EIC 2019 – BRAINWAVE GRC WILL BE PRESENT AT THE EUROPEAN IDENTITY CLOUD CONFERENCE IN MAY

EIC 2019 – BRAINWAVE GRC WILL BE PRESENT AT THE EUROPEAN IDENTITY CLOUD CONFERENCE IN MAY

The annual EIC by KuppingerCole will take place on May 14-17, 2019 this year.

« The European Identity and Cloud Conference offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future- oriented community. More than 800 thought leaders, leading vendors, analysts, visionaries, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.
With five parallel tracks, more than 200 international speakers and experts, many Best Practice presentations and 120 hours of relevant content, EIC 2019 provides you with a comprehensive overview of future trends in Internet security as well as practical information about current projects. Every year the agenda focuses on the latest and most relevant Information Security and Digital Identity topics to offer you the foundation to design the right digital identity and security strategies for your business. Hear about emerging trends in order to be prepared to meet and exceed present and future business, identity and security challenges »

You will attend the event this year,  why don’t you meet Brainwave GRC?

When and where?

  • At booth 4C2: the Brainwave GRC’s expert team will be present during the 2,5 days of exhibition (May 14-16)
    More infos: http://bit.ly/2XfPtTq
  •  In the Expo Area: Wintergarten at the expert stage with a speaking slot “Access Certification Campaigns that works”, on Thursday, May 16 th , 2.50 p.m to 3.10 p.m.
    More infos: http://bit.ly/2IzgbSN

Prior to the EIC, Brainwave will host a webinar in cooperation with KuppingerCole:

« Next-Gen Identity Analytics and Access Governance Approach »
Thursday 9th May at 3.00 pm (GMT) or 10.00 am (EST) or 4.00 pm (CET)

Sign-up for registration

If you are interested to know more about our solutions, book your meeting now!  We will arrange you an appointment at your convenience.

Access and timings
EIC 2019
Andreas-Danzer-Weg 1
85716 Unterschleißheim
Munich, Germany

Contact
Brainwave GRC  | [email protected] I phone. : + 33 1 84 19 04 10

 

Meet Brainwave GRC at Gartner IAM Summit 2019, 7-8 March in London,UK

The annual’s UK Gartner Summit dedicated to IDENTITY
& ACCESS MANAGEMENT  leaders will take place 7-8 march 

Today’s IAM leaders are positioned to help the business thrive in the evolving digital landscape. Tracks are tailored to the priorities of the IAM leaders” of the Gartner IAM Summit 2019 ”.

 1- IAM Strategy and Program Management : to get the information you need to align your IAM strategy with corporate goals, build an IAM roadmap with attainable milestones, organize project resources and measure project success. To learn how to avoid common pitfalls through best practices and lessons learned from successful and not-so-successful IAM programs.

2- Identity Governance and Administration : to learn practical Identity governance and administration to reduce operational overhead, streamline operations, minimize risk and comply with regulations. To explore next-gen identity architecture and technologies.

3- Trust, Authentication and Fraud Prevention : to explore continuous adaptive risk and trust models. To learn how analytics, biometrics and other advanced authentication methods help provide frictionless access, improve security and prevent fraud.

4- Access Management and Authorisation : security, risk, privacy and IAM must be aligned. There are process, organizational, functional and technology overlaps that should be considered so that you can maximize your investments and have a robust, multifaceted approach to IAM.

Attending Gartner IAM Summit 2019 can help you take a strategic approach to risk, improve business and data resilience, build digital trust and implement a new generation of continuously adaptive security strategies.

Meet Brainwave GRC during the gartner IAM summit 2019

 You will attend the event this year! Why don’t you  meet Brainwave GRC on this occasion?

As a global leader in Identity Analytics, Brainwave is present at the major cybersecurity worldwide events with partners or represented by these experts on site.

Our company helps organizations to protect their sensitive assets and fight against fraud and cyber risks, prevent data leaks, help you be compliant. Brainwave’s solutions are dedicated to access rights governance to data, applications and infrastructure.” Brainwave GRC has over 60 customers worldwide and it represents more than 3 millions analysed identities, more than 1 billion of controlled access rights, and more than 1.000 reviews realized each month.

You are interested to know more about our solutions or to discuss with one of our experts? 

Get in touch with us nowWe will arrange you an appointment at your convenience.

 

  BOOK A MEETING

 

Presentation of Brainwave GRC’s results for year 2018 and recruitment announcement of 10 people in 2019

PRESS RELEASE

 

Asnières-Sur-Seine, France, January 2019 – Brainwave GRC’s growth rate continued to improve in 2018 in Western Europe and in North America. The annual revenue increased by 64% compared to previous year, and the international part is now established at 40% of the global company’s revenue.

This growth has been sustained by two new commercial offers « Brainwave Analytics as You Go » (BAAYGO) and « Booster for AD ».  

BAAYGO is an offer of managed service, it relieves security team from repetitive tasks such as periodic controls on accounts, access rights to infrastructures, applications and data. Thanks to this managed service, ready to use analysis and reports are consolidated and provided on a monthly basis for the decision makers. This offer, available as a subscription, doesn’t require software installation and is provided very rapidly, in a couple of days only.

Booster for AD facilitates the analysis and continuous follow-up of Active Directory. The solution is offering more than 200 reports and analysis related to Active Directory: personal accounts, privileged accounts, groups, local administration rights, keywords policies, acts of administration follow-up… This turnkey solution is available in addition to the Brainwave Identity Analytics offer.

New innovative features have been implemented in 2018, especially the « mashup dashboards », the « role mining » and the new « reviews campaign manager » features, the SOD  (segregation of duties) capabilities on PeopleSoft and Oracle EBS systems.

The outlook for economic growth looks very good for 2019. Consequently, Brainwave’s forecasts for 2019 are to recruit 10 collaborators in Professional Services, R&D and Marketing departments, both in Paris area headquarter and North-American subsidiary in Montreal.

 

Sébastien FAIVRE, CTO of Brainwave GRC:

 

« We are living intense moments, digital transformation is changing drastically the cybersecurity’s landscape and profession: infrastructures decompartmentalized, cloud infrastructures managed by third parties, multicanal user’s access, devops applications and micro-services, exploding volume of processed data, …

This includes for the CISO to become agile and to support these challenges: reinforcement of its relations with the legal department in order to manage the cloud provider’s contractual clauses, risk analysis methods deployment in the dedicated departments to help them measuring impacts of their decisions, …

Finally, the only constant in this new landscape is the “identity” because whatever the means and techniques, managing people and their access rights to the different systems, applications, and data remains companies’ responsibility.

The main goal of solutions such as Brainwave is to help CISO to enlighten Identity’s access as a real “lighthouse” in the mids of this digital storm, to make it possible to stay on course while reconciling security and change management towards the “all digital”.

About Brainwave GRC:

Founded in 2010 by three experts in Identity and Access Management, Brainwave GRC helps organizations protect their sensitive assets and fight against fraud and cyber risks, prevent data leaks and help you remain compliant. The company designs, develops and sells innovating software solutions in the field of Identity Governance and Audit. Brainwave’s flagship product is “Brainwave Identity GRC”. Identity GRC provides a turnkey solution for the audit and compliance control of user entitlements in the Information System: accounts, roles, fine-grained access rights…

Identity GRC has been specifically designed for business sectors which are subject to advanced compliance requirements, such as banking, insurance, health care and other sensitive industries. With Brainwave Identity GRC, our customers are able to fully automate the recovery and consolidation of user access rights on various heterogeneous IT systems in order to provide a comprehensive entitlement map. A control plan can then be configured in order to automatically produce reports and analyses that are suitable for internal and external auditors and take remediation actions.

Typical applications are: tracking accounts to disable (data cleanup), monitoring privileged access, controlling Segregation of Duties on ERPs, preparing account reviews, consolidating roles, monitoring the performance of identity management processes and systems.

Brainwave GRC has over 65 customers worldwide, has more than 3 million analyzed identities, 1 billion controlled access rights, and 1000 reviews executed monthly.

For more details: www.brainwavegrc.com

Contact – Sébastien Faivre
[email protected]
Mobile : +33 6 01 81 92 60
Tél. : +33 1 84 19 04 10

                                 

                                 

                                                             
                                  

Cybersecurity International Forum 2019 Lille 22nd & 23rd January

#FIC2019 : the key european event dedicated to the security and digital players

 

“The forum is a platform aiming at promoting a pan-european vision of cybersecurity as well as to strengthen the fight against cybercrime. In order to do so, the FIC relies on : – The trade show, to share knowledge and ideas, maintain contacts and find new services; – The forum, to discuss and debate with experts, to gather ideas and to share professional lessons; – The Observatory, to continue exchanging views and information after the FIC, to explore topics in greater depth and like minded throughout the year.“(1)

The event will hosted more than 8.500 attendees including 1.300 foreign visitors and 80 represented countries.

 

Security and privacy “By design” is the FIC 2019’s topic

 

The security and protection of personal data will the main topic of the new edition. A real business requirement, a new legal imperative with the RGPD, “by design” raises many challenges (psychological, human, technical, financial).

All these aspects will be explored during the event thanks to the numerous workshops and conferences and the exchanges opportunities with the partners offering security advanced tools and technologies.


On this occasion, the experts of the Brainwave GRC « Identity Analytics » solution invite you for a meeting to discuss on the Hexatrust area.

Founded in 2010, the innovative Identity Analytics software vendor is dedicated to helping companies fight fraud, data breaches and cyber attacks. Brainwave GRC has over 60 customers worldwide and it represents more than 3 millions analysed identities, more than 1 billion of controlled access rights, and more than 1.000 reviews realised each month.

Book your meeting now and get more details about the Brainwave GRC’s solutions : [email protected]

 

Access and timings
Lille Grand Palais
1 boulevard des Cités Unies
59 777 Lille – Euralille

  • tuesday 22nd January : 9.00 am – 7.00 pm
  • wednesday 23rd January : 9.00 am – 6.00 pm

Contact
Brainwave GRC  | [email protected] I phone. : + 33 1 84 19 04 10

(1)  www.forum-fic.com/en – What is the FIC?

What Identity Analytics really is and why you need it

What Identity Analytics really is and why you need it

IT security’s advent: the “identity” concept as key factor

Digital transformation has changed and is changing more and more business processes, job positions as well as many companies’ core activities. In consequence, it has implied a change in the way we mitigate risks.

Risk mitigation has existed long before digital transformation but it mainly relied before on manual processes, spreading risk management across departments – thus relying on silos – and on analyses over samplings. But this risk management is no longer possible with today’s world digital transformation, which often goes too fast for companies to properly adapt to new risks, especially IT risks. They most often have no visibility on what is key: their users’ access rights to their information system, user behaviors as well as existing security breaches. 

Financial costs of IT security risks, whether it be data thefts or internal frauds, are continuously rising. According to a 2016 Ponemon Institute study, data leakage costs have risen 30% between 2013 and 2016 in the 12 countries of this survey. Companies are paying at a high cost the rise of cyber risks but what about their investments to prevent these threats and mitigate these risks? 

Organizations need to ensure efficient and continuous risk mitigation and detection. They need to know the risks threatening them, including the humpan error risk which is constantly underestimated even though it was the source of 1 out of 4 data breaches in 2016 (2016 Ponemon study).

Companies are becoming more conscious of cyber risks and the need to reduce them through the IT vector but many doubt their capacity to really identify who accessed their sensitive data and applications. Indeed, the main stakes are here: knowing who has access to wgat and who accessed what in your information system. This is about cyber resilience: ensuring both cyber security along with productivity and innovation for companies.

Becoming cyber resilient means focusing on identites, that is individuals. It is both through individuals that secured digital transformation projects can unfold and that the cyber attacks happen. Risk analysis, detection and mitigation need to be built around this identity concept and that is what Identity Analytics is all about.

 

The rise of Identity Analytics

Digital opportunities should not make you forget that significant risks are generally atatched to them. Let’s take the classic icerberg methaphor. The emerged part of it represents known and visible digital and cyber risks today: ransomwares, virus, etc. But these risks aren’t the most important or threatening. The risks underwater, invisible for most of us, are the most threatening and frequent ones for organizations. You need to target these first and foremost.

With Identity Analytics you are able to answer the question “what resources can these users access, how and how are they using these access rights?” and this is what matters to ensure a secured business environment. It is about conducting in-depth analytics within a contextualized environment, with HR and technical data reconciled. Audit and internal control tasks as well as proper analyses, access reviews and clear reporting processes are at last possible in one unique platform centered on the identity concept.

 

Regarding digital transformation and cyber security, the notion of identity crystallizes opportunites, threats and solutions all in one. It is the key concept companies need to understand fully and implement. 

With Identity Analytics, companies can more easily mobilize their resources and think in a transversal way, beyond silos, to achieve both business development and efficient risk management. All actors, internal actors and third parties, need to engage in this process. This collaboration and communication between actors is all the more important as cyber incidents are hard to detect and it takes several months, almost a year, as an average for companies to detect a breach or suspicious activities. Organizations need to pay attention to unusual user behaviors for example but most of them do not have the maturity and the resources to do so.

Identity Analytics has developped over the last 10 years and is continuing its rise as companies realize worldwide that traditional cyber security methods and tools are no longer adapted and can even become harmful by exposing them to risks they cannot detect and prevent.

Identity Analytics is still misunderstood or rather unknown but this is changing. Meanwhile, significant cyber security actors have tried to hijack the Identity Analytics term and use it for other meanings and cyber security specific features such as SIEM for example. Identity Analytics isn’t about real time detection but about enabling you to better analyze risks, prevent threats and ensure compliance by focusing on your key asset and threat: indentities.

 

With Brainwave GRC, its Identity Analytics solution includes advanced in-depth analytics, machine-learning and workflows to reduce access-related risks and ensure continuous compliance for all organizations. 

 

Is IAM outdated? Why you need to study alternatives

Is IAM outdated? Why you need to study alternatives

15 years of IAM: the end of an era?

IAM projects have blossomed since the early 2000’s and most large companies implemented one. Unfortunately, for most organizations, a significative gap appeared between what they hoped  to get from their IAM projects, the expected benefits, and what they got, or should we say what they didn’t get in most cases. Many aspects of these projects initally planned weren’t implemented or requested specific developments that haver prevented any evolution or upgrading since because of these in-house specifications.

Companies initially launched IAM projects to provide an efficient answer to their risk and compliance challenges through automation. But unfortunately, this resulted in focusing on operational efficiency and leaving out risk mitigation on the long run.

Today, IAM domination is coming to an end with business and security needs evolving at a high pace, much faster than the rate at which massive IT projects, such as IAM projects, can evolve. Desillusion, constraining IT architectures inherited from these projects, lack of defined goals and perimeters from the start, all of these are some of the main reasons why IAM systems alone aren’t enough anymore.

Organizations need something else – something more – today to, not only ensure proper access management, but also implement access governance, continuous compliance and reduce security risks which continue to increase every year.

Getting rid of silos and connecting access management to the rest of the information system is essential. Making things simple and ensuring that technical and business internal actors are working together as much as possible are some of the key recommandations to start fresh. Working with silos is no longer possible. Services and departments within a company are more and more connected. Organizations now belong to a full network and need to communicate across the board. Silos are no longer accepted while IAM projects have most often been built that way, based on silos.

That is why it so hard to make them evolve, and in many cases impossible, because they cannot be connected and have often included in house specifications that prevent their upgrading. In many cases, making your IAM solution evolve amounts to as much work as implementing a new one.

Thus, when discussing IAM strategies and projects, it appears as if nothing has changed over the last ten to fifteen years. With the surrounding environment evolving – new risks, new ways of consuming IT – there is a need to reassess the way companies leverage their IAM programs, in terms of services, technology and organization.

Understanding why IAM projects often fail

If we consider a traditional Identity and Access management approach, a strong focus is set on connectors, meaning access fulfillment and automation. Other IAM services that should be included and implemented are too often considered as a secondary concern and never really implemented.

Companies’ experiences with IAM projects have many similarities for most of them: very long projects, weak visibility regarding the software’s adequacy with business users’ needs, budget and deadlines beyond pushed way beyond limits set at the start. The delivery value is most often not what was expected. For most organizations, the project’s scope has shrunk and very little automation has been implemented.

Other very important aspect: access-related risks aren’t taken care of by IAM solutions but they represent significative security risks for any company, regarding external and internal threats. Indeed, with the rise of access-related security risks, both through external and internal threats, companies now do not have the choice and need to mitigate these risks with an efficient access governance.

Knowing your information system as a whole – its users, their job positions and access righs, their usages and behaviors – is now necessary and IAM solutions cannot take this in charge.

 

What you need to succeed

Changing IAM solution, trying to make yours evolve according to your business needs or studying alternatives, all of these options require you apply best practices to make sure you chose the proper one.

What you need to pay attention to : ensure proper user experience, make sure that the solution is able to evolve according to your business needs, ensure data quality and controls automation as key components, and maybe try and see why you do not need IAM provisoning that much to ensure proper access management.

In addition, here are 3 key factors for success :

  • a unique platform to process end users’ requests
  • technical tools relying on standards
  • transversal solutions for audit, reporting and control

 

These 3 key factors will enable you to brake silos and take in charge all necessary processes you need to ensure: information browsing, request input, validation workflows, provisioning and technical actions as well as reporting, audit and control.

This will enable you to operate transversal processes and brake 4 key silos: IT & logistics, IAM for application access, non structured data and, last, ERPs.

You may ask, is this really possible? Do cross system and cross application solutions already exist? Indeed, some organizations are currently studying and implementing alternatives to the traditional IAM approach and it is promising.

 

Studying alternatives: a new paradigm with Identity Analytics

There is adequate and proven technology on the market to support this approach and organizations can chose among several options, according to their business needs and environment.

Some companies are examining alternatives to the traditional IAM model such as replacing IAM by a meta repository. Nevertheless, what we should be paying attention to are the other components of these options. ITSM tools and Brainwave Identity GRC, as an Identity Analytics solution, are included in many alternatives, so of them which do not even include an IAM solution.

Usually, an IAM solution does not cover what is initially needed and access governance as well as access related risk mitigation are left out. With these alternatives, some companies are starting to see how to meet their evolving needs outside traditional IAM and costly projects.

Nevertheless, the point isn’t to conclude that IAM projects are all failures – which is far from being true – and that Identity Analytics coupled with ITSM is THE alternative. IAM and Identity Analytics are complementary and companies need to make them work together to attain both of their prime goals: operational efficiency and risk mitigation, on a continuous basis.