Sun Microsystems, Inc. Announces Identity Auditor

Sun Microsystems, Inc. announced this week “Sun Java System Identity Auditor”, a comprehensive identity audit solution for helping to improve audit and compliance performance. Identity Auditor provides the most extensive feature set available today, can enable customers to create a secure identity audit trail and present a unified view of an individual's identity and system access activities. Sun is the only vendor to deliver proactive, automated, and sustainable visibility into identity controls across critical enterprise applications and the entire identity management infrastructure.

In order to comply with legislative regulations, such as Sarbanes-Oxley and HIPAA, companies must be able to report on and manage who has access to critical information systems, such as financial applications or medical records. In addition, companies must provide data on historical access privileges, as well as secure, auditable evidence that internal controls are in place. Identity Auditor helps automate the evaluation and enforcement of a company's internal identity and access controls so they can react quickly to any violations to minimize risk. For example, in order to meet requirements for the upcoming April HIPAA security deadline, healthcare management personnel could use Identity Auditor to monitor hospital patient care systems, verify identity controls, and help ensure patient confidentiality is being maintained.

"Companies are spending substantial sums of money to hire and manage external consultants to perform auditing and compliance tasks for identity management activities," said Roberta J. Witty, Research VP, Gartner Inc. "To answer the question of 'Who has access to what?', and prove it, companies need a secure, automated analysis and reporting solution that is cost-effective and comprehensive in its capabilities, including the scope of supported platforms and applications as well as role conflict analysis."

"Organizations today are struggling to implement effective security controls and the verification and auditing of these controls is often a fragmented and highly manual process," said Sara Gates, vice president identity management at Sun Microsystems, Inc. "Identity Auditor addresses this challenge by enabling automation of identity controls across critical enterprise applications and providing companies with visibility to the audit trail of those automated activities as well as the reporting they require to address corporate audit and compliance requirements."

Scheduled and Automated Notification of Control Violations The audit policy engine within Identity Auditor scans critical applications, flags audit policy violations and evaluates violation criteria, such as: segregation of duties, unauthorized access changes, and erroneous access privileges. Early detection and appropriate notification can help reduce the impact of any violations on an organization. Pre-configured audit policies help accelerate regulatory compliance efforts, resulting in reduced costs for the organization. In addition, Identity Auditor allows customers to define custom audit policies, which helps to address their specific corporate requirements.

Automated Certification Reviews

To help enable ongoing verification and attestation of identity controls and mitigate operational risks, Identity Auditor leverages workflow and delegation capabilities to notify and send audit reports automatically to selected reviewers, such as managers or business process owners. The reports can be regularly scheduled access reports or reports generated when a policy violation occurs. Identity Auditor integrates with provisioning and access management solutions to help enforce automated remediation of policy violations. For example, a policy violation could trigger an action within Sun Java System Identity Manager to disable an account, have the Sun Java System Access Manager terminate a session, or simply provide notification that a remediation action is required. In addition, Identity Auditor maintains centralized visibility and traceability of all violations, exceptions, and remediations.

Identity Services For Security Event Management

Another unique capability of Identity Auditor is that it provides closed loop integration with Security Event Management (SEM) applications, such as Symantec Security Management System, to provide an identity context for the enforcement of enterprise security policies. This integration helps customers to more easily tie security policy violations to specific identities and being better equipped to mitigate risk in a timely manner. For example, if a company's internal network is under attack, the SEM application can trigger Identity Auditor to take appropriate action, such as: disabling accounts, terminating sessions and reporting on user activities.

"Symantec's customers see the critical need to combine security incident management with identity events and compliance management", says Rowan Trollope, Vice President of Security Management Products at Symantec. "We are excited to be working with Sun to integrate identity incidents directly into the Symantec Security Management System. Through this planned integration, together we will be able to deliver best-in-class enterprise security and identity event management to enterprise customers"


Identity Auditor includes a number of packaged compliance reports to provide extensive identity information on users' historical access activities and access privileges, as well as policy violations and resulting actions. Additionally, companies can use the Identity Auditor report wizard to build custom reports that meet their unique requirements. A compliance dashboard provides executives and security managers an overview of the state of compliance, and history and trends of audit policy violations to assess performance and risk status.


Sun is working with leading system integrators (SIs), and consulting and advisory firms that are supporting companiesÆ identity management initiatives and helping them address compliance and regulatory requirements. These firms are also working with their clients to help define their identity control requirements. Because Identity Auditor helps automate compliance activities, it can confirm a control is being met and facilitate the testing of those controls across the identity management infrastructure.

"Organizations have implemented a number of manual processes and controls to secure their applications and support regulatory compliance. There is a pressing need to automate these processes and controls and make them more efficient, said John Clark, Principal, Deloitte & Touche LLP Security Services Group. The challenges an enterprise faces in enforcing segregation of duties within and across applications is one such example. Automating those processes can improve compliance and audit performance and enable stronger security across the enterprise."

About Sun Identity Management

Identity Auditor is the latest in Sun's suite of integrated, best-of-breed products, which are designed to reduce the cost and complexity of a customer's identity management infrastructure. Unified administration capabilities and reporting features work across the product suite to cost-effectively manage the critical aspects of identity as it affects core business operations, both internally and across corporate boundaries. In addition, Sun provides maximum compatibility with third-party products and platforms giving customers the ultimate degree of freedom in designing their identity infrastructure.

You may like these other stories...

K2 Enterprises has announced its 2014 technology awards in 27 categories. The only clear message may have been that there was no clear message in a field marked by many good ideas, but no unanimous winners.The company, which...
We're all about QuickBooks this morning. First, read this late-breaking news from John Stokdyk, editor of AccountingWEB (U.K.), who is attending the QuickBooks Connect conference in San Jose, California. Then, for more...
Technology—specifically internet technology—has a record of disrupting tried-and-true methods of operation in ways that we often don't foresee. Look no further than the recent HBO announcement that they *gasp...

Already a member? log in here.

Upcoming CPE Webinars

Oct 23Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.
Oct 30Many Excel users have a love-hate relationship with workbook links.
Nov 5Join CPA thought leader and peer reviewer Rob Cameron and learn ways to improve the outcome of your peer reviews while maximizing the value of your engagement workflow.
Nov 12This webcast presents basic principles of revenue recognition, including new ASU 2014-09 for the contract method. Also, CPAs in industries who want a refresher on revenue accounting standards will benefit.