888-4 BITKOO | 888-424-8566 24/7 Phone Support

• Home
• Products
  • Keystone
  • Keystone SP
  • SecureWithin ™
• Solutions
  • Fine-Grained Authorization Management
  • Governance, Risk and Compliance
  • Enterprise Single Sign-On
  • SOA Security
• Services
  • Implementation
  • Training
  • Support
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • News & Events
  • Resources
  • Careers
  • Contact Us

Solutions

• Fine-Grained Authorization Management
• Governance, Risk and Compliance
• Enterprise Single Sign-On
• SOA Security

• Schedule
• demo
• Download

Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance or "GRC" is a term reflecting efforts to adopt an integrated approach to encourage internal accountability, respond to regulatory requirements, and address the increasing costs associated with both. Though definition of the term may vary slightly in each organization, the concept behind it requires all three elements – governance, risk, and compliance – to be in place in order for an organization to achieve a coherent and meaningful long-term business strategy.

Creating a coherent business strategy
In brief, governance is the implementation of systems that monitor, record and oversee business activity, and ensure compliance and organizational transparency. Risk Management describes an organization's plan to assess its long-term risk appetite, priorities and tolerance for risk, and to leverage enterprise-wide resources to minimize risk. Compliance is the process that monitors, records and oversees methods and procedures needed to follow industry guidelines, internal policies, and/or laws.

Keystone simplifies GRC
Government and financial institutions are urging stricter controls on access to consumer data, financial data, and other sensitive information. They’re also demanding stronger reporting and auditing capabilities.

With Keystone’s holistic authentication abstraction layer and fine-grained authorization engine, enterprises can get automatic compliance with most IT governance mandates. How? For the first time, an audit can reveal who is authorized to perform each function, who granted access to perform that function, and under what specific circumstances. Because Keystone provides such deep auditing capabilities, most auditors (regardless of regulatory compliance requirements) are able to perform the necessary analysis. There is no hidden logic, and nothing requires additional research by the auditors.

Compliance is easier with a unified control system. Too often, it is considered an inevitable cost of doing business when it can actually serve to increase an organization’s security, transparency and agility. We live in an ultra-connected world where computing systems are vital to every aspect of an organization. Any unified control system that governs access to data and systems – and provides audit and flexible reporting capabilities – places that organization in an advantageous position when it comes to compliance. In fact, such a system often enables organizations to exceed compliance requirements.

Keystone’s holistic approach.
Many enterprises are understandably reluctant to re-invent compliance mechanisms for a multitude of systems that have been pieced together over time and lack real cohesion and interoperability. Rather than retrofitting existing systems, organizations can achieve compliance while ensuring consistency, faster implementation, and significant cost reduction. How? By using a centralized access control system such as Keystone.

Keystone’s technology simplifies any organization's efforts to simplify GRC while managing numerous regulatory requirements, making prevention and response activities much easier and more flexible. It does all this by abstracting the hard-coded authorization controls from applications, and providing the opportunity to centralize access controls.

To comply with regulatory mandates, many companies periodically certify critical applications. This re-certification process is often very costly and disruptive. If every application employed a standard set of protection mechanism, multiple applications could be audited simultaneously at a fraction of the audit costs.

Creating an audit trail
Enterprise applications often provide their own authorization models. This can be problematic when organizations must show compliance, because when individual applications manage a proprietary data format that represents a user’s functionality, it’s nearly impossible to get visibility into what a certain user or group can do across multiple applications. Not only that, but when applications utilize multiple user stores, it’s often difficult to produce meaningful reports that meet the audit requirements.

Keystone addresses the problem by creating an audit trail for every change from any source, quickly determining:

• How a user authenticated
• Which authentication provider was used
• Which functions were performed
• Who authorized the user to perform these functions
• Source IP address
• Exact nature of the function

© Copyright 2008. All rights reserved. Sitemap | Legal

Home | Contact Us | About BiTKOO