Daily News |  Current Issue |  Archives  |  Blogs |  Keywords |  Mediakit  |  Advertise |    |  Free Trial!
System News
System News > Volume 83 > Issue 4 > News >
Sign in  |   Register  |   Password Help   |   Membership types
The Sun Java System Identity Auditor
 Improves Audit and Compliance Performance
January 24, 2005,
Volume 83, Issue 4

...corporations can create a secure identity audit trail and present a unified view of an individual's identity and system access activities.
 

Compliance is a top priority in today's market for many enterprises, who are required to comply with legislative regulations, such as Sarbanes-Oxley and HIPAA. In response, Sun has released the Sun JavaTM System Identity Auditor that is designed to improve audit and compliance performance.

With the Sun Java System Identity Auditor, corporations can create a secure identity audit trail and present a unified view of an individual's identity and system access activities. This proactive solution helps automate the evaluation and enforcement of a company's internal identity and access controls so it can react quickly to any violations and minimize risk.

"Companies are spending substantial sums of money to hire and manage external consultants to perform auditing and compliance tasks for identity management activities," said Roberta J. Witty, Research VP, Gartner Inc. "To answer the question of 'Who has access to what?', and prove it, companies need a secure, automated analysis and reporting solution that is cost-effective and comprehensive in its capabilities, including the scope of supported platforms and applications as well as role conflict analysis."

With that in mind, Sun developed this proactive, automated and sustainable solution that provides visibility into identity controls across enterprise applications and the entire identity management infrastructure.

The Sun Java Identity Auditor leverages workflow and delegation capabilities by sending audit reports automatically to selected personnel for review. This enables consistent, ongoing verification of identity controls that mitigates operational risks. Audit reports can either be scheduled to routinely access information or generate when a policy violation occurs. A number of packaged compliance reports are included with the Sun Java Identity Auditor, which also comes with a report wizard so individual corporations can custom build reports if necessary.

This Sun solution is integrated with provisioning and access management solutions to help enforce automated remediation of policy violations. The compliance reports that are produced can provide extensive identity information on users' historical access activities and access privileges, as well as policy violations and resulting actions.

Utilizing an audit policy engine, the Sun Java Identity Auditor scans critical applications, flags audit policy violations and evaluates violation criteria, such as segregation of duties, unauthorized access changes and erroneous access privileges. Customers can specifically define audit policies to address their specific corporate requirements.

In addition, this product offers closed loop integration with Security Event Management (SEM) applications to provide an identity context for the enforcement of enterprise security policies. This integration assists customers in associating security policy violations to specific identities and adjust judiciously.

Sun's Director of Directory Services Don Bowen spoke with Clint Boulton of internetnews.com and commented that many corporations are in desperate need of this type of solution because their attempts at implementing security controls have fallen flat.

"One of our customers has identified 37 applications that play into their bottom line," Bowen said. "When they do the audit on this, it takes them 50 months to do - every time. That's just not sustainable."

Sara Gates, vice president identity management at Sun, concurred, "Organizations today are struggling to implement effective security controls and the verification and auditing of these controls is often a fragmented and highly manual process. Identity Auditor addresses this challenge by enabling automation of identity controls across critical enterprise applications and providing companies with visibility to the audit trail of those automated activities as well as the reporting they require to address corporate audit and compliance requirements."

For more information on the Sun Java System Identity Auditor, visit:

http://www.sun.com/software/products/identity_auditor [...read more...]

Keywords:

fullsource
Print
Email
Current
Profile
Archive
Blog
Generate newsletter
 

Other articles in the News section of Volume 83, Issue 4:

See all archived articles in the News section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)

Featured Articles



Archive by Section
Archive by Activity
Archive by Date
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998
BigAdmin Cloud Developer Disk Events FOSS Features HPC Hardware Intel
Java MySQL NetBeans News OpenOffice OpenSolaris OpenStorage Partners Performance Publications
Security Servers Service Software Solaris Storage SysAdmin Tape Workstation VendorVoice

Latest Issue  |   Archived Articles  |   Edit Account  |   Blogs  |   About SNI  |   Mediakit  |   NewsToLeads  |   Headlines  |   NewsToLeads  |   RSS Feeds
Copyright © 1998-2011 System News, Inc.