Veza launches Next-Gen IGA to help enterprises reduce identity risks

Veza launched its Next-Gen IGA (Identity Governance and Administration) solution. The solution comprises the Veza Access Control Platform and new products for provisioning and deprovisioning, access reviews, access visibility, and access intelligence.

By approaching governance with a focus on permissions and automation, Next-Gen IGA reduces identity risks, decreases the costs of governance, and accelerates access to apps and data anywhere.

Identity security is a top priority because research shows that 80% of cyberattacks leverage identity-based techniques. Organizations need processes to reduce the permissions sprawl that allows attacks to succeed. Reflecting that need, NIST has proposed the addition of “govern” to its widely-used Cybersecurity Framework (CSF)–the first update in a decade.

According to Gartner Market Guide for Identity Governance and Administration, “IGA tools have not kept up with demand for machine (device and workload) identity management capabilities, forcing companies to pursue separate solutions in many cases.” Traditional IGA products have blind spots with access because they were built for an era with dramatically fewer permissions.

Next-Gen IGA is the new standard for governance, managing access with authorization entities of roles and permissions instead of users and groups. It enables organizations to visualize and right-size access permissions with automation of traditional access reviews and identity lifecycle provisioning. By adopting Next-Gen IGA, companies are able to:

• Unify the fragmented access lifecycle with one solution that brings forward access visibility and access intelligence, and handles access provisioning with ad hoc access requests.
• Visualize who can take what action on what data by understanding the user/group relationships via roles and policies, and effective permissions to resources.
• Find and fix policy violations automatically, including privilege access, dormant accounts, and segregation of duty policies.
• Integrate quickly with any enterprise system, whether on-premise or in the cloud.
• Monitor all human identities, machine identities, and service accounts.

Veza powers Next-Gen IGA with the Veza Access Control Platform, which ingests and analyzes authorization permission metadata from enterprise systems and organizes it into the Veza Authorization Graph. Veza’s platform understands the unique access mechanisms (RBAC, ABAC, ACLs) of over 150 enterprise systems, including SaaS apps, data systems, and cloud infrastructure and transforms that into a canonical data model.

Security and IAM teams use Veza for use cases like privileged access monitoring, SaaS access security, cloud entitlement management, access review automation, and lifecycle management.

“Identity is the cornerstone of every business initiative. Security teams want enterprise access governance, but they are struggling with the sprawl of identities and the complexity of achieving least privilege access in today’s modern IT landscape that is full of point products,” said Tarun Thakur, CEO of Veza.

“It’s time for a paradigm shift for the entire identity lifecycle. Veza’s Access Control Platform brings the power of our Authorization Graph to all identity access use cases – access visibility, access intelligence, and access reviews – in a single unified platform solution. With our new products, we are adding lifecycle management for provisioning and deprovisioning with native support from HRIS systems (Workday) to any identity provider (AD, Azure AD, Okta, etc.) and to any enterprise system,” added Thakur.

The Veza platform includes the following products and features:

Access visibility

• Visualize the effective permissions resulting from the mix of identities, roles, groups, permissions, and resources across the organization.
• Search permissions by identity or resource, in near real-time, through an intuitive interface with advanced query operators.
• New capabilities include: AND/OR operators for advanced search, identity access to multiple resources, risk visualization on the Authorization Graph, support for advanced IAM properties, and hierarchical role visualization.

Access intelligence

• Leverage 500+ out-of-the-box analyses that provide comprehensive and actionable insights into risky permissions and compliance violations across all apps and systems.
• Create custom queries based on organization priorities.
• Recommendations for access to be removed.
• Access Monitoring to detect over-permissioned access in Snowflake.
• New capabilities include: segregation of duty (SOD) policies, Access Monitoring for over-permissioned access in AWS IAM, Veza Query Builder to show authorization relationships, ability to compare users, User/Role/Group analysis for joiner-mover-leaver reports, SaaS misconfigurations, risk levels, and ability to designate reports as public or private for different teams across the enterprise.

Lifecycle management

• Automate the identity birthright provisioning process and manage the joiner/mover/leaver lifecycle of user accounts. Trigger actions when a user account is changed in an HRIS system, such as Workday.
• Provision fine-grained permissions to follow the principle of least privilege, and deprovision access completely for departing employees.
• New capabilities include: access profiles, native rules engine, canonical roles, and integrations to Workday, Active Directory, and Okta.

Access reviews

• Quickly generate audit-ready reports that summarize access review campaigns at the most granular level, including permissions data to specific resources.
• Demonstrate compliance with regulations such as SOX, ISO 27001, SOC 2, and GDPR.
• Run campaigns to verify user access and certify and recertify entitlements.
• Visualize and understand the impact of remediation steps before taking action.
• New capabilities include: Smart Actions and Bulk Actions for automating access reviews, access review delegation, mobile readiness for certifications, certification analytics, and access review intelligence with auto approve and reject.

Integrations

• 25 new integrations to secure access to critical HR / ERP / CRM applications and infrastructure services, such as Veza for Workday, Veza for ServiceNow, Veza for Kubernetes, Veza for AWS Secrets Manager, Veza for Open.AI, Veza for ElasticSearch, and more.
• Get the complete view of access with 150+ out-of-the-box integrations to providers like Salesforce, Box.com, ServiceNow, NetSuite, Coupa, Oracle Cloud Fusion, Jira Server, Workday, AWS Cognito, GCP CloudRun, MongoDB Atlas, Workato, Windows Server Accounts, ADP Workforce Now, and more.

“Identity security is one of the core pillars of our cybersecurity program, and Veza has been an instrumental partner in our journey,” said Kumar Dasani, CISO, Digital River. “With Next-Gen IGA, Veza gives us clear visibility into the access of all users across our environment. Moreover, the Veza platform allows us to manage the entire lifecycle of an identity, meeting both security and compliance needs. With its ability to continuously monitor permissions and maintain least privilege across all data stores and assets, Veza is empowering our teams to move as quickly as the business.”

“Existing IGA products automate workflows without understanding request intent such as needed permissions, leading to undesired or unknown outcomes,” said Tom Baltis, VP, CISO at Delta Dental Insurance. “Next generation IGA platforms must support and automate effective decision-making to deliver on-demand least privilege access. A data-driven approach applying AI/ML analytics to human and machine identities at scale will enable, for example, autonomous provisioning/deprovisioning, detection and remediation of over-privileged access, and machine-assisted access reviews.”