Reduces risk and cost of compliance management by combining identity and access management, sensitive data management and user activity monitoring

FRAMINGHAM, Mass. — February 23, 2010 — Courion® Corporation, leaders in access governance, provisioning, and compliance, today announced its Access Assurance Suite™ solution version 8.0. As the first vendor to offer integrated compliance management in 2004 and integrated role management in 2006, Courion once again leads the market by delivering the first solution that combines comprehensive Identity and Access Management (IAM) with sensitive data management, user activity monitoring, automated remediation and advanced analytics to help enterprises manage access risk in their organisations.

“To date, the IAM market has focused on managing user access to systems, but with limited success in making that data actionable for the business,” said Ian Glazer, Senior Analyst, Identity & Privacy at Burton Group. “Enterprises need to reduce the risk of data exposure by providing the ability to more broadly understand, control and report on user access to sensitive information assets. By managing user access more effectively as part of overall security practices, you can reduce risk and compliance exposure.”

Today’s enterprises face a number of challenges in securing critical systems and data. One of the fundamental challenges of risk mitigation is ensuring that only the right people have the right access to the right resources and are doing the right things. Until now, this has focused primarily on managing access to key systems and applications; but today, organisations need a more comprehensive look at specific data as well as the activity of users on these key systems. This requires knowledge of where critical data resides, who has access to it, and how it’s being used – throughout the corporate network and in the cloud. Enterprises also must be able to prove to auditors and regulatory bodies that they possess this knowledge, and have the processes and technology in place to address inconsistencies as they arise. 

Version 8.0 helps enterprises integrate disparate islands of sensitive information from data loss prevention (DLP), security information event management (SIEM) and other sources so they can effectively manage and protect access to sensitive data, while  putting individual user activity into context in order to take appropriate action. Automating the discovery, validation, remediation, and reporting of this data results in higher levels of compliance and security, while engaging the business managers and lightening the load on IT staff. 

With this release, Courion introduces Sensitive Data Manager and User Activity Manager, two new products that deliver vendor-agnostic integration with leading DLP and SIEM technologies and other user activity data sources. This enables organisations to map user access information against sensitive data requirements and user activity, providing a more holistic view of user behaviour and helping to improve compliance with a broader range of regulations.  This process of effectively combining detective and preventive controls in one system significantly reduces costs, increases security management and improves data protection. 

Through its ComplianceCourier™ access certification and compliance management solution, version 8.0 fills one of the greatest enterprise compliance needs by automating the identification, validation and remediation of access inconsistencies, without requiring an enterprise provisioning solution. 

“The latest enhancements to the Courion Access Assurance Suite make it the nerve centre for controlling user access in the enterprise,” said Kurt Johnson, vice president of corporate development at Courion. “This delivers enormous benefits across the broadest scope of today’s enterprise security and compliance challenges – reducing costs, improving data and system security in accordance with policy, and getting more return on investment on existing infrastructure.”