June 12, 2020 5:41:09 AM EDT | Blog Improved IAM and Vaulting Reporting

Discover how SPHEREboard addresses challenges in IAM and vaulting solutions by providing accurate data, advanced analytics, and actionable insights. Learn how to prioritize and manage privileged access effectively.

One of the major obstacles IAM and vaulting solutions face is the quality of the data they rely on to be effective. It’s a basic tenet of IT security: Bad data in equals bad data out. Understanding effective permissions and user access is critical and far from simple. Additionally, accurate reporting is essential to confirm that the proper accounts and permissions are being on-boarded or secured as intended. SPHEREboard provides the functionality to tackle these challenges head-on.

The Challenges

Large IT organizations have numerous data repositories across various platforms, making it extremely difficult to get an accurate picture of immediate risks and how to properly eliminate them. This information includes feeds from HR, Active Directory, CMDBs, and other books of record, along with the source platform itself (e.g., Windows).

Based on 10 years of professional services experience, SPHEREboard is a purpose-built collection of host connectors that pull relevant user permissions data from across the environment. It adds referential and contextual data for advanced analytics, producing an organized and actionable data set.

Comprehensive Reporting

SPHEREboard reports provide extensive visibility into all privileged accounts as well as those accounts in the local administrators group that aren’t yet vaulted and are actively being used. This approach is ideal for transitioning privileged accounts from having zero visibility to being fully managed within CyberArk.

In terms of Privileged Access, SPHEREboard offers visibility into the three types of CyberArk Privileged Account Instances being managed on a server:

  • Managed: The account is managed in CyberArk. The password is either rotated or never revealed to the end-user.
  • Vaulted: The account is stored in CyberArk; the password is not rotated and is revealed upon check-out.
  • Unmanaged: The account is not in CyberArk.

Steps to Address Risks

Once the risks have been identified and formalized, educated recommendations can be made to IT management to prioritize which items or potential risks should be addressed first.

  1. Ownership Confirmation & Entitlement Review: Automate the process of having owners attest to accounts and application access across applications, servers, and vaults.
  2. Review & Update Policies: Review proposed privileged access policies with key stakeholders.
  3. Communicate Changes to Business: Engage in communications and formalized training to make privileged users aware of changes.
  4. Remove Human Accounts: Have human accounts re-certified, given access to a vault, and removed from the server.
  5. Perform Ongoing Reporting & Entitlement Review: Ensure regular reporting on gaps in operational compliance and application owners are certifying access.

Immediate Benefits

Some of the immediate benefits of SPHEREboard’s analysis and reporting include:

  • Ensuring all accounts that should be on-boarded into CyberArk are, in fact, on-boarded.
  • Significantly reducing the number of local administrators.
  • Providing ongoing reporting and visibility into privileged access.
  • Ensuring ongoing certifications of individuals who require privileged access.

SPHEREboard helps organizations improve IAM and vaulting reporting, ensuring data quality and accuracy in managing permissions and access.
Rita Gurevich

Written By: Rita Gurevich

Rita Gurevich is the CEO and founder of SPHERE, a leading identity hygiene company redefining how organizations achieve access controls across their environment. Rita began her career at Lehman Brothers where she oversaw the distribution of technology assets after the organization’s bankruptcy in 2008. From this, Rita gained a deep understanding of analyzing identities, data platforms, and the overall application and system landscape distributed across buying entities. The enhanced regulatory environment aimed at protecting data from misuse concurrently forced large enterprises to more proactively manage and control access across their on-premises and cloud environments. With this knowledge, Gurevich founded SPHERE, an organization that provides critical governance, security, and compliance solutions centered around the expanding access control issues plaguing organizations. The company has developed a repeatable and effective approach to assessing, remediating, and managing access controls across any scope. Rita has driven the growth of SPHERE through its evolution to a cutting-edge software company that also provides services to clients with the only end-to-end access management solution available today. Gurevich is the recipient of multiple honors and awards including recognition from Ernst & Young for her entrepreneurial skills, SmartCEO, 40 Under 40, and many more.