Meet Brainwave GRC at Gartner IAM Summit 2019, 7-8 March in London,UK

The annual’s UK Gartner Summit dedicated to IDENTITY
& ACCESS MANAGEMENT  leaders will take place 7-8 march 

Today’s IAM leaders are positioned to help the business thrive in the evolving digital landscape. Tracks are tailored to the priorities of the IAM leaders” of the Gartner IAM Summit 2019 ”.

 1- IAM Strategy and Program Management : to get the information you need to align your IAM strategy with corporate goals, build an IAM roadmap with attainable milestones, organize project resources and measure project success. To learn how to avoid common pitfalls through best practices and lessons learned from successful and not-so-successful IAM programs.

2- Identity Governance and Administration : to learn practical Identity governance and administration to reduce operational overhead, streamline operations, minimize risk and comply with regulations. To explore next-gen identity architecture and technologies.

3- Trust, Authentication and Fraud Prevention : to explore continuous adaptive risk and trust models. To learn how analytics, biometrics and other advanced authentication methods help provide frictionless access, improve security and prevent fraud.

4- Access Management and Authorisation : security, risk, privacy and IAM must be aligned. There are process, organizational, functional and technology overlaps that should be considered so that you can maximize your investments and have a robust, multifaceted approach to IAM.

Attending Gartner IAM Summit 2019 can help you take a strategic approach to risk, improve business and data resilience, build digital trust and implement a new generation of continuously adaptive security strategies.

Meet Brainwave GRC during the gartner IAM summit 2019

 You will attend the event this year! Why don’t you  meet Brainwave GRC on this occasion?

As a global leader in Identity Analytics, Brainwave is present at the major cybersecurity worldwide events with partners or represented by these experts on site.

Our company helps organizations to protect their sensitive assets and fight against fraud and cyber risks, prevent data leaks, help you be compliant. Brainwave’s solutions are dedicated to access rights governance to data, applications and infrastructure.” Brainwave GRC has over 60 customers worldwide and it represents more than 3 millions analysed identities, more than 1 billion of controlled access rights, and more than 1.000 reviews realized each month.

You are interested to know more about our solutions or to discuss with one of our experts? 

Get in touch with us nowWe will arrange you an appointment at your convenience.

 

  BOOK A MEETING

 

Cybersecurity International Forum 2019 Lille 22nd & 23rd January

#FIC2019 : the key european event dedicated to the security and digital players

 

“The forum is a platform aiming at promoting a pan-european vision of cybersecurity as well as to strengthen the fight against cybercrime. In order to do so, the FIC relies on : – The trade show, to share knowledge and ideas, maintain contacts and find new services; – The forum, to discuss and debate with experts, to gather ideas and to share professional lessons; – The Observatory, to continue exchanging views and information after the FIC, to explore topics in greater depth and like minded throughout the year.“(1)

The event will hosted more than 8.500 attendees including 1.300 foreign visitors and 80 represented countries.

 

Security and privacy “By design” is the FIC 2019’s topic

 

The security and protection of personal data will the main topic of the new edition. A real business requirement, a new legal imperative with the RGPD, “by design” raises many challenges (psychological, human, technical, financial).

All these aspects will be explored during the event thanks to the numerous workshops and conferences and the exchanges opportunities with the partners offering security advanced tools and technologies.


On this occasion, the experts of the Brainwave GRC « Identity Analytics » solution invite you for a meeting to discuss on the Hexatrust area.

Founded in 2010, the innovative Identity Analytics software vendor is dedicated to helping companies fight fraud, data breaches and cyber attacks. Brainwave GRC has over 60 customers worldwide and it represents more than 3 millions analysed identities, more than 1 billion of controlled access rights, and more than 1.000 reviews realised each month.

Book your meeting now and get more details about the Brainwave GRC’s solutions : [email protected]

 

Access and timings
Lille Grand Palais
1 boulevard des Cités Unies
59 777 Lille – Euralille

  • tuesday 22nd January : 9.00 am – 7.00 pm
  • wednesday 23rd January : 9.00 am – 6.00 pm

Contact
Brainwave GRC  | [email protected] I phone. : + 33 1 84 19 04 10

(1)  www.forum-fic.com/en – What is the FIC?

What Identity Analytics really is and why you need it

What Identity Analytics really is and why you need it

IT security’s advent: the “identity” concept as key factor

Digital transformation has changed and is changing more and more business processes, job positions as well as many companies’ core activities. In consequence, it has implied a change in the way we mitigate risks.

Risk mitigation has existed long before digital transformation but it mainly relied before on manual processes, spreading risk management across departments – thus relying on silos – and on analyses over samplings. But this risk management is no longer possible with today’s world digital transformation, which often goes too fast for companies to properly adapt to new risks, especially IT risks. They most often have no visibility on what is key: their users’ access rights to their information system, user behaviors as well as existing security breaches. 

Financial costs of IT security risks, whether it be data thefts or internal frauds, are continuously rising. According to a 2016 Ponemon Institute study, data leakage costs have risen 30% between 2013 and 2016 in the 12 countries of this survey. Companies are paying at a high cost the rise of cyber risks but what about their investments to prevent these threats and mitigate these risks? 

Organizations need to ensure efficient and continuous risk mitigation and detection. They need to know the risks threatening them, including the humpan error risk which is constantly underestimated even though it was the source of 1 out of 4 data breaches in 2016 (2016 Ponemon study).

Companies are becoming more conscious of cyber risks and the need to reduce them through the IT vector but many doubt their capacity to really identify who accessed their sensitive data and applications. Indeed, the main stakes are here: knowing who has access to wgat and who accessed what in your information system. This is about cyber resilience: ensuring both cyber security along with productivity and innovation for companies.

Becoming cyber resilient means focusing on identites, that is individuals. It is both through individuals that secured digital transformation projects can unfold and that the cyber attacks happen. Risk analysis, detection and mitigation need to be built around this identity concept and that is what Identity Analytics is all about.

 

The rise of Identity Analytics

Digital opportunities should not make you forget that significant risks are generally atatched to them. Let’s take the classic icerberg methaphor. The emerged part of it represents known and visible digital and cyber risks today: ransomwares, virus, etc. But these risks aren’t the most important or threatening. The risks underwater, invisible for most of us, are the most threatening and frequent ones for organizations. You need to target these first and foremost.

With Identity Analytics you are able to answer the question “what resources can these users access, how and how are they using these access rights?” and this is what matters to ensure a secured business environment. It is about conducting in-depth analytics within a contextualized environment, with HR and technical data reconciled. Audit and internal control tasks as well as proper analyses, access reviews and clear reporting processes are at last possible in one unique platform centered on the identity concept.

 

Regarding digital transformation and cyber security, the notion of identity crystallizes opportunites, threats and solutions all in one. It is the key concept companies need to understand fully and implement. 

With Identity Analytics, companies can more easily mobilize their resources and think in a transversal way, beyond silos, to achieve both business development and efficient risk management. All actors, internal actors and third parties, need to engage in this process. This collaboration and communication between actors is all the more important as cyber incidents are hard to detect and it takes several months, almost a year, as an average for companies to detect a breach or suspicious activities. Organizations need to pay attention to unusual user behaviors for example but most of them do not have the maturity and the resources to do so.

Identity Analytics has developped over the last 10 years and is continuing its rise as companies realize worldwide that traditional cyber security methods and tools are no longer adapted and can even become harmful by exposing them to risks they cannot detect and prevent.

Identity Analytics is still misunderstood or rather unknown but this is changing. Meanwhile, significant cyber security actors have tried to hijack the Identity Analytics term and use it for other meanings and cyber security specific features such as SIEM for example. Identity Analytics isn’t about real time detection but about enabling you to better analyze risks, prevent threats and ensure compliance by focusing on your key asset and threat: indentities.

 

With Brainwave GRC, its Identity Analytics solution includes advanced in-depth analytics, machine-learning and workflows to reduce access-related risks and ensure continuous compliance for all organizations. 

 

Controls automation: auditors and internal control’s key to success?

Controls automation: auditors and internal control’s key to success?

Why and how should a company automate controls?

The reasons to automate controls processes will logically depend on the company’s context and security challenges. Fighting against fraud is one of the main reasons for organizations to implement controls automation today. But it isn’t the only one. Here are a few of them:

  • Focusing on fraud risks

The goal here is to reduce fraud risks, often over large data volumes. The stakes are to gain full visibility over fraud risks, segregation of duties policy implementation but also to ensure that controls are properly operated and cover all the critical applications and business processes for which fraud risks are very high.

  • Targeting sensitive business processes

For some companies, the prime focus needs to be set on preventing risks at a business process level for their most sensitive ones, such as the Purchase-to-Pay business process. Security risks, such as fraud risks, are often significant at the business process level – within and between applications and systems – but companies often focus only on risks linked to IT infrastructures and fraud risks within applications only.

  • Improving data analysis

The goal here is to implement efficiently and broadly a proper data governance through automated controls. Controls over applications are a priority in this context and need to comply to security requirements such as proper privileged accounts management and efficient access rights governance.

What are the benefits?

Controls automation can provide many benefits, here are the main ones:

  • Optimizing controls processes, strongly needed by companies as they face rising regulatory requirements and pressure from control and compliance authorities.
  • Reducing security risks within applications and at a business process level
  • Reinforcing internal audit and control’s position within the company

Automating controls enables internal audit and control teams to save significant time, money and energy not using Excel spreadsheets with over fifty tabs to operate manually their controls. With controls automation, they can focus  on the most critical security and compliance stakes and risks that trully need their time and attention.

 

Are they limits to controls automation and how can you move past them?

Automating controls at the scale of an application, system or a wholke business process requires paying special attention to a number of topics in order for a company to prevent limitations and evaluate if its is ready to implement the automation of all or part of its controls processes.

Here are a few of the topics you should pay attention to:

  • Your applications’ maturity

Automating controls properly depends on your applications having the same “maturity” level.

  • Risks moving upstream or downstream

By automating controls, there is a risk that security issues be displaced. An example of risks moving “downstream” is an inefficient analysis and correction of discrepancies.

  • Automated controls staying relevant and answering internal audit’s needs over time
  • Segregation of duties

One of the keys to controls automation is implementing a proper segregation of duties at a business process level, within and between applications and processes in the IT systems.

 

Any questions? Don’t hesitate and contact us!

Cyber risks and Brainwave GRC benefits for Imran Ahmad, National leader cyber security at Miller Thomson

Cyber risks and Brainwave GRC benefits for Imran Ahmad, National leader cyber security at Miller Thomson

Brainwave GRC video interview of Imran AHMAD – Miller Thomson partner

CyberThreats

 

 

Businesses are struggling to identify what they should be looking at or not. We are seeing an increase in term of cyberthreats and cyberattacks and it’s not a question of ”if it will happen”, it will happen to you.

At that point: Are you ready to respond in an effective way and what can you do to mitigate the risks?

To monitor the risks in real-time and to identify a conduct or a behavior which is outside of the norm is like to find a needle in a haystack…

 


Imran Ahmad is a Business Law Partner in the Miller Thomson Toronto office and specializes in the areas of cybersecurity, competition and foreign investment law.

As part of his cybersecurity, privacy and data breach practice, Imran works closely with clients to develop and implement practical and informed strategies related to cyber threats and data breaches. He focuses on legal risk assessments, compliance, due diligence and risk allocation advice, security and data breach incident preparedness and response.  He also provides representation in the event of an investigation, enforcement action, or litigation.

Brainwave GRC’s added-value according to Deloitte

Brainwave GRC’s added-value according to Deloitte

Brainwave Identity GRC’s benefits for Deloitte and clients

Interview of a Senior Manager Risk Advisory at Deloitte France – Alexandra Jasinsky

 

3 benefits Deloitte France sees in using Brainwave GRC:
 
– Cross-application and cross-system analysis for the entire enterprise, including any in-market or legacy ERP and custom in-house application
– Easily configured dashboards and KPIs with most important metrics
– Deep behavior analysis to understand financial impact of transactions and conflicts