Welcome to the Veza Voice, our monthly customer email where we share product updates, tips and tricks, events and news.
This month: we introduce powerful new Identity Analytics with user analysis, group analysis, and role analysis, new capabilities to design policies for separation of duties requirements, a new insights report for Salesforce misconfigurations, and more.
Co-Founder & CTO
New Insights: User, Group and Role Analysis
IAM teams use Veza to help them understand complex RBAC permissions, navigating nested groups and roles to understand the effective permissions associated with human identities, and to improve the design of their business and technical roles and groups. We’ve built new Identity Analytics capabilities with user analysis, group analysis, and role analysis use cases. For example:
User Analysis: See all groups or roles a user belongs to, advanced user comparisons, and more
Group analysis: show all users that belong to a certain group, and groups who are part of a particular group
Role analysis: show all users that can assume a role, or roles that can assume a role (hierarchical roles)
Any of these queries can be opened in the Query Builder or Authorization Graph for a deeper analysis with Security Engineering and Security Operations teams. With these new capabilities, security teams can:
Deep dive into the identity access of any user for rapid incident response
Discover privileged roles that can be assumed by other roles
Improve IAM hygiene by removing unnecessary or unused groups and roles
Achieve least privilege by reducing access debt associated with roles and groups
New Policy Analysis: Separation of Duty
To comply with data sovereignty, financial and identity governance best practices, and particularly with regulatory requirements, like Sarbanes-Oxley (SOX), you may need to enforce separation of duties (SoD) for key compliance tasks. For example, you may need to be able to demonstrate that:
Users who can create purchase orders cannot also approve them
Users who can create a vendor should not be able to process payments to vendors
IGA tools often claim to be able uncover separation of duties issues with access certification campaigns. However, these tools typically can only compare the IAM groups and roles an identity has. This isn’t enough to be sure of what access a user really has.
Veza’s SoD policy analysis allows you to compare the results of multiple complex Veza queries, linking identities directly to their permissions to sensitive data. For example, you can identify any users who:
are members of the “Purchase_Approvers” group, OR can write to the “Purchase_Approvers” table in Redshift
AND are members of the “Buyers” group.
This allows you to identify and eliminate separation of duties violations with more confidence than by relying on role and group names alone.
Introducing Salesforce Posture and Misconfigurations Insights
How healthy is your Salesforce security posture? Have new business and security initiatives for SSPM? Find out with new insights that surfaces common posture and misconfiguration risks in your Salesforce instance:
Salesforce Users not tied to an identity provider
Salesforce Organizations without organization-wide MFA enabled
Salesforce Profiles that bypass organization-wide MFA
Salesforce Organizations with "poor" or worse Security Health Check Score
Salesforce Security Health Check risks ranked high or medium risk
Salesforce Organizations without Audit Trail enabled
As we continue to expand the reach of Veza’s Authorization Graph, our team is always easing new integrations. Newest integrations include:
Reach out to your customer service manager to get started.
Updated Integrations include:
OneLogin: added support for Groups, Roles, and Apps
Azure AD: added support for additional Azure Group properties
Active Directory: added support for additional user properties
Veza releases new features every week. Bookmark our release notes page to see the latest and greatest.
Tips and tricks: Make your own custom dashboards
Did you know that the Dashboard Reports on Veza’s homepage are now completely customizable for each user? Tiles on the homepage can track trends for the past week or month for any out-of-the-box or custom report. This means you can tailor your home page to give you a birds-eye view of your particular responsibilities, or your current project.
For example, here’s a version of the homepage focused on SaaS access security:
And here’s a version focused on privileged access:
These reports are a great way to track how you’re doing, and show progress to your team. To create custom dashboards, just head to Insights > Reports and add reports to the “Dashboard Reports” section. You can drag and drop reports to change the order they’ll appear on your dashboard.
Meet the Veza team at these upcoming events:
- Identiverse, May 30-June 2 in Las Vegas
Catch Veza Chief Strategist Rich Dandliker and David Tyburski, CISO of Wynn Resorts, presenting a session on IGA strategies for achieving least privilege
Hang out with us at booth #1119
Join us for dinner at Cathedrale on May 31st
- AWS re:Inforce, June 13-14 in Anaheim
Visit us at booth #660
Join us for dinner and a flight simulator experience at Flightdeck
Snowflake Summit, June 26-29 in Las Vegas
Catch up on our recent webinars to learn new Veza tips and techniques:
Email [email protected] for more details.
We introduced our solution to deliver SaaS access security and governance for the enterprise.
We launched Veza’s Authorization Platform on the Snowflake Data Cloud.
Want to see Veza in action? See how Veza is crucial to safely deprovisioning access when employees depart by watching the Veza Voice Digest's featured webinar on-demand here.
Veza @ Fal.Con 2023
There’s nothing we love more than seeing security professionals and executives getting together to…
Building Veza’s Platform and Products
These new features and capabilities stretch across the entire identity access fabric of graph,…