Welcome to the Veza Voice! We’ll be publishing monthly to share product updates, new integrations, tips and tricks, and news from the VezaVerse. This month:
Veza Workflows - now available on Mobile!
Veza’s Access Review Workflows already slash the time it takes to conduct regular access reviews (bye bye, manual operations!). But, at the best of times, reviewing and certifying access to data can be a bit of a chore, and probably isn’t at the top of your list of things you want to do when you sit down at your desk. Wouldn’t it be great if you could chip away at your entitlement reviews on your commute, while you’re waiting for coffee, or any other time you had a few minutes to kill?
You actually can! We’ve designed a brand new mobile experience for our workflows product, so users with the Access Reviewer role can now complete their reviews anywhere. Same Veza experience of access reviews with rich authorization information, now delivered on mobile!
Smarter Smart Actions
Smart actions accelerate your access reviews by allowing you to approve, reject and sign off, and perform other certification actions in bulk on a subset of review items. For example, you could reject all access to a Snowflake database with customer information for Okta users not located in the US.
Smart Actions allow users to automatically act on thousands of rows, with a single action, saving many hours of manual work. To make it easier to track the progress of Smart Actions, you now have end-to-end visibility into the outcome. A progress bar indicates how many entries have been processed and how many remain. When the Smart Action is complete, you’ll see a summary of all entries processed, including the number of successful vs unsuccessful actions.
Setting up a Smart Action also got easier. You can now instantly run a smart action on all rows matching your current filter settings.
Search & Insights, and Query Builder Enhancements
Filter SQL databases by encryption attributes. For example, visualize all users who can write to unencrypted databases, or set up an alert to monitor for databases not using encryption.
Set a “Resource Manager” tag on any entity. Resource Manager tags make it easier to set up and scope access reviews.
Find Azure Key Vaults with purge protection or disk encryption enabled, track Azure AD users with Data Lake Filesystem write permissions, and more.
As we continue to expand the reach of Veza’s Authorization Graph, our team is always releasing new integrations. Newest additions include:
Veza for Slack
Veza for Auth0
Veza for Databricks
Reach out to your customer service manager to get started.
Tips & Tricks
How can you search for what isn’t there?
Search is at the heart of what Veza does: providing an interactive interface for organizations to understand who can take what action on what data. Query Builder allows you to gain insight into the users (Okta, AD, Azure AD, etc.), RBAC/IAM controls, and data sources in your cloud ecosystem, providing deep visibility into authorization relationships and configuration anomalies. You can use Query Builder to get visibility into the authorization relationship between any two entities that are related to each other in your environment.
BUT, did you know that you can also use Query Builder to understand where expected relationships are missing in your environment?
With Query Builder’s “has no relation to” feature, you can analyze which relationships do not exist between entities. For example:
Which local users have no relationship with IDP users, signifying that there may be orphaned users in your applications which need to be cleaned up.
Which data sets have no relationship with users, signifying that you may have data in your environment that can be removed.
Which IAM policies have no relationship with users or resources, signifying that you can reduce policy creep in your environment.
There are many more examples, but if you haven’t used this feature before, we encourage you to try it out today to understand and control least privilege anomalies.
You can learn much more about Veza Query Builder at our comprehensive documentation portal.
Veza achieves AWS Security Competency, joins AWS Partner Network, and now available on AWS Marketplace
AWS Security Competency partners undergo an intense screening process and must demonstrate deep technical expertise with security in AWS and proven customer success securing the cloud journey. They don’t give these out to just anyone, and we’re proud to achieve this milestone so early in our journey. To find out more:
Read CEO Tarun Thakur’s thoughts on the partnership on Linkedin
Meet Veza on AWS Marketplace - review here
Watch a demo of Veza for AWS
Open Authorization API community now open on Github
With the Open Authorization API (OAA) community now open on Github, developers can create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal SaaS apps. To learn more:
Visit the community page
See OAA in action.
Try Veza for yourself
To find out more about how you can use Veza to understand, manage, and control who can and should take what action on what data, sign up for a free trial. Free trial is a fully provisioned environment managed by Veza, pre-loaded with sample data and a set of self-guided use case tours.
A field guide to bad permissions part 2: expired permissions
Why expired permissions go unnoticed The main reason expired permissions go unnoticed is that it’s…
A field guide to bad permissions, part 1: ungoverned permissions
That is, permissions that aren’t captured or tracked in the tools you use for access governance,…