KuppingerCole Report
Executive View
By Matthias Reinwarth

Nexis Controle 3.0

Nexis Controle 3.0 implements intelligent role and identity analytics while laying the foundation for strategic role lifecycle management as either a stand-alone solution or as a companion component to existing Identity and Access Management infrastructures. The integration of corporate business expertise through targeted workflow and interaction approaches means a leap forward towards the implementation of sustainable Enterprise Role Management and recertification strategies.

1 Introduction

Managing access to corporate resources remains an underestimated challenge in many organizations. Many of them choose to create an enterprise role design breaking down existing complexity into manageable roles as both a tool for organizational processes and to achieve efficient security management. However, defining, implementing, and maintaining an enterprise role model requires mature processes and strong tool support.

KuppingerCole understands Enterprise Role Management (ERM) as a strategic approach to structuring complex organizations, while improving administrative efficiency and compliance with legal, regulatory and internal requirements. This goes far beyond a one-off approach towards identifying initial role definitions. Instead it aims at defining and implementing a sustainable, ongoing set of well-defined role management processes. These serve as a framework for managing, maintaining and constantly refining role definitions as well as for the assignment of associated entitlements to individual identities.

From the business perspective, the requirements are clear and obvious: The role portfolio implemented within an IAM system has to be designed to assign every access right that is required for each individual employee. Regulatory and legal requirements, but also corporate policies and security frameworks, present a very contrary set of demands: The principle of least privilege requires that only the minimum set of access rights are assigned, while Segregation of Duties (SoD) requirements demand that any one user should not have excessive access rights to execute more than one conflicting step within a single business transaction or process flow.

Getting towards true Enterprise Role Management (ERM) is both an organizational and a technical task. ERM requires expertise from various organizational stakeholders combined into a corporate process framework. It demands the involvement of many types of subject matter experts in diverse types of organizational units, well-defined and efficient administrative processes, and adequate tool support.

In the case of an organization just initiating the definition of appropriate business roles, but also in the process of reviewing or justifying existing role compositions, these tools are typically referred to as role mining tools. In the case of roles which are already defined, the family of tools required is typically referred to as role engineering or access analytics tools as part of GRC efforts.

Defining or reviewing the appropriate role portfolio with each role containing the right set of underlying individual entitlements for the required set of systems, infrastructures and applications must not be a one-time exercise. This usually has to be an ongoing process instead, adapting the defined set of roles:

  • by adjusting the contained access rights
  • by adding newly required roles
  • by onboarding new applications and their newly defined entitlements; and
  • by retiring or disabling obsolete roles

Currently, there are mainly two different product approaches on the market covering the segments of role management and role mining. Several IAM vendors provide basic support for this kind of task as part of their IAM suites. In parallel, a separate highly specialized market segment has evolved, which is focused on providing efficient role mining functionalities, role engineering facilities, access analytics and clean-up workflows as an add-on to an existing IAM infrastructure system, independent of vendor or design. Nexis Controle 3.0 is a mature representative of the second group, designed to run stand-alone or interact with existing Identity and Access Management systems while adding what the vendor refers to as Identity and Access Intelligence.

2 Product Description

Nexis Controle is a highly specialized tool designed to operate as an add-on to an existing Identity and Access Management infrastructure system or as ...

Login Get full Access

3 Strengths and Challenges

Nexis Controle is a highly focused product, deliberately designed to implement a clearly defined set of tasks. By focusing on role analytics, role min ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.