create an audit log of which IT user had administrative rights to which system and when.
Access Certification
ID-Certify® helps organizations to find and eliminate stale user privileges:
- All user objects are subjected to periodic reviews -- by managers and group owners. Orphan and dormant accounts are eliminated.
- All user membership in security groups (also known as roles, profiles, etc.) are periodically scrutinized. Inappropriate rights are deactivated.
- Accountability is introduced by documenting when each login ID and group membership was reviewed and by whom.
- Organizational roll-up allows executives to sign off on statements asserting that all sensitive security rights have been reviewed.