Pathlock. a leading provider of identity and application access governance, has officially announced the launch of a Continuous Controls Monitoring (CCM) solution, which is designed to reduce time and costs of SoD audits by as much as 80%. According to certain reports, the CCM solution delivers on its promised value proposition by packing together control management, risk quantification, and change monitoring capabilities to streamline control mechanisms from various frameworks into one centralized and fully automated system. This, in turn, should enable large enterprises to monitor all business control, separation of duties, and IT configuration change transactions in real-time, instead of having to rely upon those periodic sample reviews. Before we dig any further into this product, we must acknowledge that, while many of the present day identity and access management solutions do provide the ability to manage an organization’s joiners, movers, and leavers, they fail sensationally when considering the potential risk someone can cause with their provisioned access. On top of it, legacy Identity Access Management (IAM) solutions may generate alerts for potential risks, but they also fail to prioritize or quantify the impact of these risks, causing every user to look the same.
Now, having understood the gaps, we must try and understand Pathlock’s approach to filling them with its new CCM solution. The stated approach is divided into two explicit models i.e. controls management and change monitoring. Beginning from controls management, it basically leverages a unified and automated controls system to enhance risk visibility, improve efficiency, and reduce manual effort during maintenance of compliance. Going back to the risk quantification aspect, the feature has a major role to play here. You see, we say that because of the way it can analyze transaction data for organizations to quantify the financial exposure of Separation of Duty (SoD) violations and business process transactions, something the feature does within a single or across multiple application environments. Next up, we have the change monitoring module, which bears the responsibility to generate events, and at the same time, notify a business to analyze master data and key application configuration changes in the business system. This involves detailed analysis in and around the given changes, including the source of the change, the user initiating the change, along with before and after values. For before and after values, the module takes into account items that have been deleted and carry out corrective and/or preventative actions, depending on the real impact of a change. Such a setup goes a long distance in the context of maintaining a complete audit path over configuration and master data changes.
“As the digital landscape continues to evolve and new risks are identified, Continuous Controls Monitoring empowers organizations to stay one step ahead of risk by providing real-time visibility, enhanced compliance, and proactive mitigation,” said Piyush Pandey, CEO of Pathlock. “As a major element of the strategic Pathlock Cloud vision, Pathlock’s CCM is a cross-industry solution that focuses on user access and the potential impact of inappropriate access to sensitive data or SoD violations so that those violations can be quickly remediated.”
Founded in 2004, Pathlock has risen up on the back of its identity and application access governance solutions that manage all aspects attached to application access governance, continuous controls monitoring, and cybersecurity. The company’s excellence in providing this facility can also be understood once you acknowledge how many of the global 2000 companies rely on Pathlock to protect their critical digital assets from financial, regulatory, and security threats,