Apere Logo
ApereProductsPartner SolutionsTechnologyAbout UsContact
   
 
True Web SSO
sso for concurent solutions
 
Related Links
Single Sign on SAML
 


Regulatory compliance is one of the biggest challenges enterprises face today. And it's not going to go away. This is true for every industry, whether it's a bank sending credit card information over the Web, a public company transmitting financial statements across the enterprise, or a human resource administrator processing employee insurance records.

Organizations today must maintain transparency and accountability – whether it is to their employees, customers, shareholders, or government regulators. This is not simply a best practice – it's a requirement.

Solutions
The IMAG enables reliable maintenance of data about users and their security rights. In turn, this supports reliable AAA (Authentication, Authorization and Audit infrastructure) and therefore regulatory compliance.

IMAG effectively identifies and removes the orphan accounts from the identity stores sitting in the network.IMAG offers a unique feature which helps the system admin to identify these orphan accounts by reconciliation process from a central location. Once a user leaves the organization we can delete his ID with an assurance that all of the rights have been purged, thereby meeting security and regulatory compliance.

Password Management for ISO/IEC 27001/BS7799
ISO/IEC 27001.  It was formerly known as BS 7799 and standards like ISO/IEC 17799:2005, ISO/IEC 13335-1:2004, ISO/IEC TR 13335-3:1998, ISO/IEC TR 13335-4:2000, ISO/IEC TR 18044:2004 and “OECD Guidelines for Security of Information Systems and networks. These require strong password management rules that include:

Implementing strong passwords

    1. Passwords need to be minimum eight characters long.
    2. Should not be same as login or most commonly used information like last name, maiden name etc.
    3. Should not be a password that has already being used.
    4. Passwords need to be frequently changed – Periodic changing of passwords would minimize most common enemy for security that is password sharing. Most organizations are now required to implement a password change mechanism for every 15 days.
    5. Managing shared accounts – In configurations where common accounts are used to across projects security and compliance becomes an issue with personnel turn over.
Implementing Password Management using IMAG
Apere's IMAG implements a simple and effective framework to provide a centralized password management. It provides a simple, unique and cost saving password self administration technology. From a single location IMAG's admin can access and reset the password of consolidated ids of the applications residing in a network.



Auto-generated Reports for Compliance

Logs are required to meet both regulatory compliance needs and customer reviews for billing purposes. These logs should contain the record of active users and list the log in time-period, and also should contain records of users created or deleted. Currently these logs and reports are gathered and collated on manual basis and this process is very error prone and is not eligible for audit trail.. These reports need to be generated periodically and hence an automated process will be very efficient and effective.

Reporting
Reports are the easiest and simple way of providing evidence of enterprise's compliance, to IT security and regulatory needs. The IMAG's one button compliance reports provide a simple, consolidated view of the identity access information to validate security posture and compliance with regulations such as GLBA, HIPAA, Sarbanes-Oxley, etc. Dashboard provides a quick review /check of the functional health of various applications in the enterprise.

  • User Access Rights
  • What are the applications that the user is accessed to?
  • What are the applications the user has access to?
    • e.g.  Jim Collins represented as “JCollins” in Oracle Database has an access right to use the database with port no 1443
    • e.g.  Andy Smith represented as “Andy_Smith” in salesforce.com has an access right to use the application with port no 8080
  • What are the entitlements for the user within an application?
  • What are the privileges of the user on an application?

  • Applications/Servers
  • What are list of applications in the network?
  • What is the name of the application, its IP address and Port on which the service resides?
  • What is the location, type of application and organizational unit of the application?
    • e.g. Finance Server  which is a database application configured residing in San Jose
  • Which applications are in protect mode, monitor mode or bypass mode?
  • Who are the users of these applications?

  • User Account Status
  • Who are authoritative users in the organization and their names, employeeIDs and roles in the company?
  • When were these accounts created and current status of the account?
  • What were the authorizations associated with creation, deletion, disabling or enabling of these accounts?
  • Which are active accounts, disabled account and orphan accounts for an application?
  • Account access details by time-period
    • e.g. Accounts accessed in 30,60, 90 days

 

IMAG Log Reports
The IMAG can provide detailed reporting from a single-point location, and these reports can be scheduled to generate periodically. These reports can be printed or saved in CSV or PDF format. IMAG's Log reports provide the detailed information of logs on password reset operations, user log in and log out events, reports needed to comply with regulatory needs, granular level user of information viz. userID, username, user location, organization in the enterprise.

Benefits
  • Enhanced the overall security environment of the enterprise without compromising with the productivity or increasing costs.
  • Installed a secure password management solution that stores passwords securely and encourages users to adhere to strict password practices and makes sure it meets all the regulatory needs set by IT security governing bodies
IMAG accomplishes the task of providing an impeccable Identity Management solution with self-service password reset operation, which meets all the regulatory needs of IT Security regulatory bodies viz. SOX, GLBA, HIPAA, BS7799 etc.


Canned reports for SOX, HIPAA and GLBA

SOX Complaince Reports
SOX (Sarbanes-Oxley) regulate the corporate financial records. It defines the type of records that must be recorded and for how long. It also deals with falsification of data that affects data storage capacities and planning.


HIPAA
The Health Insurance Portability and Accountability Act is a compliance report related to the healthcare industry. The Mandatory security requirements for the health industry to have a strong internal management control of passwords and access.


GLBA
The Gramm-Leach-Bliley Act is a compliance report related to the finance sector. GLBA requires that “financial institutions” provide adequate protections of personal information collected about individuals. As system level access provides the ability to bypass most file access controls, it is critical that the enterprise have appropriate controls and management of system level access accounts and passwords to meet the requirements of GLBA.

IMAG as a solution meets all the regulatory needs of SOX, GLBA, and HIPAA etc by generating logs and reports for every user activity within the enterprise. IMAG can also help the password management policy to be complaint by keeping the password complex and ensuring that it is changed periodically. The Logs and Reports section of the IMAG500 interface enables the Administrator to view a complete report of all the actions performed on every discovered resource within the enterprise.
 
Copyright © 2009 Apere Inc..