Blog posts
Automated User Access Reviews: What are the benefits?
Question 1: Who has access to what?We have all heard about the necessity of doing user access reviews. Some companies do them to meet internal or external security requirements and regulations, such as Sarbanes-Oxley, SOC 1/2, HIPAA or even ISO 2700X. But did you know...
Identity and Access Management: How do IAM solutions adapt to a company’s constantly evolving requirements?
Today, organizations are aware of the need to protect their data, applications and infrastructure from cyber-attacks. For this reason, many are paying close attention to securing their logical access rights. Not only is it because they are one of the first points of...
Is your European company prepared for the Digital Operational Resilience Act (DORA)?
The DORA Regulation: Europe’s New Cybersecurity Measures Over the last two years, the European Commission has been working on regulations that they refer to as the Digital Operational Resilience Act (DORA). In November 2022, this act was adopted by the European...
ITGC Controls: Why Are They Essential And How To Execute Them?
Today, no organization escapes demonstrating the security and compliance of access rights which are subjected to regulatory standards (ISO 27001, ISO 27002, ISAE 3402, SOC 1 and 2, SOX, CMMC, HI Trust, HIPPA, CRBF, Solvency, etc.). The implementation of IT General...
CyberArk Privilege Cloud: Protect your Privileged Accounts with a SaaS Solution
On premise or in the cloud, privileged accounts are one of the biggest security vulnerabilities facing organizations today. Scattered throughout information systems (IS), privileged accounts provide access to your company's most critical resources. A large majority of...
Are User Access Review And Access Recertification The Same Thing?
Do you know the difference between user access reviews and access recertification? They sound like they could be interchangeable, but nothing could be further from the truth. Although both are designed to protect the resources within your information systems (IS), the...
Why Is Privileged Access Management Important To Your Organization?
Privileged accounts, a frequent target with real risk of cyber attack Today, organizations must deal with many types of threats (cyber-attacks, fraud, theft and compromised data), which multiply when we add in the digital transformation, working from home and...
Practices And Methodologies For Securing A Company’s Privileged Access
Why prioritize the protection of privileged access? In today’s world of digital transformation, remote workplaces and cloud applications, the methods of accessing data and infrastructures within organizations are extremely diversified and constantly evolving....
Follow The EBA/EIOPA Guidelines To Secure Logical Access Rights
Nearly two years ago, the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) defined their guidelines for risk management related to both information and communication technologies (ICT) and security for the...
How To Interpret The EBA / EIOPA Guidelines About Securing Logical Access Rights?
EBA/EIOPA: What are the security recommendations for Information and Communication Technology (ICT)? In 2019, the European Banking Authority (EBA) set out to create guidelines about managing risks linked to technology security. These guidelines were...
What Are The Best Practices For A PAM Solution And Privileged Access Management?
The consensus is that a Privileged Access Management (PAM) solution has become essential to reduce risk and deal with the cyberattacks to which privileged access is increasingly exposed. However, certain difficulties remain once these solutions that aim to secure,...
10 Best Practices to Optimize Your User Access Reviews
A tedious requirement for companies For any organization, the user access review is an important practice. As a critical component of your Identity and Access Management (IAM) strategy, this control mechanism ensures that your Information System (IS) users have...
Privileged Accounts: Learn To Recognize Them To Better Protect Them!
It is no secret that all organizations use privileged accounts, and for good reason: they give users certain privileges that allow them to control systems, resources and applications. Privileged accounts and passwords are particularly targeted during cyberattacks and,...
Identity Analytics: Can an IAM project be successful without it?
Almost two years ago, Gartner made an observation about Identity and Access Management (IAM) projects, saying that the deployment of more than half of them posed problems and was subject to major execution difficulties. Two years later, this assessment is still valid...
Periodic or Continuous Review of Access Rights : A Comparison of Use Cases
In a previous article on user access review, we highlighted the differences between periodic and continuous access reviews and how to use each one. The conclusion was that the two approaches serve different purposes and should be seen as complementary. They do not...
Periodic or Continuous User Access Review : Two Strategies for Reviewing Access Rights
Identity is everything now. Every chief information security officer should be asking themselves questions like “do you know who you’re trusting?” and “when did you last validate?”Jay Gazlay, CISA Technical Strategist It is a fact: the notion of identity is a major...
Review of Infrastructure Access: How to do it? Why do we need it?
Infrastructure access is not always well understood, controlled or reviewed. IAM/IGA projects generally focus on application rights while neglecting infrastructure access. As a result, it is common to find that accounts and the rights assigned to them accumulate...
What Is A User Access Review?
Organizations evolve every single day. Some of the changes include the departure of an employee, the arrival of a new colleague, the implementation of an innovative application, and the launch of a project involving external service providers. Each event impacts the...
Customers Make the Leap to Access Review Automation with Brainwave GRC
Brainwave GRC is happy to share this recent exchange with one of our key customers who sings the praises of moving from a manual access review process to a fully automated solution with Brainwave GRC. This article details the company’s experience with added feedback...
Identity Analytics Is At The Heart Of A Cybersecurity Strategy
We live in a world where all users, whether employees, providers, sub-contractors, partners or customers, have become intense consumers of data and IT services. In Asia, Europe, America and beyond, we are all accustomed to signing into our favorite account or...
What Is Privileged Access?
Whether on-premise or in the cloud, privileged access is everywhere, scattered throughout a company's infrastructure. On average, there are three times as many privileged accesses as there are employees within an organization. All organizations now use privileged...
IT General Controls (ITGCs)
ITGCs: When did they start and why? In October 2001, when the Enron scandal broke, the company specialized in energy brokerage and was, at the time, one of the largest market capitalizations in the world. The focus of the scandal was a recurring falsification of...
Controls automation: auditors and internal control’s key to success?
Why and how should a company automate controls? The reasons to automate controls processes will logically depend on the company's context and security challenges. Fighting against fraud is one of the main reasons for organizations to implement controls automation...