Back

Veza Introduces Next-Gen IGA

New products include lifecycle management for access provisioning and deprovisioning, automation for access reviews, access visibility and access intelligence

PALO ALTO, CA – October 10, 2023 Today Veza, the identity security company, announced the launch of its Next-Gen IGA (Identity Governance and Administration) solution. The solution comprises the Veza Access Control Platform and new products for provisioning and deprovisioning, access reviews, access visibility, and access intelligence. By approaching governance with a focus on permissions and automation, Next-Gen IGA reduces identity risks, decreases the costs of governance, and accelerates access to apps and data anywhere.

Identity security is a top priority because research shows that 80% of cyberattacks leverage identity-based techniques. Organizations need processes to reduce the permission sprawl that allows attackers to succeed. Reflecting that need, NIST has proposed the addition of “govern” to its widely-used Cybersecurity Framework (CSF)–the first update in a decade. According to Gartner® Market Guide for Identity Governance and Administration, “IGA tools have not kept up with demand for machine (device and workload) identity management capabilities, forcing companies to pursue separate solutions in many cases.” Traditional IGA products have blind spots with access because they were built for an era with dramatically fewer permissions.

Next-Gen IGA is the new standard for governance, managing access with authorization entities of roles and permissions instead of users and groups. It enables organizations to visualize and right-size access permissions with automation of traditional access reviews and identity lifecycle provisioning. By adopting Next-Gen IGA, companies are able to:

  1. Unify the fragmented access lifecycle with one solution that brings forward access visibility and access intelligence, and handles access provisioning with ad hoc access requests.
  2. Visualize who can take what action on what data by understanding the user/group relationships via roles and policies, and effective permissions to resources.
  3. Find and fix policy violations automatically, including privilege access, dormant accounts, and segregation of duty policies.
  4. Integrate quickly with any enterprise system, whether on-premise or in the cloud.
  5. Monitor all human identities, machine identities, and service accounts.

Veza powers Next-Gen IGA with the Veza Access Control Platform, which ingests and analyzes authorization permission metadata from enterprise systems and organizes it into the Veza Authorization Graph. Veza’s platform understands the unique access mechanisms (RBAC, ABAC, ACLs) of over 150 enterprise systems, including SaaS apps, data systems, and cloud infrastructure and transforms that into a canonical data model. Security and IAM teams use Veza for use cases like privileged access monitoring, SaaS access security, cloud entitlement management, access review automation, and lifecycle management.

“Identity is the cornerstone of every business initiative. Security teams want enterprise access governance, but they are struggling with the sprawl of identities and the complexity of achieving least privilege access in today’s modern IT landscape that is full of point products,” said Tarun Thakur, Co-Founder and CEO of Veza. “It’s time for a paradigm shift for the entire identity lifecycle. Veza’s Access Control Platform brings the power of our Authorization Graph to all identity access use cases – access visibility, access intelligence, and access reviews – in a single unified platform solution. With our new products, we are adding lifecycle management for provisioning and deprovisioning with native support from HRIS systems (Workday) to any identity provider (AD, Azure AD, Okta, etc.) and to any enterprise system.”

The Veza platform includes the following products and features:

Access Visibility

  • Visualize the effective permissions resulting from the mix of identities, roles, groups, permissions, and resources across the organization.
  • Search permissions by identity or resource, in near real-time, through an intuitive interface with advanced query operators.
  • New capabilities include: AND/OR operators for advanced search, identity access to multiple resources, risk visualization on the Authorization Graph, support for advanced IAM properties, and hierarchical role visualization

Access Intelligence

  • Leverage 500+ out-of-the-box analyses that provide comprehensive and actionable insights into risky permissions and compliance violations across all apps and systems.
  • Create custom queries based on organization priorities.
  • Recommendations for access to be removed.
  • Access Monitoring to detect over-permissioned access in Snowflake.
  • New capabilities include: segregation of duty (SOD) policies, Access Monitoring for over-permissioned access in AWS IAM, Veza Query Builder to show authorization relationships, ability to compare users, User/Role/Group analysis for joiner-mover-leaver reports, SaaS misconfigurations, risk levels, and ability to designate reports as public or private for different teams across the enterprise.

Lifecycle Management

  • Automate the identity birthright provisioning process and manage the joiner/mover/leaver lifecycle of user accounts. Trigger actions when a user account is changed in an HRIS system, such as Workday.
  • Provision fine-grained permissions to follow the principle of least privilege, and deprovision access completely for departing employees.
  • New capabilities include: access profiles, native rules engine, canonical roles, and integrations to Workday, Active Directory, and Okta.

Access Reviews

  • Quickly generate audit-ready reports that summarize access review campaigns at the most granular level, including permissions data to specific resources.
  • Demonstrate compliance with regulations such as SOX, ISO 27001, SOC 2, and GDPR.
  • Run campaigns to verify user access and certify and recertify entitlements.
  • Visualize and understand the impact of remediation steps before taking action.
  • New capabilities include: Smart Actions and Bulk Actions for automating access reviews, access review delegation, mobile readiness for certifications, certification analytics, and access review intelligence with auto approve and reject.

Integrations

  • 25 new integrations to secure access to critical HR / ERP / CRM applications and infrastructure services, such as Veza for Workday, Veza for ServiceNow, Veza for Kubernetes, Veza for AWS Secrets Manager, Veza for Open.AI, Veza for ElasticSearch, and more.
  • Get the complete view of access with 150+ out-of-the-box integrations to providers like Salesforce, Box.com, ServiceNow, NetSuite, Coupa, Oracle Cloud Fusion, Jira Server, Workday, AWS Cognito, GCP CloudRun, MongoDB Atlas, Workato, Windows Server Accounts, ADP Workforce Now, and more.

“Identity security is one of the core pillars of our cybersecurity program, and Veza has been an instrumental partner in our journey,” said Kumar Dasani, Chief Information Security Officer, Digital River. “With Next-Gen IGA, Veza gives us clear visibility into the access of all users across our environment. Moreover, the Veza platform allows us to manage the entire lifecycle of an identity, meeting both security and compliance needs. With its ability to continuously monitor permissions and maintain least privilege across all data stores and assets, Veza is empowering our teams to move as quickly as the business.”

“Existing IGA products automate workflows without understanding request intent such as needed permissions, leading to undesired or unknown outcomes,” said Tom Baltis, VP, CISO at Delta Dental Insurance. “Next generation IGA platforms must support and automate effective decision-making to deliver on-demand least privilege access. A data-driven approach applying AI/ML analytics to human and machine identities at scale will enable, for example, autonomous provisioning/deprovisioning, detection and remediation of over-privileged access, and machine-assisted access reviews.”

Learn More

Gartner, Market Guide for Identity Governance and Administration, By Rebecca Archambault, Henrique Teixeira, Brian Guthrie, David Collinson, Nathan Harris, Published 14 July 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Veza

Veza is the identity security company. Identity and security teams use Veza to secure access to data across SaaS apps, on-prem apps, data systems, and cloud infrastructure. Veza overcomes the blind spots of traditional identity tools with its unique ability to ingest and analyze permissions metadata and organize that into the Veza Authorization Graph. Global enterprises like Wynn Resorts, Digital River, and Expedia trust Veza Access Control Platform for access visibility, access intelligence, access reviews, and access lifecycle management. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.

Media Contact

Gillian Roberts
groberts@veza.com
818-395-2948