Ensuring access complies with internal policy and industry regulations
The integration of user provisioning, role lifecycle management, access compliance and password management enables customers to achieve optimal efficiency and the ability to respond immediately and automatically to business changes. Courion addresses identity management as a business issue, not an IT administrator problem. Courion’s focus is understanding the key business requirements and taking an approach that ensures these issues are solved. Courion is the Enterprise Provisioning and Access Compliance Expert for results-driven organizations. Within the realm of Identity Management, providing strong controls around who has access to what is a key element of ensuring information security. Founded in 1996, Courion introduced PasswordCourier®, the industry’s first self-service password reset and password synchronization solution. Today more than 350 enterprises worldwide across industries leverage Courion’s Enterprise Provisioning Suite™ solution to drive operational efficiency, optimize user productivity, and strengthen security.
Name: Chris Zannetos Position: President and CEO Populary knows as: Chris Previous positions: Prior to Courion, Zannetos was a co-founder and partner at Onsett International, a leading IT service and security consulting firm. While at Onsett, he led IT operations re-engineering, enterprise security, and global network architecture programs for several Global 500 customers - and led Onsett's marketing and sales efforts achieving 90 percent annualized growth over the course of five years. Education: Zannetos has Bachelor of Science degrees in both Economics and Political Science from MIT and a Master of Science degree in Management from the MIT Sloan School of Management. Presentations: Third Annual America’s Growth Capital Information Security Conference (February 2007); 5th Annual Security Growth Conference (March 2007); 4th Annual Montgomery Technology Conference (March 2007) Favorite Charity: Courion has a deep commitment to its philanthropy program. Over the past few years, Courion employees have raised tens of thousands of dollars and donated time to numerous charities including but not limited to: The Cam Neely Foundation for Cancer Care, the Doug Flutie Jr. Foundation for Autism, the Denis Leary Firefighters Foundation, the Red Sox Foundation, Worcester Public School District and more.
In the following interview, Chris Zannetos, President and CEO - Courion discusses 1:1 with Rake Narang, Editor-in-chief of Info Security Products Guide, how integration of user provisioning, role lifecycle management, access compliance and password management enables customers to achieve optimal efficiency and the ability to respond immediately and automatically to business changes.
Rake Narang, Chief Editor - Info Security Products Guide:How has “user provisioning” actually changed in the recent years, both in terms of end-users perspective and the newer technologies behind it? How scalable and manageable are solutions from Courion considering that security breaches everywhere must be influencing rapid changes in access policies within any organization? Chris Zannetos, President and CEO - Courion: We believe the user provisioning market has matured tremendously in recent years. Much of its growth has been spurred on by the need for companies to implement automated solutions that enable them to streamline users’ access to job-critical systems and applications, and ensure that access complies with internal policy requirements and industry regulations. Security and compliance requirements will only increase in the coming years as high-profile data breaches – from TJX to the incident involving access to George Clooney’s medical records – continue to make headlines. Additionally, use of new technologies that allow enterprise collaboration and virtualized or remote access will create new security exposure.
According to the IT decision makers and business managers at our customer and prospect sites, one of the barriers to more efficient user provisioning remains the highly manual processes required to on-board new employees, and terminate access for those whose roles have changed. These manual processes also leave little hope for clean audit trails required to demonstrate compliance, making regular audits extremely time consuming.
Going forward, we see business managers continuing to take on more responsibility for compliance with business and regulatory policies (alleviating the burden from the IT staff), so it is even more critical for provisioning solutions to be easy to use and seamlessly integrated in to day-to-day business systems and processes. For example, automation and self service solutions contribute significantly to accuracy and reliability in granting access rights, especially in times of large-scale changes within an organization. These changes could come in the form of a merger or acquisition, or large staff turnover resulting from an influx of seasonal workers.
For our customers facing provisioning and access compliance challenges, we first focus on identifying what the core business pain is. Consider the responses from healthcare providers who participated in a 2007 Courion customer survey. They detailed growing access control issues for non-employees, who can include interns at teaching hospitals, contractors and partners. Disabling access for those non-employees was the primary access control concern cited by 50 percent of respondents. Whatever the pain may be, from managing access for remote employees, to disabling access in a company with high employee turnover or use of outside contractors, a company’s ability to ensure a secure, compliant work environment where service quality doesn’t suffer is a key priority for most any business.
The Courion Enterprise Provisioning Suite™ solution is designed to scale for any combination of new or existing databases, data repositories and directories, without adding complexity to the enterprise infrastructure. This allows the system to meet organizations’ changing operational requirements without significant investments in professional services or hardware. This scalability and flexibility is of tremendous value to our customers, especially those in high growth markets, such as healthcare or financial services. To support the needs of both business and technology organizations, Courion addresses identity management as a business issue, not an IT administrator problem. Courion built its entire product suite with the ability to respond to business change with significantly less administrative or programming effort than the “identity stack” vendor solutions that piece together disparate technologies they have acquired through acquisition. The intuitive nature of the web-based user interface is easy for line of business users to operate with minimal training.
Our solutions automate the process of providing more granular entitlement information of not only who has access to what, but also why they have it – and how the access was granted in the first place. As a result, appropriate provisioning or de-provisioning actions can be taken proactively, not after an incident has occurred. Specifically, Courion can help automate regular reviews of access rights with functionality that is integrated with core user provisioning and role management functions for required remediation and Segregation of Duties (SoD) checking.
"Organizations today are vulnerable to constant changes within for many reasons. That’s where Courion comes in with solutions in Enterprise Provisioning and Access Compliance helping bring equanimity to such organizations through integration of user provisioning, role lifecycle management, access compliance and password management."
Rake Narang, Editor-in-chief, Info Security Products Guide
Enterprise Provisioning Suite
Rake Narang:How has Courion kept up with innovation? With so many solutions available, what are the critical points end-users must consider first?
Chris Zannetos: Much of Courion’s success can be attributed to our ability to anticipate customer needs, and deliver innovative solutions that help our customers quickly achieve measurable business results such as cost savings, improved service quality. For example, consider the business impact of Web 2.0, enterprise collaboration and virtualization. Along with the related productivity advantages, many of our customers are struggling with figuring out how to balance the business value of these new technologies, with new risk management and compliance challenges. Courion’s automated provisioning and access compliance solutions are flexible enough to help customers manage the new security and regulatory risks associated with these new virtualized and increasingly collaborative environments – as well as other new technologies we have yet to consider.
By focusing on current and emerging identity management challenges associated with security, audit and policy compliance – particularly around HIPAA and Sarbanes-Oxley – Courion delivers numerous ways to help customers achieve important business and risk management objectives. For most companies, compliance and risk management boils down to user access – making sure the right people have the right access to the right systems and applications when they need it, and not when they don’t. Because of the flexibility of Courion’s Enterprise Provisioning Suite, our customers can start with addressing what ever exposure risks are most critical to their organization. For some, it is establishing an automated approach to role creation and management. For others, it is rolling out self-service password management solutions. No matter where companies start down their provisioning and access compliance path, Courion can help complete the journey.
Rake Narang: Will the security vendors always be playing a catch-up game with hackers and attackers? How do you see the security products evolving 2-3 years from today? How is your company focusing on 2008 growth plans? Chris Zannetos: Many security issues stem from the internal threats and policy compliance breaches resulting from orphaned, or out of use, accounts and infrequent or non-existent review of employee access. So, we help companies prevent against these internally-driven security threats and compliance breaches by making it easy to grant, manage and monitor appropriate access to enterprise resources. As a result of proper provisioning, security is clearly improved by limiting unnecessary access to sensitive data, cutting down on user “work-arounds” for access to non-provisioned, but needed, applications, and eliminating lags between changes in employee status and reflecting those changes in network rights. Security products will need to continue to address these insider threats, particularly in increasingly collaborative and virtualized work environments.
Courion solutions encompass the auditing and administrative tools necessary for risk management such as reporting; attestation; governance, risk and compliance (GRC); automated user and resource provisioning; and role management. We are also beginning to see the emergence and rapid adoption of new technologies that support virtualized and increasingly collaborative work environments. We help organizations take a proactive approach to managing the related compliance and security risks associated with these evolving work environments. Again, we do this by ensuring that that business managers and IT departments can easily manage and monitor the access being made available through virtualization or collaboration tools. And, helping them to determine if that access complies with business policy and industry regulations.
In terms of future growth, we are expanding both our direct and channel sales organizations. Courion launched its VAR channel program in October 2006 as an extension of the direct sales efforts. Courion's Authorized Resellers include both regional and national software and professional IT services providers who have been trained to sell and deliver Courion’s enterprise provisioning offerings. These organizations may combine Courion’s software with complementary offerings in access management, security, and network infrastructure to provide comprehensive solutions for their customers.
Courion actively seeks strategic relationships with leading technology providers such as EMC and Citrix that share our philosophies about identity management and its role in helping customers achieve their operational, compliance and security goals. With our technology partnerships, we are committed to delivering our customers access to the most integrated, innovative, end-to-end identity management solutions available on the market today.
Looking ahead, Courion expects increased customer demand for best of breed provisioning and access compliance solutions, and continued growth from new customer acquisitions and sharp increases in replacement deals. Companies that were failed by the ‘identity stack’ approach are now turning to Courion to deliver rapid business results. Courion is uniquely positioned to deliver tremendous value to all of our customers, setting the stage for more explosive growth through the rest of this year and into 2008.
All About Courion Head Office Address: Courion Corporation, 1881 Worcester Road, Framingham, MA 01701-5409 Founded in: 1996 CEO: Chris Zannetos Public or Private: Private Investors: Massachusetts Technology Development, Citizens Capital, JMI Equity Fund, Riggs Capital Partners, QuestMark Partners, Paladin Capital Management. Number of Employees: 120 Products: Courion’s Enterprise Provisioning Suite solution automates manual practices associated with tasks such as user provisioning, role management, access compliance and password management to optimize user productivity, strengthen security and enforce policies. Courion’s Enterprise Provisioning Suite is comprised of:
The AccountCourier® user provisioning solution, which automates the process of creating and managing user accounts.
The RoleCourier® role management solution, which automates the process of creating and managing enterprise roles.
The ComplianceCourierTM policy verification solution, which enables business managers to periodically review and verify employee access rights.
The PasswordCourier® password provisioning solution, which enables organizations to deploy self-service password reset and password synchronization.
The ProfileCourier® profile management solution, which enables users to privately and securely register authentication questions and answers within existing databases and LDAP directories.
The CertificateCourier® certificate management solution, which integrates with existing Public Key Infrastructure (PKI) solutions and securely automates registration and management.
Company’s Goals: Courion’s goal is to continue its aggressive sales and revenue growth trajectory as the leading independent provider of user provisioning and access compliance solutions. Awards:
2008 Network Products Guide Hot Company
2007 Best Deployment Scenario Award Winner, InfoSecurity Products Guide
InfoSecurity Products Guide Hot Companies 2007
InfoSecurity Products Guide Global Product Excellence- Password Management
SC Magazine, Finalist Best Identity Management Solution
