CTRL+ID

At the beginning of 2018 the new CTRL+ID IDM/IAM class system developed by leading specialists of CSBI company was submitted to the domestic market. A system allows to automate and centralize management of identification data of users and also access rights to information resources of the organization. "CTRL+ID" differs in exclusive flexibility and variability in the course of system implementation, the intuitive and friendly interface for users and that is important in realities of the Russian IT market, rather budget cost of ownership.

"CTRL+ID" is the new Russian system of the class IDM/IAM from CSBI company

The CSBI company exists in the market more than 25 years and proved as a team of professionals in implementation of the difficult complex IT projects requiring individual approach and deep examination. The leading direction in the company is occupied by development and deployment of own solutions in the field of business process automation and also Organization of Information Security of the enterprises. Solutions of CSBI company have the flexibility allowing to meet requirements of the different industries of the commercial sector and can be demanded and successfully implemented in the financial and trading companies, medical institutions, in the field of telecommunications, the real estate and construction, at industrial and transport enterprises.

The CTRL+ID system belongs to the class of the solutions IDentity and Access Management and allows to solve the following problems:

• reduction of waiting time providing access to the user to information systems of the organization;
• reduction of labor costs of specialists of IT and cybersecurity by consideration and accomplishment of requests of users for providing access rights;
• automatic appointment to users of access rights on in advance developed and approved role model;
• process automation on a providing/withdrawal of access rights to information systems when acceptance/dismissal/moving between divisions of staff of the organization;
• audit of history of providing access rights to information of the organization at investigation of incidents (who, when, on the basis of what, etc.);
• control of attempts of unauthorized or manual change of access rights with the subsequent automatic correction;
• flexible configuration of reporting system by the set parameters.

Principles of system operation

Integration with the HR systems of the organization and systematic development of a role model of access for users is the cornerstone of work of the solution. Thus, "CTRL+ID" will know what employees and what positions are in the organization and also what access rights should them be appointed, proceeding from a matrix of accesses. At acceptance, dismissal or transfer of the employee all changes executed in a HR system automatically will be included in the CTRL+ID system, and it in turn, will execute change of access rights and/or creation/blocking of the user account.

In addition to automatic control of access rights on the basis of a role model, the convenient portal for an independent request by users of additional access rights according to requests is provided in a system. Each request can be issued both for one, and for several users and to contain a request for several access rights. The procedure for granting of the rights to the set time frame is also implemented.

A system allows to configure process of approval of requests (a passing route, installation of terms of approval, setup of the notification by e-mail, delegation of the rights of approval, etc.) and to build it according to requirements of the organization.

System Requirements

Depending on complexity and scales of system implementation of the requirement to the hardware and software are estimated individually at a design stage and the expert analysis of systems by specialists of CSBI company. One of pluses of the CTRL+ID system is the possibility of use both the proprietary, and freely distributed software.

Architecture

A system consists of modules which can be placed both on one, and on different servers for performance improvement when scaling a system:

• Service of synchronization - the server service providing interaction on management of storage of connectors and the global DB containing information on users;
• Service of management and approval - the service providing opportunities for setup the politician and rules of management of identification data;
• The web portal – the web application providing graphical interfaces for creation/setup of the specified rules and accomplishment of the different user functions available within functionality of a system;
• The database – the database on the MS SQL Server platform, Oracle or PostgreSQL;
• Connectors are services of data exchange with information systems.

Additional opportunities

In the CTRL+ID system the ability to manage is implemented by freelance employees which are absent in the HR system of the organization. Information on such employees is entered directly on the portal of a system and further control of access rights is exercised on the standard mechanism.

At a system there is a designer of reports for specialists of all levels who allows to create the data concerning the user access to this or that system in a report type. For convenience of users the designer has the web interface which allows to look at the created report and to save the received result in Excel.

Integration with the system of a uniform input of SSO (Single Sign-On) into different information systems is implemented. As multifactor authentication and uniform access point the product Indeed Access Manager from Indeed-ID company is used.

Experience of implementation

The CTRL+ID system is successfully implemented in "St. Petersburg Bank, having succeeded the IDM solution of foreign producer. As a result of professional and fruitful work of leading specialists of CSBI company the most difficult migration of all powers of users was carried out to a new system, the customer's wishes on functionality and effectiveness of a new product are considered that allowed to solve the problems connected with the speed of providing access rights to employees and also, to considerably simplify work with a system for the ordinary user and administrators. A system services 4000 employees of the organization, ensuring stable functioning of business processes in bank.

Conclusion

Automation and centralization of access control to information systems becomes more and more relevant task for the medium-sized and large companies in Russia. The company, the more is larger than internal systems, the more sharply there is a question of the choice and implementation of an IDM system. So difficult software solution should be the most effective, satisfy to requirements of the specific organization, but at the same time be entered in the reasonable budget.

System implementation of "CTRL+ID" from CSBI company will allow to increase qualitatively efficiency of IT and cybersecurity of divisions of the organization. This solution will lower time and personnel expenditure of IT department and also will give the chance to information security specialists "have the finger on the pulse" at any time. At the same time "CTRL+ID" will not ruin the company in the total cost of the project, in particular in comparison with similar products of foreign producers.

Advantages of the CTRL+ID system are:

• fast, simple and user-friendly interface;
• existence of ready connectors and possibility of development of additional;
• flexible opportunities in implementation of wishes of the customer;
• help in preparation and setup of a role model;
• integration with third-party products on information security (Indeed ID);
• full, legally significant document flow of requests;
• automatic and manual execution of instructions;
• import substitution by means of implementation of the Russian solution;
• economically justified implementation cost and ownerships.

Solutions of a number of foreign and domestic manufacturers with the pluses and minuses are presented at the market of access control systems in Russia. Any IDM system is difficult and expensive shell program and each customer approaches its choice very scrupulously, carrying out the analysis, comparison and testing of the considered solution. The CSBI company is ready to provide access to specially developed demo stand of the CTRL+ID system for these purposes and also to carry out the reference in Bank of St. Petersburg for demonstration of all opportunities and complete functionality of a system in the mode of real operation (under approval).

The total cost of implementation and ownership of the CTRL+ID system is calculated individually for each customer on the basis of the questionnaire taking into account all available requirements, wishes and opportunities. Licensing is performed by the number of users and is termless.