The highest rated issues from the PESTLE summary has been used to build a vision statement for the User Guardian product.
Political – Data Defence and Protection
User Guardian will need to be effective in being able to show reduction of operational risk through clear reporting. This will be important to reduce the attack surface of an organisation’s applications by closing off redundant accounts and providing visibility of high risk users to know for who to improve safeguards. The User Guardian tool would need to sell the benefits by highlighting the risk reductions each time the tool is used.
Economic – Protection against Large Fines
Fast audit reports that can improve the relationships with auditors and help avoid large regulatory fines by early and proactive detection. User Guardian would be a respected industry tool in providing visibility and transparency of information.
Social – Increase in Internal Company Threats
User Guardian would be used as a detection and security model re-design tool for role based modelling where high risk combinations of privileges or role types exist. These would be achieved through SoD and risk based scoring on access attributes contributed directly into the tool by compliance teams.
User Guardian Vision Statement
User Guardian aims to be an industry standard tool in compliance and access management reporting allowing IT Security teams, key business functions and compliance teams to work collaboratively to reduce their operational risks.
User Guardian will achieve this through enhanced reporting capabilities to provide visibility of high risk access combinations in an easy to use format, for timely response by IT Security teams towards safeguarding against regulatory breaches.
Market Summary
The market place research highlights two important trends. An increase in businesses using the cloud to reduce OPEX and a growing increase on spend for IAM tool. These trends are being driven by the “identity bridge” as mentioned in the market research. Organisations are cooperating in trying to share access and information between their systems to be more effective.
These trends support a business case for User Guardian as it shows a general demand for IAM solutions. The IAMaas space for User Guardian would seem to be the most logical product offering, supplementing mature IAM tools without the complexities and expensive on-going software development of connectors to an increasing number of online applications.
The option for User Guardian to piggyback off mainstream IAM tools could be an attractive one, utilising technologies such as JavaScript Object Notation (JSON) arriving out of necessity with coming era of ‘Big Data’, and controlling these growing data streams. The focus on audit reporting would be the key benefit and selling point of User Guardian to differentiate it from the competition.