November 08, 2011 | Palo Alto, California | Rome, Italy - MetricStream, Inc., the market leader in Governance, Risk, Compliance (GRC) solutions, and CrossIdeas, a leading provider of identity and access governance solutions to large multinational businesses in diverse sectors, are assisting organizations enhance their GRC programs by embedding Segregation of Duties(SoD) controls in business processes. The integrated solution enables organizations implement effective and efficient internal controls, enforce policies and fortify risk and governance management across the enterprise through a robust framework. It helps track and mitigate any possibilities of access permissions that can cause conflict of interest and increase vulnerability to various possible frauds.
MetricStream Solution’s integration with CrossIdeas ensures that organizations have a robust internal controls machinery to realize their business objectives while managing their risk exposures to financial, operational and reputational losses. The integrated solution helps organizations:
- Minimize conflict of interests and human errors in business processes
- Improve visibility and enforcement for policies across the enterprise
- Promote management accountability for user authorizations
- Incorporate continuous controls monitoring
- Reduce risk of frauds
- Improve cost efficiency and time for compliance
CrossIdeas IDEAS, as part of its Identity & Access Governance suite, offers native support for modeling SoD conflicts with an innovative activity-based approach, which actively reduces SoD costs. With increasing dependency and usage of various business applications in day-to-day operations, organizations are looking at enhancing internal controls environment and risk management practices while managing costs. CrossIdeas SoD allows organizations to define conflicting business activities, manage policies, identifies all possible combinations where conflicts of interest and incidents of unauthorized access are likely to occur, assigns permissions to users based on these combinations and warns managers wherever conflicts arise. In case of incidents, immediate remedial action is initiated by assigning investigative responsibilities to the appropriate personnel. Automatic email alerts ensure that action plans are carried out to closure.
“Identity & Access Governance is a key component of the GRC program. CrossIdeas IDEAS is a very specialized offering in this space and delivers innovative and cost-effective capabilities to businesses for managing SoD controls across enterprise,” says Alberto Ocello, President and CEO at CrossIdeas. “CrossIdeas is extremely pleased to partner with MetricStream in empowering enterprises to seamlessly manage access related risks using single point of control.”
Many enterprise business applications like SAP enforce their own proprietary role and authorization model, making it a particularly important part of SoD policy enforcement. CrossIdeas SoD provides native support for the SAP role and authorization framework, and supports application of a single set of SoD definitions to both SAP and non-SAP applications.
MetricStream GRC Solution collaborates with CrossIdeas IDEAS to automatically import data from the various infrastructural elements as well as incidents including SoD conflicts, policy non-compliance, associated risks and other related user identity and access governance information in real-time. The collaboration between the two solutions allows automatic activation of necessary workflows and tasks within MetricStream GRC Solution. This provides advanced capabilities that ensure that proper risk and compliance assessments are conducted, controls and action plans are created and remediation tasks are executed.
“Processes for authorizing business users are many times ad hoc, time-consuming and not auditable, with access policies not well-defined and difficult to enforce,” says Vasant Balasubramanian, Vice President - Product Management at MetricStream. “In most organizations, the responsibility of user authorization is under the control of IT administrators, and not the business. As a result, compliance with regulations for controlling access to IT systems and various business applications becomes costly, inadequate and not sustainable. Apart from reducing the risk of fraudulent activities and ensuring that users have the exact permissions required by their job profiles, the integration will help organizations reduce the cost of managing user permissions and that of audits and governance. The integration will facilitate retention of an auditable record of identity transactions, promote transparent authorization processes and enforce policies across the organization.”
CrossIdeas, formerly known as Engiweb Security, provides Identity & Access Governance Solutions to harmoniously manage people, applications and entitlements. Leveraging its cutting-edge technology and flexible service model with on-premise as well as cloud-based options, CrossIdeas enables organizations to strengthen their risk awareness and IT security.
With over 10 years of experience in the industry, CrossIdeas has more than 90 customers throughout the Banking, Manufacturing, Energy and Government sectors. CrossIdeas' largest customers are multinational businesses, managing millions of entitlements in heterogeneous enterprise application estates. Cross Ideas is headquartered in Rome, Italy and can be reached at www.crossideas.com