Sécurité Cloud #Silicon Innovation Award

Sécurité Cloud #Silicon Innovation Award

Lauréat d’argent dans la catégorie Sécurité Cloud. A l’occasion de la soirée de remise des trophées des Silicon Innovation Awards, mercredi 03 juillet 2019, Brainwave GRC a reçu pour la deuxième année consécutive, un lauréat dans la catégorie « Sécurité Cloud ». L’événement, présidé par 20 décideurs du monde de l’IT et de l’Innovation, membres du Jury, célèbrent les solutions technologiques et applications qui portent en elles les clés de l’évolution et de la transformation des entreprises et organisations. Les lauréats dans la catégorie sécurité cloud sont : Onelogin, Brainwave GRC et Cyberark. La liste des nominés est disponible sous ce lien http://bit.ly/2QHPHmu.

En juillet 2018, Brainwave GRC avait remporté le prix de la meilleure solution de sécurité des nouveaux environnements (sécurité cloud, IOT) dans la catégorie « Sécurité Numérique ».

Brainwave GRC confirme par la répétition de ces différentes nominations, son positionnement d’éditeur européen de solutions « Identity Analytics » de premier plan focalisé sur la protection des entreprises vis-à-vis des cyber-risques tels que la fraude, les fuites de données sensibles ou les attaques externes.


Silicon sécurité cloud 


A propos de Brainwave GRC :
Créée en 2010 Brainwave GRC s’adresse aux entreprises souhaitant maîtriser leurs risques de sécurité et répondre de manière exhaustive, simple et rapide à leurs exigences de conformité réglementaire croissantes liées • aux droits d’accès, • à la gestion des habilitations, • à la séparation des tâches, • et à la protection des données personnelles et des applications sensibles. Aujourd’hui, Brainwave en chiffres c’est : plus de 60 clients à travers le monde, plus de 3 millions d’identités analysées, plus d’1 milliard de droits d’accès controlés, plus de 1000 revues réalisées chaque mois.

A propos de NetMediaGRoup :

NetMediaGroup est un groupe media BtoB de référence des technologies de l’information, dédié aux décisionnaires et professionnels de l’IT dans 4 pays européens (Allemagne, Espagne, France, Italie). Il est éditeur de Silicon.fr, ITEspresso.fr et organisateur d’événements B2B majeurs.

Contact :

Brainwave GRC I [email protected] I 33 1 84 19 04 10 I www.brainwavegrc.com/fr/
Pascal GAYAT I [email protected] I 33 6 74 28 08 91 I www.siliconinnovationawards.com

5 reasons why access-related security is key to hybrid ERP transformation

5 reasons why access-related security is key to hybrid ERP transformation

Hybrid ERP: the postmodern transformation for ERPs

Postmodern ERPs are the new form of ERP systems, no longer coming only from single-instance megasuites such as SAP or Oracle. ERPs are now hybrid – mega-suite on-premise but also partly in the cloud – or even fully outsourced.

Analysts have been paying attention for several years now to this rising phenomenon but this is it. Hybrid ERPs are not a hype but becoming the norm, year after year. Indeed, according to a Gartner study, within 3 years less than 1 out of 5 multinational companies will still be having a single-instance megasuite ERP system.

ERP transformation projects are launched for various business needs, from adopting a new marketing or HR cloud-based management solution, a new Saas CRM such as Salesforce or conducting a major ERP renovation after years with costly megasuites.


Paying attention to security risks to ensure success and business goals

The enthusiasm coming with such projects and the business stakes shouldn’t make you forget the security risks will probably rise with your company’s transformation projects. With ERPs going to the cloud and, in most cases, spread between on-premise applications and cloud-based ones, new risks appear and more actors are involved.

Here are 5 reasons why you need to put access-related security at the top of your priorities for your hybrid ERP:

  1. Greater lack of visibility over applications and business processes
  2. Higher risk of frauds and human errors with more actors involved, including numerous third parties
  3. Greater risk of data quality and management issues with mutliple data sources and formats
  4. Less control over HR movements, access rights management and the activity of users regarding these access rights
  5. Harder to ensure audits and controls over access rights and user activity at a satisfying frequency (larger and more diversified perimeter)


The solution? A proper access-rights security policy, collaboration and Identity Analytics & Intelligence

With hybrid ERPs now becoming the dominant ERP model, the security stakes are high and need to be taken in charge properly. Defining a relevant and realistic security policy is only one of the steps that will ensure success for your transformation projects. The other steps? Enabling and encouraging collaboration between IT and business units in order to reduce the risks related to data collection, transmission and processing but also to conduct efficient and easy access certifications as well as regular controls.

What are often under-estimated risks ? Access-related risks in Active Directory, SoD or even your CRM. With the proper tool you need to ensure a 360° visibility over access rights and how people use them in your company, including contractors and interns. The risks can go from a high number of dormant accounts and ex-employees with access-rights still active in some applications to SoD risks with users able to operate incompatible actions over the Purchase-to-Pay business process.

The need for a cross-applications and business process view for risk analysis and remediation but also controls and access reviews is stronger than ever with a hybrid ERP. Are you ready?


Operations’ autonomy and cloudification: what about risk management?

Operations’ autonomy and cloudification: what about risk management?

Decentralization and cloudification


Why do IBM mainframes always make us think about prehistory and dinosaurs? Or is it only about different sociological or “ideological” perspectives?


Today’s employee: services consumer and focused on business goals

Today is about hopping between TV channels, online services, and political parties. Consumers are now the decision makers and they wish to have as many choices as possible offered to them. Competition has become very hard and aggressive, consumers are now able to buy in a single day from a small local grocery store and order a product from a Chinese website. Today’s world has become (breaking news…) a giant supermarket.

Within companies, employees claim more autonomy. Business is THE priority. In fact, both employee and consumer are just one – same – individual: they are services consumers, autonomous and innovative, focused on reaching their business goals.

But what is the point with dinosaurs and IBM mainframes? Of course, in this story mainframe is only a symbol of centralized, authoritarian, slow and lost in paper work IT system and organization.

The divorce between “legacy IT” and Operations

Chances are that “Legacy IT” are not operations and business-oriented employees’ best partner nowadays.

Indeed, asking the IT department to modify software to adapt to a new sales offer or for the implementation of a new Marketing application often implies long and painful processes. To launch such projects, all the steps need to be explicitly planned for IT, from initial requirements to operational acceptance testing. On operations’ side, such projects drain money and time, often wasted when you realize the initial need has evolved!

IT departments are becoming more and more isolated. Decentralization in favor of business units is happening…

Not all speed and agility leads to efficiency. Consumerization can lead to waste as departments choose competing applications for the same task that can’t talk to each other. Operations often sign contracts for services they forget to terminate.

From centralized IT to excessive decentralization

In this new fast, agile, decentralized environment security can be catastrophic, precisely because of how many things are decentralized. Autonomy often rhymes with chaos. The last defense against data leakage is operations’ close attention to confidentiality and security requirements regarding the information they handle. Something that can get lost with a relentless focus on speed of execution.


A centralized risk management is necessary, along operations’ autonomy

Business units cannot do without security and IT risk management. But they can’t take different approaches to regulatory compliance or reporting. Firms need a way to provide central control alongside a flexible environment and decentralized decisions.

Risk management needs to map resources and services that touch the company’s vital processes. To fully understand the impact of leaks, one needs to know what and where data is. You need a 360° degree view of your resources, access rights, and users’ behavior. Dinosaurs can still be useful… but eagles rather than brontosauruses

You need a tool capable of collecting all the information and to include it in continuous control and monitoring.