Mycroft Inc. leverages over 20 years of Identity and Access Management (IAM) & Data Loss Prevention (DLP) implementation best practices to provide faster access to commercially available security products including GRC compliance, data management, controls, attestation, IDM & IAM. Mycroft Inc. relies on deep subject matter expertise in delivering successful integration of distributed systems across a wide variety of verticals including financial, healthcare, educational, government, & insurance sectors. Mycroft Inc. ensures accurate resource, capacity, & architecture planning through its assessment and implementation services.
Mycroft Inc.'s Strategy & Assessment Services help enterprises adopt a more proactive security and risk management solution. Mycroft Inc. develops tailored security and risk strategy, architecture, vendor selection, and implementation roadmaps by providing a rigorous and comprehensive evaluation of business needs and challenges. Mycroft Inc.’s assessment services include:
Mycroft Inc. addresses differing business needs through proven design and implementation methods by organizing tools around these principles, delivering tailored solutions that protect sensitive information assets and support business agility. Mycroft Inc. builds a solution by utilizing deep industry experience and partnerships with leading software vendors, significant skills in designing security policies, and security solution architectures which address IAM, GRC, DLP, and infrastructure security through:
WEB IDENTITY MANAGEMENT An identity repository is the basic component of Identity Management. It provides an organized way to store user data that becomes the foundation upon which other technologies and services are added to build increasingly comprehensive identity management functionality.
One of the first steps in developing an identity management solution is to identify the authoritative sources of identity data from the many databases, directories, applications and systems already in place throughout the organization. An authoritative source of data is one that will deliver information that is deemed to be the best and most reliable source of a particular attribute. This may be the human resources system for employee address information or the email system for email addresses. The source of the most reliable data will differ from organization to organization.
Directories are typically used as the repositories for storing and managing identity data: they are optimized for read operations and providing a look-up service for users and applications. They are frequently used to store authentication material (names, passwords, digital certificates, other identifiers) and provide that material to applications that can consume it. Many enterprises have multiple directories active at the same time, each holding unique sets of information about users and permissions that control access to specific applications. As the number of directories within an enterprise grows and as users from outside the company who need to access an application increases, organizations need to develop identity management strategies for maintaining consistency and correctness across repository boundaries for user data.
Mycroft Inc.’s team of directory specialists works with organizations in identifying relevant data repositories that hold authoritative data, and designing and deploying safe and secure processes and controls for maintaining user data across disparate repositories-with a key emphasis on data correctness and information privacy. Mycroft Inc. employs a variety of key technologies including directory virtualization and meta-directory synchronization to achieve optimal results.
WEB ACCESS MANAGEMENT Web access management provides a standardized, policy driven enforcement for access to corporate applications and resources. Organizations are moving to decouple access control mechanics and its underlying logic away from the core application logic and into a centralized policy driven environment. Access control infrastructures provide the foundation for such environment, allowing for the shift from programmatic security model to a declarative security model. Added benefits of access managed environments include increased authentication and authorization performance, and single sign-on capabilities.
Mycroft Inc. provides the design, development, and integration expertise to allow organizations to leverage and incorporate Policy based Web access management capabilities into their existing Identity and access control infrastructures without having to rip and replace in-place systems.
USER ACCOUNT PROVISIONING Mycroft Inc. provides enterprises with assistance when handling their most complicated account provisioning problems. Mycroft Inc. possesses unique abilities that no other integration firm in the market today can match. All organizations deal with account provisioning – the process of adding users to systems and assigning them the appropriate identity and access entitlements to do their job. Organizations today are also dealing with an ever-increasing number of systems and resources that a user must access on a daily basis. As the number of systems increases, manual account provisioning no longer meets the operational and regulatory requirements of most organizations. As a result, many companies face inefficiency due to delays in account creation, and uncontrollable costs due to orphaned or unknown accounts.
From the inception of the provisioning technology marketplace, Mycroft Inc. has been a key player in the development and deployment of automated account provisioning infrastructures, having partnered with and developed for every major Provisioning vendor in the market. User account provisioning requires three main areas of expertise:
- Understanding the selected provisioning technology
- Understanding and capturing the organizational process for account management
- Understanding the integration into the multitude of organizational resources that users need access to.
Mycroft Inc. designs and deploys methodology specifically designed around capturing and modeling identity management processes that can later be implemented as workflows within the chosen provisioning technology. Lastly, but no less important, Mycroft Inc. has extensive knowledge of most major commercial security and identity protocols. In fact, Mycroft Inc. maintains a wide range of target systems, from e-mail environments including Microsoft Exchange and Lotus Notes, Mainframe security environments including ACF2, RACF, and Topsecret, as well as every major RDBMS, and directory environments.
FEDERATION Federation provides organizations with a way to extend access to resources beyond their corporate boundaries. As enterprises form new business relationships, federation allows users from different companies to share access to resources in their partners' organizations.
Federated identity management involves exchanging identity information across one or more trusted domains (either within a single company or between different companies) in such a way that the information is maintained only once - at its particular source. Federation is the ideal solution when it is necessary for users to gain access to multiple applications "owned" by other companies or business units. Federation also allows user cross domain Single Sign-On (SSO) by passing through their authentication and authorization credentials, as well as the ability to personalize the way the resulting information is presented, since any personal preferences set in their original environment will be carried forward.
Mycroft Inc. provides the design, development, and integration expertise to allow organizations to leverage and incorporate Federation capabilities into their existing Identity and access control infrastructures typically without having to rip and replace their in-place systems. Mycroft Inc. was an early adopter and active participant in the emerging federated identity space. Mycroft Inc. is an active member of the Liberty Alliance and has developed and demonstrated key federation technology at both RSA World and The Burton Catalyst Conference.
