Current Filter: Security>>>>>Feature>

   

Under the burden of more government regulations and increasing sophistication of security threats, business leaders are demanding that IT and security executives implement access governance policies and solutions that provide visibility into operational and IT risks. All of which has made IBM's recent acquisition of CrossIdeas all the more intriguing.

Based in Rome, Italy, CrossIdeas helps organisations manage identities and application access by bridging the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes. The move by IBM means it has now made more than a dozen acquisitions in security over the past decade, and invested extensively in dedicated research and development in the security space.

BOOSTING DEFENCES
This blend of organic innovation and acquired technologies is, it states, helping IBM's customers defend against advanced threats and manage risk in an era of unprecedented technology change. Says Brendan Hannigan, general manager, IBM Security Systems: "IBM can now provide enterprises with enhanced governance capabilities and transparency into risk from the factory floor to the board room, giving leaders the insight they need to protect their brand and customers."

As part of IBM's Identity and Access Management portfolio, CrossIdeas will deliver next-generation identity and access governance capabilities to help mitigate access risks and segregation of duty violations. The combined business-driven approach provides integrated governance and full lifecycle management of a user's time with an organisation. For example, a stock trader working in a financial institution may be promoted and given access to approve trades in a new system, while retaining access to enter trades in the previous system.

This dual access may constitute a segregation of duties violation, which could expose the institution to failing a compliance requirement. With CrossIdeas' technology, auditors and managers could detect and remediate the segregation of duties violation before it becomes a security risk and audit exposure.

IDENTITY INTELLIGENCE
CrossIdeas addresses the business requirements of auditors and risk and compliance managers with innovative role analytics, intuitive visualisations for better insight into user access, and alignment with compliance and access risk requirements. This 'Identity Intelligence' is delivered via centralised compliance dashboards for auditors to evaluate access risk and activity-based segregation of duties across enterprise-wide applications. These dashboards are populated using a broad array of identity and access repositories, including IBM Security Identity Manager.

Integrating CrossIdeas' business-driven governance capabilities with IBM's Security portfolio will be expedited by the two companies' existing relationship. By its participation in the 'Ready for IBM Security Intelligence' programme, CrossIdeas already allows IBM customers to deploy integrated access governance and user lifecycle management technologies leveraging IBM's Security Identity Management (ISIM) portfolio. This integration will, it states, help ISIM customers rapidly introduce access governance capabilities, with minimal changes to their existing environment.