Access certification campaigns that work #Keynote

Access certification campaigns that work #Keynote

Discover the Access Certification Campaigns that work with Brainwave GRC on speaking slot at EIC 2019, Munich

Access Certification Campaigns that work
Thursday, May 16th, 2019 – 2.50 pm

Access certification is the process of validating access rights within systems. This compulsery process is at the cornerstone of most of the security policies and compliance framework; however, it can be a very daunting process for some organizations with dispersed systems, workforce, and partners which do not have tools, resources, and a centralized identity directory. With access certification, organizations and regulations aim to formally validate users within systems and ensure their access rights are appropriate.

Access certifications are no longer limited to reviewing an IAM role model. Both digital transformation initiatives and new compliance constraints such as GDPR raised the need to deploy access certifications campaigns accross the company to migitate new risks: Who can access to personal data? Who can leverage privileged accounts? Are those SoD risks properly mitigated? Are those third party managed systems access rights aligned with the security policy?, … Long story short: Access certification is a clever way of industrializing controls to mitigate risks and ensure compliance.

This raised new challenges: How to be able to review any kind of information, whether or not it is managed through a legacy IAM system, and more importantly, how to make those acess certification campaigns work, given the fact that a business user will spend no more than 3 minutes to review thoses entries…

During this conference, we will describe a framework used to successfully deploy access certifications campaigns within months and we will demonstrate through a live demo that it is possible to efficiently review 2000 entries within 3 minutes with the help of Identity Analytics algorithms.

Sébastien Faivre

Brainwave GRC

Key takeways:

– An actionable framework to successfully deploy access certifications campaigns
– An innovative way of reviewing thousands of entries within minutes
– Access certification interfaces that business users like

For more information on the EIC website click here    

Cyber Resilience, the new Cybersecurity?

Cyber Resilience, the new Cybersecurity?

Cyber resilience, the new buzz term?

 

Recently, you have most likely heard or read articles about “cyber resilience”. This term that comes up regularly in the media is presented as the future of cybersecurity. According to Accenture, cyber resilience is “the ability of a company to identify, prevent, detect and respond to technological or process failures and to recover by minimizing negative impacts on its customers, reputational damage and financial losses.”

However, this concept is nothing new, since it was notably defined by the CDSE in 2014 and has been regularly highlighted since the massive attacks on international organizations took place.

In short, the new goal for companies is to move from reactive to preventive mode in the face of increasing security risks. Because, on the one hand, companies are constantly changing, evolving, and reorganizing and, on the other hand, digitization is exploding, with more and more applications and data being needed for the growth of companies. Increasingly, we are seeing businesses taking over information systems by directly subscribing to new services without going through their ISD and sometimes even without informing them.

New practices such as BYOD (Bring Your Own Device) are also on the rise, giving access to the company’s assets via terminals that the ISD may not always be aware of.

How can we maintain control through cyber resilience?

 

In this context a holistic and transversal approach in the company is necessary, involving “the individuals, processes, and technologies” as specified by the CDSE. This is what cyber resilience advocates, and that’s what’s new. Companies are reorganizing themselves to master this new concept via a risk-based approach. Cyber security topics, once confined to the chief information security officer alone, are, along with the concept of cyber resilience, in the process of becoming the concern of other teams in the company, including risk management functions.

 

How to put cyber resilience into practice within companies?

 

For the CDSE, the implementation of this concept within companies requires the establishment of several essential pillars, which are also described in the NIS Directive: identifying, protecting, detecting, responding to the incident, and recovering systems to ensure continuity of service. While systems and processes are often already in place on the last four pillars, the first “identifying” is a real challenge for companies.

In fact, it requires a better knowledge of the IS, mapping of all assets, identification of the most sensitive to better protect them, and management of the risks. On this first point, the new GDPR regulation, with its processing register and the obligation to carry out data protection impact assessments (PIAs), enables companies to get a foothold.

 

Access to corporate assets: an axis of analysis that should not be overlooked

 

Next, still within the “identifying” pillar, one axis should not be neglected: access to the IS. Indeed, the establishment of identity and access governance is essential, in order to identify which people as well as which systems can access these assets, and to verify the legitimacy of such access. These controls must be carried out on an ongoing basis to take account of the movements of the company and of people, as well as changes in the IS. Brainwave GRC also allows the implementation of this governance by mapping access to your critical assets within a few weeks and thus switching to pro-active access analysis.

On the other hand, the automation of the review processes, involving the different teams within the company in a transversal manner, is an important facilitator. By implementing it within your organization, you get validation by managers of the access of persons for whom they are responsible, for example, or validation of access to accounts with privileges by the managers of applications etc… and you can thus detect anomalies upstream with the help of teams, before they are exploited by malicious individuals. To be truly effective, such reviews must be scheduled frequently (once a quarter, or even monthly, depending on the context). They also need to take up as little time as possible in order to gain the support of teams, hence the need to be equipped to optimize and automate them.

 

This also allows you to respond more efficiently and easily to auditors and thus to comply with the numerous standards and regulations in force (ISO27001, GDPR, SOC etc.).

Next-Gen Identity Analytics and Access Governance Approach, webinar with KuppingerCole

Next-Gen Identity Analytics and Access Governance Approach, webinar with KuppingerCole

How to Balance Compliance Requirements With Business Value for Your IGA Deployments

Identity Governance and Administration (IGA) is undoubtedly one of the most valued but complex and lengthy technology implementations. While IAM leaders are still trying to figure out the complexities of IGA, the massive cloud uptake with the advent of machine learning accelerates identity analytics and access governance for creation of Next-Gen IGA solutions. Machine Learning inspired IGA offers significant improvements to enhance identity analytics and access governance processes to enable IAM leaders support the business better by helping them make more informed décisions. I register now

As Identity Governance and Administration (IGA) becomes a crucial part of every organization’s security portfolio, it is necessary to learn from past mistakes and build a business-centric IGA rather than technology-centric IGA to bridge the ever-increasing disconnect between business and IT security functions due to traditional IGA practices. IAM leaders must avoid shifting of IGA priorities from operational efficiency, better UX and risk management to just auditing and compliance. It is important that security leaders with a focus on IAM are able to demonstrate success early-on with initial IGA deployment phases to build necessary consensus among the business community and gather required support for on-going IGA activities. Identity Analytics and Access Governance have turned out to be effective instruments in helping IAM leaders achieve these objectives.

The paradigm shift to business-oriented IGA brings about several challenges, including:

  • Being able to address the compliance needs such as periodic access certifications for access to data, resources, privileged operations, applications and other IT assets
  • Building and automating access governance controls around new business initiatives
  • Enforcing a user centric approach by educating and allowing better control of processes to stakeholders
  • Being able to extend access governance and identity analytics to cloud-based systems (SaaS, IaaS etc.)

In the first part of the webinar, Anmol Singh, Lead Analyst at KuppingerCole Analysts AG, will discuss the challenges of conventional IGA and what is important for IAM leaders to know about IGA transformation. He will then provide inputs on how organizations need to align their processes to support the transition to Next-Gen IGA.

In the second part of the webinar, Sebastien Faivre, co-founder and CTO of the Brainwave company, will present Brainwave´s vision of the position of Identity Analytics and Governance to IAM presenting their approach to solve governance needs. To support his vision, he will illustrate this webinar with a short demonstration of the solution: Identity Analytics functions and Access Certification of 2000 entries within 3 minutes. He will demonstrate how it is possible to solve governance needs within 3 months with a dedicated IGA approach.

WEBINAR “NEXT-GEN IDENTITY ANALYTICS AND ACCESS GOVERNANCE APPROACH”
Thursday, May 9, 2019 – 3.00 pm (GMT) or 10.00 am (EST) or 4.00 pm (CET)

I REGISTER

BRAINWAVE AT THE EIC CONFERENCE IN MAY

BRAINWAVE AT THE EIC CONFERENCE IN MAY

The annual EIC will take place on May 14-17, 2019 

« The European Identity and Cloud Conference offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. In other words, more than 800 thought leaders, leading vendors, analysts and end-users get together to be inspired by a list of world-class speakers.

EIC 2019 provides you with a comprehensive overview of future trends in Internet security as well as practical information about current projects.

Every year the agenda focuses on the latest and most relevant Information Security and Digital Identity topics to offer the foundation to design the right digital identity and security strategies. Hear about emerging trends in order to be prepared to meet and exceed present and future business, identity and security challenges »

You will attend the event this year,  why don’t you meet Brainwave GRC?
When and where?

  • At booth 4C2: the Brainwave GRC’s expert team will be present during the 2,5 days of exhibition (May 14-16)
    More infos: http://bit.ly/2XfPtTq
  •  In the Expo Area: Wintergarten at the expert stage with a speaking slot “Access Certification Campaigns that work”, on Thursday, May 16 th , 2.50 p.m to 3.10 p.m.
    More infos: http://bit.ly/2IzgbSN

Prior to the EIC, Brainwave will host a webinar in cooperation with KuppingerCole:

« Next-Gen Identity Analytics and Access Governance Approach »  SIGN-UP
Thursday 9th May at 3.00 pm (GMT) or 10.00 am (EST) or 4.00 pm (CET)


To sum up, if you are interested to know more about our solutions, b
ook a meeting now. Then, we will arrange you an appointment at your convenience.

Access and timings
EIC 2019
Andreas-Danzer-Weg 1
85716 Unterschleißheim
Munich, Germany

Contact
Brainwave GRC  | [email protected] I phone. : + 33 1 84 19 04 10

Presentation of Brainwave GRC’s results for year 2018 and recruitment announcement of 10 people in 2019

Presentation of Brainwave GRC’s results for year 2018 and recruitment announcement of 10 people in 2019

PRESS RELEASE

 

Asnières-Sur-Seine, France, January 2019 – Brainwave GRC’s growth rate continued to improve in 2018 in Western Europe and in North America. The annual revenue increased by 64% compared to previous year, and the international part is now established at 40% of the global company’s revenue.

This growth has been sustained by two new commercial offers « Brainwave Analytics as You Go » (BAAYGO) and « Booster for AD ».  

BAAYGO is an offer of managed service, it relieves security team from repetitive tasks such as periodic controls on accounts, access rights to infrastructures, applications and data. Thanks to this managed service, ready to use analysis and reports are consolidated and provided on a monthly basis for the decision makers. This offer, available as a subscription, doesn’t require software installation and is provided very rapidly, in a couple of days only.

Booster for AD facilitates the analysis and continuous follow-up of Active Directory. The solution is offering more than 200 reports and analysis related to Active Directory: personal accounts, privileged accounts, groups, local administration rights, keywords policies, acts of administration follow-up… This turnkey solution is available in addition to the Brainwave Identity Analytics offer.

New innovative features have been implemented in 2018, especially the « mashup dashboards », the « role mining » and the new « reviews campaign manager » features, the SOD  (segregation of duties) capabilities on PeopleSoft and Oracle EBS systems.

The outlook for economic growth looks very good for 2019. Consequently, Brainwave’s forecasts for 2019 are to recruit 10 collaborators in Professional Services, R&D and Marketing departments, both in Paris area headquarter and North-American subsidiary in Montreal.

 

Sébastien FAIVRE, CTO of Brainwave GRC:

 

« We are living intense moments, digital transformation is changing drastically the cybersecurity’s landscape and profession: infrastructures decompartmentalized, cloud infrastructures managed by third parties, multicanal user’s access, devops applications and micro-services, exploding volume of processed data, …

This includes for the CISO to become agile and to support these challenges: reinforcement of its relations with the legal department in order to manage the cloud provider’s contractual clauses, risk analysis methods deployment in the dedicated departments to help them measuring impacts of their decisions, …

Finally, the only constant in this new landscape is the “identity” because whatever the means and techniques, managing people and their access rights to the different systems, applications, and data remains companies’ responsibility.

The main goal of solutions such as Brainwave is to help CISO to enlighten Identity’s access as a real “lighthouse” in the mids of this digital storm, to make it possible to stay on course while reconciling security and change management towards the “all digital”.

About Brainwave GRC:

Founded in 2010 by three experts in Identity and Access Management, Brainwave GRC helps organizations protect their sensitive assets and fight against fraud and cyber risks, prevent data leaks and help you remain compliant. The company designs, develops and sells innovating software solutions in the field of Identity Governance and Audit. Brainwave’s flagship product is “Brainwave Identity GRC”. Identity GRC provides a turnkey solution for the audit and compliance control of user entitlements in the Information System: accounts, roles, fine-grained access rights…

Identity GRC has been specifically designed for business sectors which are subject to advanced compliance requirements, such as banking, insurance, health care and other sensitive industries. With Brainwave Identity GRC, our customers are able to fully automate the recovery and consolidation of user access rights on various heterogeneous IT systems in order to provide a comprehensive entitlement map. A control plan can then be configured in order to automatically produce reports and analyses that are suitable for internal and external auditors and take remediation actions.

Typical applications are: tracking accounts to disable (data cleanup), monitoring privileged access, controlling Segregation of Duties on ERPs, preparing account reviews, consolidating roles, monitoring the performance of identity management processes and systems.

Brainwave GRC has over 65 customers worldwide, has more than 3 million analyzed identities, 1 billion controlled access rights, and 1000 reviews executed monthly.

For more details: www.brainwavegrc.com

Contact – Sébastien Faivre
[email protected]
Mobile : +33 6 01 81 92 60
Tél. : +33 1 84 19 04 10

                                 

                                 

                                                             
                                  

What Identity Analytics really is and why you need it

What Identity Analytics really is and why you need it

IT security’s advent: the “identity” concept as key factor

Digital transformation has changed and is changing more and more business processes, job positions as well as many companies’ core activities. In consequence, it has implied a change in the way we mitigate risks.

Risk mitigation has existed long before digital transformation but it mainly relied before on manual processes, spreading risk management across departments – thus relying on silos – and on analyses over samplings. But this risk management is no longer possible with today’s world digital transformation, which often goes too fast for companies to properly adapt to new risks, especially IT risks. They most often have no visibility on what is key: their users’ access rights to their information system, user behaviors as well as existing security breaches. 

Financial costs of IT security risks, whether it be data thefts or internal frauds, are continuously rising. According to a 2016 Ponemon Institute study, data leakage costs have risen 30% between 2013 and 2016 in the 12 countries of this survey. Companies are paying at a high cost the rise of cyber risks but what about their investments to prevent these threats and mitigate these risks? 

Organizations need to ensure efficient and continuous risk mitigation and detection. They need to know the risks threatening them, including the humpan error risk which is constantly underestimated even though it was the source of 1 out of 4 data breaches in 2016 (2016 Ponemon study).

Companies are becoming more conscious of cyber risks and the need to reduce them through the IT vector but many doubt their capacity to really identify who accessed their sensitive data and applications. Indeed, the main stakes are here: knowing who has access to wgat and who accessed what in your information system. This is about cyber resilience: ensuring both cyber security along with productivity and innovation for companies.

Becoming cyber resilient means focusing on identites, that is individuals. It is both through individuals that secured digital transformation projects can unfold and that the cyber attacks happen. Risk analysis, detection and mitigation need to be built around this identity concept and that is what Identity Analytics is all about.

 

The rise of Identity Analytics

Digital opportunities should not make you forget that significant risks are generally atatched to them. Let’s take the classic icerberg methaphor. The emerged part of it represents known and visible digital and cyber risks today: ransomwares, virus, etc. But these risks aren’t the most important or threatening. The risks underwater, invisible for most of us, are the most threatening and frequent ones for organizations. You need to target these first and foremost.

With Identity Analytics you are able to answer the question “what resources can these users access, how and how are they using these access rights?” and this is what matters to ensure a secured business environment. It is about conducting in-depth analytics within a contextualized environment, with HR and technical data reconciled. Audit and internal control tasks as well as proper analyses, access reviews and clear reporting processes are at last possible in one unique platform centered on the identity concept.

 

Regarding digital transformation and cyber security, the notion of identity crystallizes opportunites, threats and solutions all in one. It is the key concept companies need to understand fully and implement. 

With Identity Analytics, companies can more easily mobilize their resources and think in a transversal way, beyond silos, to achieve both business development and efficient risk management. All actors, internal actors and third parties, need to engage in this process. This collaboration and communication between actors is all the more important as cyber incidents are hard to detect and it takes several months, almost a year, as an average for companies to detect a breach or suspicious activities. Organizations need to pay attention to unusual user behaviors for example but most of them do not have the maturity and the resources to do so.

Identity Analytics has developped over the last 10 years and is continuing its rise as companies realize worldwide that traditional cyber security methods and tools are no longer adapted and can even become harmful by exposing them to risks they cannot detect and prevent.

Identity Analytics is still misunderstood or rather unknown but this is changing. Meanwhile, significant cyber security actors have tried to hijack the Identity Analytics term and use it for other meanings and cyber security specific features such as SIEM for example. Identity Analytics isn’t about real time detection but about enabling you to better analyze risks, prevent threats and ensure compliance by focusing on your key asset and threat: indentities.

 

With Brainwave GRC, its Identity Analytics solution includes advanced in-depth analytics, machine-learning and workflows to reduce access-related risks and ensure continuous compliance for all organizations.