it-sa EXPO Congress 2021 in Nuremberg

1. Active Roles und ActiveDirectory (AD) as an “IdM light” solution

Storage of the AD in a hybrid environment gives rise to a wide range of risks and uncertainties. Current challenges include admin access to the AD, a lack of compliance with policies, unclear assignment of privileges, auditing requirements, inconsistent AD and AAD procedures. We would like to tackle these with you.

With Active Roles is One Identity’s compact system for solving these problems quickly.

Active Roles offers the following support:

• Account lifecycle management
• Least privilege principle
• Review and implementation of guidelines
• Access control
• Automation using a workflow featuring a scripting engine
• Self-services via the web portal
• Synchronisation with other systems as well as
• Central reporting and full change history

2. New features of OI IM release 8.2 at a glance

• Modern web application architecture with even more user-friendly and adaptable presentation based on the Angular platform
• Database improvements in the form of Azure SQL Managed Instances
• Improved and extended MS Azure AD integration
• Splitting of the central database into two databases (database 1 for data retention, and database 2 for processes and their objects → improved performance)
• LDAP connector enhancement for older LDAP systems
• First MS Teams integration
• Further improved SAP integration through web service integration
• Significantly improved EPIC integration for the healthcare sector
• New improved application governance
  
  • In addition to access requests, confirmations and re-certifications, divisions should be able to update their own apps with privileges
  • This includes a full overview, ownership, SoD, KPIs from a business point of view
  • The IT team can focus on actual platform maintenance
• New Business Service screen for managing applications, active directories and databases
  
  • The Business Service screen contains all relevant objects related to this service
  • This gives rise to a new layer for more effective administration and cluster formation
• User accounts, groups and group objects that do not exist in the database are indicated as ‘pending’ → improved data processing and greater clarity

Privileged Access Management (PAM)

Privileged accounts have become a necessity in corporate IT environments, as administrators need extended privileges to be able to manage the environment.

However, privileged accounts lead to massive compliance and security risks as a result, making them popular targets of hacking attacks.

This is why it is essential that companies manage privileged access effectively and safely.

We recommend the following measures to ensure privileged accounts are managed safely:

• Prepare a list of your privileged accounts, including the users and systems that use the accounts.
• Make sure that your privileged passwords are stored reliably.
• Establish strict administrative processes for changing passwords of privileged accounts.
• Ensure clear responsibilities wherever possible, and do not grant more than the minimum of privileges required.
• Perform regular checks of privileged access use.

Safeguard von One Identity

Safeguard by One Identity allows for privileged access to be safely stored, managed and analysed.

Safeguard helps to minimise damage due to loss or misuse of data, as well as offering companies a safe method for protecting privileged accounts and for improving IT security in a sustainable manner.

For this purpose, Safeguard is operated on a hardened instance with limited access. The application provides optimum protection for all privileged accounts

by combining session management and monitoring with comprehensive analysis options. Suspicious activities and threats can therefore be detected early on, and corresponding protection measures can be initiated.

Used together, the two products allow for Privileged Account Governance (PAG) featuring unique account access, uniform lifecycle management and the Identity Manger.

Product characteristics & features:

• Guideline-based authorisation control
• Identification of risky users
• User behaviour analysis
• Real-time alerts and blocking
• Individual security concepts for privileged passwords and sessions
• Systematic command and application control via whitelisting/blacklisting
• Support of numerous protocols (SSH, Telnet, RDP, HTTP(s), ICA and VNC)
• REST-based API for easier integration of applications and systems

Your benefits at a glance:

• Observance of compliance demands
• Efficient creation of monitoring reports
• Easier management of privileged accounts and sessions
• Attenuation of potential damage caused by security breaches
• Improved protection of sensitive data and company information
• Identification of privileged high-risk users, risky behaviour and unusual events