BRAINWAVE GRC LAUNCHES ITS CLOUD SOLUTION FOR ACTIVE DIRECTORY

BRAINWAVE GRC LAUNCHES ITS CLOUD SOLUTION FOR ACTIVE DIRECTORY

Brainwave GRC, a software vendor specialized in Identity Analytics, launches “AD Booster Cloud edition” a SAAS version of its Brainwave Identity GRC software in order to help companies easily control their Active Directory’s content.

As many companies still use Active Directory it remains a central repository for many information systems as a door to a wide range of an organization’s data and applications. Whether companies face modernization challenges, opening to cloud services or organizational changes, Active Directory remains a key factor for any digital transformation project. Data are now stored in the cloud and on premise and your Active Directory is often the main entrance door.

Active Directory is often one of malevolent individuals’ favorite targets. An issue in Active Directory management creates important security weaknesses that can give way to data leaks spread by an internal source. These security risks also represent a dreamed-of entrance door for hackers, especially if they target privileged accounts.

Active Directory’s access rights model is complex and evolves on a daily basis, following the company’s use of it. In consequence, it is often very hard and complicated to continuously ensure a sufficient security level without a proper tool.

Brainwave GRC launches its cloud solution for Active Directory to provide an out of the box solution for Active Directory audit and security. With this SAAS solution you can view, contextualize and analyze security risks and data quality issues with all your Active Directory domains as well as edit dashboards and reports.

With this solution any company can continuously monitor its AD referentials’ evolution and identify any anomaly, in a preventive and reactive way. The solution provides 360° visibility over AD:

  • Accounts and groups inventory
  • Bringing together accounts and their owners by reconciliating AD data with HR information regarding individuals and organizations
  • Privileged accounts identification and documentation
  • Security groups analysis
  • Highlighting security issues related to accounts (excessive access rights, dormant or residual accounts, never-changing passwords, etc) and groups (almost public groups, cyclic groups,…)
  • Illustrating changes having happened between two dates
  • Password policy analysis
  • Identifying accounts with local admin access rights
  • Analyzing authorized privileges within Active Directory through ACLs (who can reinitiate passwords, who can modify group members, etc)

 

Brainwave GRC cloud solution for Active Directory is accessible through subscription, immediately operational and requires no connector for the solution to connect to your IT system.

With Digital transformation, it has become necessary to closely monitor Active Directory. Any configuration mistake can lead to heavy security consequences. For example, an account remaining active by mistake can still give access to cloud applications linked to an AD referential. 

CISOs have already understood this risk and operate security controls over this referential, but these controls are often hard and laborious to operate. In consequence, analyses are often limited and remain superficial by lack of means or time. 

With AD Booster Cloud edition, our goal is to help CISOs improve their operational efficiency. The solution enables them to focus on monitoring and analyzing results rather than fighting with data extracts. The pricing model, a subsription mode, and the SAAS approach provide an immediate return on investment and are adapted to any company size”. 

explains Sébastien Faivre, Brainwave GRC Director.

5 reasons why access-related security is key to hybrid ERP transformation

5 reasons why access-related security is key to hybrid ERP transformation

Hybrid ERP: the postmodern transformation for ERPs

Postmodern ERPs are the new form of ERP systems, no longer coming only from single-instance megasuites such as SAP or Oracle. ERPs are now hybrid – mega-suite on-premise but also partly in the cloud – or even fully outsourced.

Analysts have been paying attention for several years now to this rising phenomenon but this is it. Hybrid ERPs are not a hype but becoming the norm, year after year. Indeed, according to a Gartner study, within 3 years less than 1 out of 5 multinational companies will still be having a single-instance megasuite ERP system.

ERP transformation projects are launched for various business needs, from adopting a new marketing or HR cloud-based management solution, a new Saas CRM such as Salesforce or conducting a major ERP renovation after years with costly megasuites.

 

Paying attention to security risks to ensure success and business goals

The enthusiasm coming with such projects and the business stakes shouldn’t make you forget the security risks will probably rise with your company’s transformation projects. With ERPs going to the cloud and, in most cases, spread between on-premise applications and cloud-based ones, new risks appear and more actors are involved.

Here are 5 reasons why you need to put access-related security at the top of your priorities for your hybrid ERP:

  1. Greater lack of visibility over applications and business processes
  2. Higher risk of frauds and human errors with more actors involved, including numerous third parties
  3. Greater risk of data quality and management issues with mutliple data sources and formats
  4. Less control over HR movements, access rights management and the activity of users regarding these access rights
  5. Harder to ensure audits and controls over access rights and user activity at a satisfying frequency (larger and more diversified perimeter)

 

The solution? A proper access-rights security policy, collaboration and Identity Analytics & Intelligence

With hybrid ERPs now becoming the dominant ERP model, the security stakes are high and need to be taken in charge properly. Defining a relevant and realistic security policy is only one of the steps that will ensure success for your transformation projects. The other steps? Enabling and encouraging collaboration between IT and business units in order to reduce the risks related to data collection, transmission and processing but also to conduct efficient and easy access certifications as well as regular controls.

What are often under-estimated risks ? Access-related risks in Active Directory, SoD or even your CRM. With the proper tool you need to ensure a 360° visibility over access rights and how people use them in your company, including contractors and interns. The risks can go from a high number of dormant accounts and ex-employees with access-rights still active in some applications to SoD risks with users able to operate incompatible actions over the Purchase-to-Pay business process.

The need for a cross-applications and business process view for risk analysis and remediation but also controls and access reviews is stronger than ever with a hybrid ERP. Are you ready?

 

Operations’ autonomy and cloudification: what about risk management?

Operations’ autonomy and cloudification: what about risk management?

Decentralization and cloudification

 

Why do IBM mainframes always make us think about prehistory and dinosaurs? Or is it only about different sociological or “ideological” perspectives?

 

Today’s employee: services consumer and focused on business goals

Today is about hopping between TV channels, online services, and political parties. Consumers are now the decision makers and they wish to have as many choices as possible offered to them. Competition has become very hard and aggressive, consumers are now able to buy in a single day from a small local grocery store and order a product from a Chinese website. Today’s world has become (breaking news…) a giant supermarket.

Within companies, employees claim more autonomy. Business is THE priority. In fact, both employee and consumer are just one – same – individual: they are services consumers, autonomous and innovative, focused on reaching their business goals.

But what is the point with dinosaurs and IBM mainframes? Of course, in this story mainframe is only a symbol of centralized, authoritarian, slow and lost in paper work IT system and organization.

The divorce between “legacy IT” and Operations

Chances are that “Legacy IT” are not operations and business-oriented employees’ best partner nowadays.

Indeed, asking the IT department to modify software to adapt to a new sales offer or for the implementation of a new Marketing application often implies long and painful processes. To launch such projects, all the steps need to be explicitly planned for IT, from initial requirements to operational acceptance testing. On operations’ side, such projects drain money and time, often wasted when you realize the initial need has evolved!

IT departments are becoming more and more isolated. Decentralization in favor of business units is happening…

Not all speed and agility leads to efficiency. Consumerization can lead to waste as departments choose competing applications for the same task that can’t talk to each other. Operations often sign contracts for services they forget to terminate.

From centralized IT to excessive decentralization

In this new fast, agile, decentralized environment security can be catastrophic, precisely because of how many things are decentralized. Autonomy often rhymes with chaos. The last defense against data leakage is operations’ close attention to confidentiality and security requirements regarding the information they handle. Something that can get lost with a relentless focus on speed of execution.

 

A centralized risk management is necessary, along operations’ autonomy

Business units cannot do without security and IT risk management. But they can’t take different approaches to regulatory compliance or reporting. Firms need a way to provide central control alongside a flexible environment and decentralized decisions.

Risk management needs to map resources and services that touch the company’s vital processes. To fully understand the impact of leaks, one needs to know what and where data is. You need a 360° degree view of your resources, access rights, and users’ behavior. Dinosaurs can still be useful… but eagles rather than brontosauruses

You need a tool capable of collecting all the information and to include it in continuous control and monitoring.