Sun Microsystems today introduced an audit system dubbed Java System Identity Auditor, designed to allow firms to monitor employees' network identity and system access activities.
The audit policy engine within the software is designed to scan critical applications, flag audit policy violations and evaluate violation criteria, such as segregation of duties, unauthorised access changes, and erroneous access privileges.
The offering has been developed to help firms comply with legislative regulations, such as Sarbanes-Oxley, which demand that companies must be able to report on, and manage who has access to, critical information systems such as financial applications or medical records.
The compliance regulations also oblige companies to provide data on historical access privileges, in addition to secure, auditable evidence that internal controls are in place.
According to Sun, Identity Auditor can help automate the evaluation and enforcement of a company's internal identity and access controls.
"Companies are spending substantial sums of money to hire and manage external consultants to perform auditing and compliance tasks for identity management activities," said Roberta Witty, a research vice president at Gartner.
"To answer the question of 'who has access to what?', and to prove it, companies need a secure, automated analysis and reporting solution that is cost-effective and comprehensive in its capabilities, including the scope of supported platforms and applications as well as role conflict analysis."
Sara Gates, vice president of identity management at Sun, added that Identity Auditor can help firms identify controls across critical enterprise applications and provide audit trail reporting.
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?