What's New in File Access Manager 8.2

Common Criteria Certification

File Access Manager is now Common-Criteria certified, attesting its compliance with the highest industry standards for Product Security, development life-cycle management, architecture and design, deployment methodology and delivery standards, required by the Federal Government, and other leading organizations and enterprises across the globe.

Amazon S3 Connectivity

FAM now extends data governance controls to Amazon Cloud Storage and AWS tenants, through its new S3 Bucket Connector. Leverage File Access Manager’s Permissions Analysis and Access Governance capabilities to manage resources and files stored on AWS S3 Buckets, and attain a comprehensive security posture and greater visibility into access to data on S3 buckets throughout the organization; analyze access rights for AWS IAM Identities across multiple Regions, Organizational Units and External and Internal Accounts; and review granular access governance controls down to the file level. Users can gain insight into Organization and Bucket-level Access Policies, Public Bucket Permissions and fine-grained ACL-based access rights for individual identities.

Linux Connectivity

File Access Manager’s new Linux Connector enables users and admins to Analyze Access Rights, perform Access Requests and Certifications, and Identify and Classify Sensitive Information on Linux systems of all major distributions - including RedHat, Ubuntu, and CentOS - supporting Data Classification, Permission Analysis, and Access Governance Capabilities. Protect your mission-critical Linux servers, and ensure the integrity and continuous availability of the resources and unstructured data they rely on. This feature provides organizations with a comprehensive view of effective data access privileges granted to users, accounts and groups from NIS and LDAP (AD) identity stores, as well as local accounts and identities, through a single centralized view. File Access Manager comprehensive approach will allow IGA admins and data owners to enforce governance controls, identify sensitive information, excessive privileges and overly-privileged accounts, detect overexposed or jeopardized resources, and assess risk and take preventive and mitigative actions - to protect mission critical processes and resources.

Isilon Multiple Access Zone Support & Tenant Isolation

File Access Manager now offers Tenant Isolation and Full Capabilities for Multiple Access-Zones on Isilon Clusters. With the addition of the Activity Monitoring and Permission Collections capabilities for Multiple Access-Zones within an Isilon Cluster and removing the dependency on the Administrative (System)-Zone-based OneFS API, each Access Zone within the cluster functions as an independent Isilon Application within File Access Manager, with the complete set of File Access Manager capabilities.
This enhancement marks the transition in approach from a Cluster-Oriented to a Zone-Oriented configuration.
The new configuration will allow users to easily configure applications per Access Zone settings, now allowing for multiple Access Zones on the same cluster to be created with ease.

Single Sign-On Authentication for File Access Manager

Integrate File Access Manager with the Identity Provider of your choice, with new support for all SAML-based SSO Services (including Azure, ADFS, Okta, Ping, One Identity, etc.), in addition to the standard Windows Authentication. Enjoy a smooth login experience, and seamless support for distributed and hybrid environments.

OAuth-based Modern Authentication for O365 Connectors

OAuth-Based Modern Authentication is now available for SharePoint Online, Exchange Online, and the Azure AD Identity Collector and OneDrive. File Access Manager supports Modern Authentication methods for all O365, and in fact all cloud endpoints Connectivity Portfolio. No Legacy Authentication is required, and no credentials are shared or stored. Admins can impose Security Policies, such as Multi-Factor Authentication and Credentials Cycling, on service accounts, with no additional effort. This change also includes support for multiple authenticated accounts – to improve performance and avoid throttling quotas.

Application Configuration & Management Web Migration

Enjoy the Streamlined Design and improved user experience of the new web-based Application Configuration Wizard and Management Screen. Guided User Journey, Wizard Hints, Tagging & Filtering Capabilities and Delegate Access through Improved RBAC – in File Access Manager’s Business Website.

The Resource Explorer - Web-based Navigation

Navigate and Manage Data Assets and Resources with ease using the brand-new Web-based Resource explorer leveraging the File Access Manager Website Slick User-Experience, introducing:

·         Global & Scope Based Just-in-Time Search with Auto-Complete

·         Resource Name & Full Path Simultaneous Matches

·         Breadcrumb Trail & Shortcuts for Easier Navigation

·         Paging & Perpetual Scroll

·         Improved Performance & Reduced Clutter

Admirative Capabilities Migration to the Business Website

Take Advantage of the improved User Experience, Sleek Interface and Granular role-based control of the business website, to perform and delegate administrative operations such as Configuring and Manage SMTP Settings, Data Sources and Data Dictionaries with New Management Screens in the File Access Manager Business Website

User Scope Change Management & Default Capability

File Access Manager now supports users’ scope change management, enabling admins to manage Business Users visibility over time, simplifying users onboarding within the organization, and expediting deployment and adoption efforts, by leveraging new User Scope Import capabilities, that allow cumulative and differential imports of resources scopes for business users, As well as a streamlined ownership assignment process - allowing the automated assignment of Data Ownership Capabilities directly through the user-scope import.
As Auditors and Compliance Manager most often require a panoramic view of the organization’s environment and data assets, the default scope for these Capabilities have been adjusted, and these capabilities can now manage all resources by default, for a quicker onboarding, and a more intuitive workflows.

Top Level Requestable Resource Labeling

Organize your requestable resources and simplify users' access requests experience,
with a new Labeling feature that helps you make sense of complicated, duplicate, or unfriendly resource names,
and allows you to conform you your organizations naming conventions and standards

Administrative Power-User Password Complexity Improvements

Enforce password security and complexity, when setting up the File Access Manager Super-User as part of the initial product installation,
Preventing the risk of leaving this powerful account unsecure, or the need to go back and change that later.

Hierarchical Resource Scope for Sensitive Data and Permissions Analysis Report Templates

Easily configure the scope of your File Access Manager reports by including and managing resources
hierarchies with this new report scoping capability

System Usage Report

View and analyze aggregated usage statistics and help us learn what you like and dislike, so we can perfect the most used flows, and correct the ones that aren't as smooth, with this newly added System Usage Report

Stale Data Reports Resource Scoping and Ownership Filtering

Reduce your attack surface by defensively discarding unused information and save storage cost and administrative overhead. Identity Stale Data and unmanaged resources hording unused files, with these new capabilities to scope and filter your Stale Data Analysis reports. Zoom in on the most critical resources and identify those that no one is responsible for and takes care of - to highlight the areas you need to address first.

Permissions API 'Classification Category' Filtering 

Focus your queries and 3rd party integration on sensitive resources and specific categories with these new API filter options

Permissions API Usage Statistics

Get information on unused access through the File Access Manager Permissions API, with newly added usage statistics

.NET Core Migration

Leverage the power of the .NET Core platform with improved performance and scalability. All File Access Manager’s Components* are now running on .NET Core including:

·         All Core & Infrastructure Services

·         Business Website & API Framework

·         Activity Monitors & Collectors

*  with the exception of the user interface and the admin client that

require .NET Framework 4.7.2