Identity and Access Rights Management : Security and IGA Compliance

There are several approaches, each presenting advantages and disadvantages:

• The restrictive methods that are Zero trust, the principle of least privilege (PMP) supplemented by PAM (Privileged Access Management). The advantage of these methods lies in the reduced attack surface exposure. The disadvantage resides in the complexity of implementation and maintenance but also in significant related costs combined with reduced performance.
• Role-Based Access Control (RBAC), which simplifies management except in the case of complex environments in the absence of organizational data.

Additionally, we can add:

• Dual control methods such as Multi-Factor Authentication (MFA) or Risk-Based Authentication (RBA) which is constraining for the first and complex for the second, which also requires continuous monitoring. Moreover, it is a method that does not suffice on its own.

If the RBAC method seems to be the most suitable, it quickly becomes apparent that given the size or complexity of the Group to be protected, its real-time update will pose a real issue, explaining why only 1/4 of companies are capable of producing an up-to-date application mapping within 48 hours.

In ROK, access or permissions are granted to users based on their role within the organization, which simplifies permission management and improves security by limiting access to necessary resources.

This is close to RBAC (Role-Based Access Control); however, ROK goes beyond the notion of ‘role-based authorization’ and this is what makes it a unique offer that is simpler to implement and maintain, suited to complex environments with nuanced access requirements.

To fulfill this promise, ROK presents three specifics not found in other IAM market offers:

• A merger of ‘authorization roles’ and ‘organizational roles’ which allows a single interface to integrate HRIS with IAM and automate iTsm.
• Real-time and automated management of employee flows through its No-Code module.
• Effortless integration of risks related to SoD (Segregation of Duties). Through its holistic approach, ROK will enable the use (interfacing) of preexisting tools in the company (IAM, directories, etc.) to orchestrate real-time information system security.

ROK is a multi-tenant and multi-instance Cloud platform that can be served by a private or public cloud. Generally marketed as a SaaS for a unit cost of less than €5 per user, the platform’s provision is ‘instantaneous’.

Organizational setup is relatively quick if the information exists on one or more supports. The modeling of employee flows is simplified by AI and customizable to accommodate the specificities of important complex organizations.

A quick POC allows upfront validation of the effort to be produced for 360° coverage.

Daily maintenance is minimized and focused on organizational change (acquisition, merger, etc.)

In the absence of preexisting tools (IAM integrating WF and/or iTsm tools like Service Now), ROK can provision any application presenting APIs through customized no-code flows.

ROK can also trigger an iTsm tool via APIs, for example, as soon as it automatically identifies a movement of employees or a business organizational change.

For instance, ROK automates the provisioning of SAP rights and advantageously replaces IDM by automating the update process and presenting the authorizations in IT language with its business translation.

In this particular case, ROK also carries the SoD aspect without additional cost.

This performance has been recognized by Atos, which is a distributor of this offer.