Welcome to the Veza Voice, our monthly customer email where we share product updates, tips and tricks, events and news.
This month: we introduce powerful new Identity Analytics with user analysis, group analysis, and role analysis, new capabilities to design policies for separation of duties requirements, a new insights report for Salesforce misconfigurations, and more.
Co-Founder & CTO
New Insights: User, Group and Role Analysis
IAM teams use Veza to help them understand complex RBAC permissions, navigating nested groups and roles to understand the effective permissions associated with human identities, and to improve the design of their business and technical roles and groups. We’ve built new Identity Analytics capabilities with user analysis, group analysis, and role analysis use cases. For example:
- User Analysis: See all groups or roles a user belongs to, advanced user comparisons, and more
- Group analysis: show all users that belong to a certain group, and groups who are part of a particular group
- Role analysis: show all users that can assume a role, or roles that can assume a role (hierarchical roles)
Any of these queries can be opened in the Query Builder or Authorization Graph for a deeper analysis with Security Engineering and Security Operations teams. With these new capabilities, security teams can:
- Deep dive into the identity access of any user for rapid incident response
- Discover privileged roles that can be assumed by other roles
- Improve IAM hygiene by removing unnecessary or unused groups and roles
- Achieve least privilege by reducing access debt associated with roles and groups
New Policy Analysis: Separation of Duty
To comply with data sovereignty, financial and identity governance best practices, and particularly with regulatory requirements, like Sarbanes-Oxley (SOX), you may need to enforce separation of duties (SoD) for key compliance tasks. For example, you may need to be able to demonstrate that:
- Users who can create purchase orders cannot also approve them
- Users who can create a vendor should not be able to process payments to vendors
IGA tools often claim to be able uncover separation of duties issues with access certification campaigns. However, these tools typically can only compare the IAM groups and roles an identity has. This isn’t enough to be sure of what access a user really has.
Veza’s SoD policy analysis allows you to compare the results of multiple complex Veza queries, linking identities directly to their permissions to sensitive data. For example, you can identify any users who:
- are members of the “Purchase_Approvers” group, OR can write to the “Purchase_Approvers” table in Redshift
- AND are members of the “Buyers” group.
This allows you to identify and eliminate separation of duties violations with more confidence than by relying on role and group names alone.
Introducing Salesforce Posture and Misconfigurations Insights
How healthy is your Salesforce security posture? Have new business and security initiatives for SSPM? Find out with new insights that surfaces common posture and misconfiguration risks in your Salesforce instance:
- Salesforce Users not tied to an identity provider
- Salesforce Organizations without organization-wide MFA enabled
- Salesforce Profiles that bypass organization-wide MFA
- Salesforce Organizations with “poor” or worse Security Health Check Score
- Salesforce Security Health Check risks ranked high or medium risk
- Salesforce Organizations without Audit Trail enabled
As we continue to expand the reach of Veza’s Authorization Graph, our team is always easing new integrations. Newest integrations include:
- AWS EKS
Reach out to your customer service manager to get started.
Updated Integrations include:
- OneLogin: added support for Groups, Roles, and Apps
- Azure AD: added support for additional Azure Group properties
- Active Directory: added support for additional user properties
Veza releases new features every week. Bookmark our release notes page to see the latest and greatest.
Tips and tricks: Make your own custom dashboards
Did you know that the Dashboard Reports on Veza’s homepage are now completely customizable for each user? Tiles on the homepage can track trends for the past week or month for any out-of-the-box or custom report. This means you can tailor your home page to give you a birds-eye view of your particular responsibilities, or your current project.
For example, here’s a version of the homepage focused on SaaS access security:
And here’s a version focused on privileged access:
These reports are a great way to track how you’re doing, and show progress to your team. To create custom dashboards, just head to Insights > Reports and add reports to the “Dashboard Reports” section. You can drag and drop reports to change the order they’ll appear on your dashboard.
Meet the Veza team at these upcoming events:
- Identiverse, May 30-June 2 in Las Vegas
- Catch Veza Chief Strategist Rich Dandliker and David Tyburski, CISO of Wynn Resorts, presenting a session on IGA strategies for achieving least privilege
- Hang out with us at booth #1119
- Join us for dinner at Cathedrale on May 31st
- AWS re:Inforce, June 13-14 in Anaheim
- Visit us at booth #660
- Join us for dinner and a flight simulator experience at Flightdeck
- Snowflake Summit, June 26-29 in Las Vegas
Catch up on our recent webinars to learn new Veza tips and techniques:
- When employees depart: ensuring access to sensitive data is removed
- Securing access to data in SaaS apps
Email email@example.com for more details.
- We introduced our solution to deliver SaaS access security and governance for the enterprise.
- We launched Veza’s Authorization Platform on the Snowflake Data Cloud.
Want to see Veza in action? See how Veza is crucial to safely deprovisioning access when employees depart by watching the Veza Voice Digest’s featured webinar on-demand here.