The solution manages access authorization based on roles and permissions, not users or groups. Credit: Shutterstock Identity security company Veza has announced the launch of a new identity governance and administration (IGA) solution, Next-Gen IGA. The solution comprises the Veza Access Control Platform and new products for provisioning and deprovisioning, access reviews, access visibility, and access intelligence, the firm said. It approaches governance with a focus on permissions and automation to reduce identity risks, decrease the costs of governance, and accelerate access to apps and data, according to Veza. Research indicates that 80% of cyberattacks leverage identity-based techniques, with criminal gangs prioritizing acquiring stolen credentials to bypass security measures and enhance attacks with access to networks, databases, and other assets owned by organizations. This trend has also created increased demand for access broker services – criminal groups that sell stolen access credentials. There was a 112% year-over-year increase in advertisements for access broker services identified last year compared to 2021, with more than 2,500 advertisements detected across the criminal underground, according to the CrowdStrike 2023 Global Threat Report. What’s more, traditional IGA tools have failed to keep up with the demand for machine identity management capabilities, forcing companies to pursue separate solutions, according to Gartner’s IGA market guide. “Many IGA vendors are not positioned to support the continuous and context-aware controls needed to establish “identity-first” strategies due to the dependence on inflexible policies and static workflows,” the guide stated. Next-Gen IGA manages access authorization based on roles and permissions Next-Gen IGA manages access with authorization entities of roles and permissions instead of users and groups, Veza said in a press release. This enables organizations to visualize and “right-size” access permissions with automation of traditional access reviews and identity lifecycle provisioning, it claimed. The Veza Access Control Platform ingests and analyzes authorization permission metadata from enterprise systems and organizes it into the Veza Authorization Graph. The platform then computes the unique access mechanisms (RBAC, ABAC, ACLs) of more than 150 enterprise systems – including SaaS apps, data systems, and cloud infrastructure – and transforms that into a canonical data model, according to the company. Out-of-the-box integrations include Salesforce, Oracle Cloud Fusion, Workday, AWS Cognito, MongoDB Atlas, and Windows Server Accounts, it added Adoption of Next-Gen IGA will enable companies to unify fragmented access lifecycles, visualize who can take what action on what data, find and fix policy violations automatically, and monitor all human identities, machine identities, and service accounts, Veza said. It will also help organizations demonstrate compliance with regulations such as SOX, ISO 27001, SOC 2, and GDPR; provision fine-grained permissions to follow the principle of least privilege; and run campaigns to verify user access and certify/recertify entitlements, the firm added. Identity security a significant pillar of cybersecurity E-commerce, payments, and marketing services firm Digital River was an early adopter of Next-Gen IGA. Its CISO Kumar Dasani tells CSO that as the company matured its security program, it needed clear visibility into every identity. “Identity security is a significant pillar of cybersecurity, and it’s important for us at Digital River to have a pulse on all identities and access,” he says. “We also urgently needed to solve major questions like who has access to what, why do they have it, how much do they have it, and how long did they have that access. Veza gives us the insight we need to answer these questions, while also providing us with integration, visibility, and the ability to see across our entire environment.” Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe