Avatier: Transforming Identity Governance and Administration

Follow Avatier on :

Nelson Cicchitto, Chairman & CEO, AvatierNelson Cicchitto, Chairman & CEO We Live in a Software-Defined World. Evolve at the Pace of Innovation or be Vaporized.

In the 1990s and early 2000s, identity management was simply an organic term stemming from the need to handle account requests and entitlement assignments. If companies were small enough, spreadsheets and simple e-mail exchanges were accepted as a means to control system access. Companies falling into the larger category were typically left with developing homegrown solutions that would support limited automation of identity-related tasks.

It wasn’t until highly public incidents such as Enron and Tyco that companies and government regulators saw the need for a more centralized, compliant platform. Regulations, such as SOX required controls over employee access to prevent internal practices, which could present risk or a conflict of interest.

Regardless of the size of their organization, IT departments at both small and large companies saw a need for centralized governance and controls. This was even more evident when dedicated IT staff was needed to maintain homegrown systems over time. This is where companies, like Avatier, rose to define platforms that could handle entire user lifecycle phases of corporate growth in a secure manner.

In 1997, Avatier pioneered what is now known as Identity Access Management (IAM). Since that time, IAM platforms have done much more than simply reset and remove system access. Today, identity management providers have transformed into Identity Governance and Administration (IGA) platforms. These platforms need to support more than user provisioning and password management. New business cases required IGA vendors to support access certification, workforce asset management, single sign-on, leading multi-factor authentication (MFA) systems, biometrics, software licensing, and asset management in an integrated, scalable, and clutter-free environment. This also meant moving from last century’s architecture to those that are securely hosted in any cloud or on-premise with a common, secure, scalable, and portable digital transformation DevOps architecture.

The Innovator’s Identity Management Dilemma

Legacy identity management companies are struggling to bring all on-premise functionality to their cloud offering. In the end, the customer has to choose between full functionality on-premise or cloud version with limited functionality. Cloud-first identity management companies put their customers at risk since these multi-tenant solutions share CPU, memory, and even disk space with all other tenants. If the cloud IAM provider is compromised, all their customer data, identities, and even passwords are compromised.

Thinking Inside the “Virtual Machine” Box Exposes Your Brand to Hackers

Nelson Cicchitto, chairman and CEO of Avatier, the leading developer of innovative, secure, and scalable identity management solutions, throws light on the complexities and vulnerabilities associated with your current identity management solutions hosted on-premise in a virtual machine environment.

“Chances are that your ‘first-generation’ identity management application is designed to run on an operating system like Microsoft Windows or Unix. Your organization most likely deployed it on virtual machines (VM) to save cost and attempt to centralize administration. There may be several operating systems running on one machine, and each of those is a doorway in for a computer hijacker. Each VM has to be individually monitored, scanned for viruses, and patched. Such architecture is not only difficult to maintain and protect, but also has a broader attack surface. The higher the number of attack vectors which a hacker can use to access an environment (caused by these OS and identity application instances), the more ways your system can be compromised,” said Nelson.

Do some basic cost-benefit analysis, then ask yourself: ‘At what point do you realize your identity solution is leaving your organization exposed and is costing you more than what it is worth?

“From a scalability and fault tolerance standpoint, your company may have deployed ‘load balancers,’ which drives up the overall cost, maintenance, and patching time for your identity management environment.” Nelson asks CSOs, “Do some basic cost-benefit analysis, then ask yourself: ‘At what point do you realize your identity solution is leaving your organization exposed and is costing you more than what it is worth?’”

Addressing this “elephant in the room” is what sets Avatier’s IGA model apart from the other players in the space.

Containerized Identity Management Reduces Attack Surface, Enables Continuous Delivery and Unlimited Scaling

Identity Management as a Container (IDaaC) forms the core of Avatier’s solution, dubbed “Identity Anywhere.” With a minified operating system on a host platform, rewritten identity management framework, and all disk I/Os externalized, containers bring standardization and ease of use for starting, running, and maintaining the various instances. Such an approach decreases the attack surface, drastically reducing the burden levied on the VMs and removes the need to patch the OS frequently. Avatier also added a rotating customer encryption key and has strategically partnered with Docker—the go-to platform for running complete container ecosystems—to build its range of offerings. This not only assures each container has its own secure resources isolated from other customer containers but enables Avatier to manage thousands of customers independently with private instances, memory, data, and CPU. What this means is a customer-specific instance won’t “eat” your available resources and lead to performance degradation or downtime for other customer instances. This is an entirely different approach from how typical multi-tenant cloud applications deliver solutions today.

Companies can run and manage their containers through open source Kubernetes or Docker Swarm, both of which can balance the traffic automatically and eliminate the need for load balancers and subsequently, licensing costs. For enterprises not familiar with or do not have the technology resources or expertise in leveraging containers, Avatier, “carries the load” for them by offering the entire, readily deployable solution as either a cloud service or an on-premise installation.

The Digital Transformation of Identity Management

Container technology is widely regarded as the next evolution of cloud infrastructure and is part of all digital transformation strategies. Given the technology’s sleek and secure deployment model, it is rather surprising as to why only a few identity management or other security solution providers adopt it. Either the idea of thinking outside the “VM” box did not occur to them, or they chose not to entertain it since it would mean realigning, rebuilding, and redefining solution deployments from the ground up. It could also be an attempt to shoehorn security in the backdrop of a rapidly evolving enterprise sphere and threat landscape, and it will only be a matter of time until they begin to follow Avatier’s footsteps.

Moving Beyond Today’s Identity Management Offerings

Avatier’s technology stack has carved a league of its own by going beyond what enterprises generally expect from IGA solutions. “Identity Anywhere” is an integrated suite of products that includes an industry-first; Full self-service password reset and single sign-on (SSO) product with advanced MFA support.
The solution verifies the identity of a user using two-factor authentication and provides easy access to applications and assets with single sign-on using customized policies and controls on a per-application basis.

Avatier replaces traditional role-based access control (RBAC) mechanisms with an end-to-end user lifecycle provisioning solution. It is generally an industry consensus that rolling out RBAC is challenging. RBAC requires every person in the organization to have a role created. The problem is that roles change, and so do people, tasks, and assets. To this end, Avatier has integrated user lifecycle management with a first-of-its-kind IT Store through which companies and individuals can request any form of access they need for any cloud service, such as salesforce. com, G Suite, as well as support for enterprise apps like Oracle, SAP, AS400, and more. Avatier’s IT Store brings a new class of convenience and ease similar to that of the app stores of prominent smartphones.

Avatier’s integrated suite also delivers robust access compliance and asset governance solutions that enable enterprises to monitor, track, and report on every user lifecycle activity. Be it when an employee accesses their company’s servers or even the server room itself for that matter, Avatier’s solution can analyze the corresponding risk factors associated with the asset access. Through a “Risk Radar,” enterprises can administer and grant access, or even enforce additional authentication or verification based on the user ID and risk levels.

What is Next? An Integrated AI Virtual Customer Assistant

Since its inception in 1997, Avatier has always brought innovations to the IAM space. They were the first to roll out the only integrated access management ITIL-based business services catalog. Avatier patented its iconic “IT Store with Automated Workflow” before bringing their SSO offering with a SaaS license cost-savings calculator, which helps enterprises in identifying unused cloud services licenses. Not to mention, 2018 is the checkpoint for Avatier’s breakthrough IDaaC novelty.

This innovation continues through the release of another industry first in April of this year, Avatier’s Apollo Virtual Assistant. Apollo allows requests and fulfillment to be handled automatically through a series of authenticated workflows. Users can simply request access to an application via a chatbot on their phone or computer using almost any messaging channel, then if permitted, get immediate access. Apollo is the first commercial chatbot technology that securely validates user identity, through biometric, MFA, or one-time passcode over SMS/e-mail as well as leading MFA providers like DUO, RSA, Ping, Symantec VIP, Google Auth, Okta, and even FIDO2. Apollo can also handle requests for account creation and removal, password resets, and even schedule an employee for a leave of absence.

Delivering Measurable Business Value

Today, some of the largest, most recognized brands are clients of Avatier. After successfully trialing “Identity Anywhere” and comparing its value proposition with offerings from two other vendors from Gartner’s Magic Quadrant, DriveTime, a premier used-car retailer and finance company—with over 140 dealerships across 26 states—chose to partner with Avatier. They were able to save more than $750,000 annually on their IT audits and achieved utmost transparency and visibility in knowing “who had access to what” as Cicchitto recalls. “Identity Anywhere” was seamlessly integrated with their complex environment which included AS400 Active Directory and in-house custom applications.

"AI Virtual Customer Assistant with Analytics will change how we interact with Identity Management forever"

The company’s track record and client success stories are indicative of how they strive to realize their mission statement. Having gauged the IAM market trends and challenges inside out, Avatier has a clear vision—with Cicchitto at its helm—on how to steer forward, and ride and lead the waves of innovative change.
- Aaron Pierce
    May 06, 2019
Share this Article:


Pleasanton, CA

Nelson Cicchitto, Chairman & CEO

Offers “Identity Anywhere,” an integrated IAM platform built on the innovative notion of Identity-as-a-Container (IDaaC)

Avatier News

Avatier's New Mobile Identity Governance & Administration Solution, Identity Anywhere, Powers Digital Transformation

PLEASANTON, Calif. - Avatier Corporation, the pioneers of work from anywhere (WFA) Identity Governance & Administration (IGA) cloud service, container solutions and access governance solutions, today announced the release of Avatier for iOS and Android, a new mobile app platform that creates a collaborative, self-service approach to enterprise access without compromising security. Avatier promises to simplify identity access management (IAM) by empowering organizations with greater control over enterprise access requests, compliance access certifications, single sign-on (SSO) to reduce SaaS license cost and self-service password management, all for a better value than buying individual point solutions.
Avatier new mobile experience is designed for the modern workforce, giving employees, customers, contractors and vendors a single mobile app that enables self-service business agility for time-sensitive security requests. Now anyone in the company can be alerted on their mobile device to approve business requests to access data and assets. Change management for the entire business can run through Avatier's new mobile workflow experience, reducing overhead for IGA, streamlining provisioning and ensuring security compliance.

The new mobile platform is secure and frictionless because Avatier's password-less authentication automatically integrates with third-party multifactor authentication (MFA) solutions already deployed in most enterprises. Avatier has MFA support for Duo Security, Google Authenticator, Okta Verify, Ping Identity, Radius, RSA SecureID, Symantec VIP and any FIDO2-compliant solution. Additionally, Avatier provides one-time passcode (OTP) support for SMS and email as well as biometric MFA solutions.

"IT staffs spend an inordinate amount of time managing user access requests and conducting access audits," said Nelson Cicchitto, founder and CEO of Avatier. "Research from HDI shows that 30 percent of help desk calls are for access requests at an average cost of 17 dollars per call. Avatier's user experience changes the game with push notifications and a touch interface that can save companies millions of dollars by streamlining security controls and authorization while enabling their entire workforce to approve access immediately when needed. With Avatier's mobile application support, CSOs, IT personnel, security and compliance teams save time and resources by simplifying identity management and truly enabling enterprise-wide self-service."

Avatier's mobile platform includes a complete set of self-service identity management solutions, including:

• Universal workflow: For the first time, the workflow interface used for all business requests and change control is now also the same interface used to conduct certification campaigns and verify access. Push notifications call attention to urgent business requests that need to be approved or denied. All role, access, assets, change control and user management is controlled through Avatier's Universal Workflow Platform„¢. Access governance is part of workflow support, streamlining verification of granular access/assets, roles, direct reports, self-certification and native system security controls., including empowering attestors to allow, deny, allow exceptions, reassign attestor, or even return to the certification campaign owner.

• Self-service group management: Enable self-service group membership requests with push notification for workflow approvals, including group creation, deletion, renaming and modifying group ownership.

• User management: User access can be granted, disabled, or deleted either in real-time or as a scheduled task. As part of user management, Avatier Mobile makes it easy to manage data assets and software licenses to reallocate seats as needed.

• Single sign-on: Onboard mobile and remote workers faster with Just-in-Time (JIT) cloud app user provisioning and de-provisioning to provide secure remote access to assets by simply adding users to your active directory groups. Avatier SSO supports leading industry standards like SAML, oAuth, OpenID and SCIM for JIT provisioning.

• Self-service password management: Eliminate help desk calls by giving users secure control over password reset and synchronization using leading MFA providers to verify identity. Avatier's Password Policy Manager enforces enterprise password policy to maintain strong passwords across all systems.

Avatier for Chrome Extension Centralizes Identity Governance & Administration Solution for Chromebook and Microsoft Edge

PLEASANTON, Calif. - Avatier Corporation, the pioneers of work from anywhere (WFA) Identity Governance & Administration (IGA) cloud service, container solutions and access governance solutions, today announced the release of Avatier for Chrome, a new plug-in for Google Chrome designed to provide centralized Identity Access Management (IAM) control over students, faculty and employees using Chromebooks, Google Chrome and Microsoft Edge browsers to access computing resources.

More schools and corporations are standardizing on browser-based applications for remote users, and Avatier for Chrome Extension Centralizesfor Chrome is designed to provide a simple, secure means of managing user identity and access management. Using web-based resources provides always-on access, making it easier to deliver push notifications and make users more productive while minimizing hardware and software licensing costs. Standardizing on browser-based software also gives IT managers greater control and improved security for work-from-home users, including identity management.

"The work-from-anywhere phenomenon is here to stay, and infosec managers are looking for new ways to secure and authenticate remote users. Now is the perfect time to deliver a Chrome extension that controls remote access with SSO and simplifies IGA," said Nelson Cicchitto, founder and CEO of Avatier. "Working at home presents more distractions, so we included push notifications so users never miss an access request. Avatier for Chrome can save schools and organizations millions of dollars by streamlining security controls and authorization through a common, self-service web interface that is identical to the interface for our recently announced Avatier for iOS and Android."

The market for Chromebooks has been exploding with the COVID-19 pandemic. According to Reports and Data, the global market for Chromebooks is expected to reach $14.03 billion by 2027, and with the pandemic, Chromebook sales made up 25 percent of all notebook shipments for the first time in Q2 2020 with 11.6 million units. Google Chrome is the dominant browser with 66 percent of global market share, and more schools, universities and businesses are standardizing on Chromebooks to give users to access web-based resources hosted in the cloud, in private clouds or as enterprise assets.

Avatier for Chrome is the next phase in the company's strategy to develop an omnichannel Identity Anywhere management solution with a common user interface and features, including:

• Single sign-on: Avatier's single sign-on (SSO) uses your existing directory users and groups to automate application access provisioning. SaaS license analytics also makes it easier to track use allocations and license spend, so IT can reallocate SaaS seats to cut cloud licensing costs by 30 percent and increase productivity. Avatier SSO supports leading industry standards like SAML, oAuth, OpenID and SCIM for JIT provisioning and de-provisioning for offboarding.

• Always connected: Unlike other IGA solutions, Avatier for Chrome is always connected so any time a user is online they can receive updates and push notifications. It's the ideal approach to deal with urgent requests.

• User provisioning: To support lifecycle management, Avatier for Chrome includes self-service access requests so data assets can be granted, disabled or deleted either in real-time or as a scheduled task. Managers can establish controls by assigning organizational units, groups, roles and manage users according to their available budget. Mobile support, risk scoring and dual-authenticated workflow approval simplify lifecycle management and promote compliance.

• Access governance: Access certification includes a central snapshot of authorizations for governance risk and compliance. Avatier for Chrome features multilevel IT audit approvals to automate IGA certification and reviews, including the ability to revoke access and delete accounts in real-time.

• Password management: Self-service password management with multifactor authentication (MFA) increases productivity by reducing downtime waiting for reset passwords. It also can help make customer-facing companies by shortening response times since users can securely control passwords for CRM access. Avatier's Password Policy Manager enforces enterprise password policy to maintain strong passwords across all systems.

What makes Avatier for Chrome so simple and powerful for IAM is Avatier's Universal Workflow Platform„¢ which provides a single solution for all business requests and change controls. As a result, urgent requests are handled immediately to increase workforce productivity and reduce IT support time.

Avatier offers aggressive fixed pricing for educational institutions.