Last month, Maarten Decat (Elimity CEO) spoke at the European Identity & Cloud (IEC) Conference 2018 in Munich, Germany. In his presentation on GDPR, PSD2, SOX continuous compliance, Maarten touched upon the challenges in this regard and the strategies to structurally, efficiently and intuitively move toward continuous compliance.
Presentation and panel discussion on continuous compliance
Maarten also took part in a panel discussion on the same topic, moderated by Dr. Barbara Mandl of KuppingerCole. Together with Kasper Dortland of Rabobank (Product Owner Data & Analytics, RRS Identity & Access Management), Maarten discussed data analytics in IAM. In particular, they explained how to apply IAM data analytics in achieving continuous compliance.
“Continuous compliance is the ultimate goal in a broader compliance perspective,” says Maarten Decat. “An effective approach enables organizations to avoid elaborate manual compliance exercises on a regular basis (e.g. every 3, 6 or 12 months). Compliance outreaches IAM, but IAM-related data analytics tools, such as our Elimity software platform, play a crucial role in reaching continuous compliance for a variety of legislations and regulations (e.g. Sarbanes-Oxley, GDPR, WFT).”
Maarten and Kasper have an ongoing collaboration at Rabobank. After concluding a pilot, Elimity is currently executing a production deployment at the major Dutch bank.
Structural data analytics within IAM makes the difference
Powerful data-driven compliance fits in the broader context of the compliance-related processes. Although data and tools are not objectives as such; they are essential in supporting existing processes. It is important to see IAM-related compliance as part of the bigger picture of the overall compliance challenges organizations are facing.
Maarten Decat: “I noticed that many of the attendees in Munich, who are currently involved in IAM projects, raised data-related questions (e.g. What about data quality? How to bring together different data sets?). Their data-focused concerns confirm Rabobank’s choice for a structural data analytics within IAM. The way forward seems to be nurturing the simultaneous evolution of data and IAM.”
“That strategy innovates the market, which is currently dominated by large players with similar offerings (OneIdentity, SailPoint, IBM, etc.). These products contain basic data analytics capabilities primarily focusing on role mining and user behavior analytics. Elimity’s self-service analytics platform for data access management operates on top of these secuity tools. It provides organizations the relevant IAM insights to confidently manage IAM compliance and evolve toward continuous compliance. By unlocking data intelligence, Elimity is able to automate monitoring, track compliance over time, and alert when detecting violations.”
The EIC conferentie was organised by KuppingerCole, a German Analyst organisation focusing on IAM. Like Gartner IAM, the 3-day EIC event is seen as one of the largest European IAM conferences hosting more that 800 attendees. Blockchain, GDPR and consumer IAM were the hot topics at this year’s edition.