Operations’ autonomy and cloudification: what about risk management?

Operations’ autonomy and cloudification: what about risk management?

Decentralization and cloudification

 

Why do IBM mainframes always make us think about prehistory and dinosaurs? Or is it only about different sociological or “ideological” perspectives?

 

Today’s employee: services consumer and focused on business goals

Today is about hopping between TV channels, online services, and political parties. Consumers are now the decision makers and they wish to have as many choices as possible offered to them. Competition has become very hard and aggressive, consumers are now able to buy in a single day from a small local grocery store and order a product from a Chinese website. Today’s world has become (breaking news…) a giant supermarket.

Within companies, employees claim more autonomy. Business is THE priority. In fact, both employee and consumer are just one – same – individual: they are services consumers, autonomous and innovative, focused on reaching their business goals.

But what is the point with dinosaurs and IBM mainframes? Of course, in this story mainframe is only a symbol of centralized, authoritarian, slow and lost in paper work IT system and organization.

The divorce between “legacy IT” and Operations

Chances are that “Legacy IT” are not operations and business-oriented employees’ best partner nowadays.

Indeed, asking the IT department to modify software to adapt to a new sales offer or for the implementation of a new Marketing application often implies long and painful processes. To launch such projects, all the steps need to be explicitly planned for IT, from initial requirements to operational acceptance testing. On operations’ side, such projects drain money and time, often wasted when you realize the initial need has evolved!

IT departments are becoming more and more isolated. Decentralization in favor of business units is happening…

Not all speed and agility leads to efficiency. Consumerization can lead to waste as departments choose competing applications for the same task that can’t talk to each other. Operations often sign contracts for services they forget to terminate.

From centralized IT to excessive decentralization

In this new fast, agile, decentralized environment security can be catastrophic, precisely because of how many things are decentralized. Autonomy often rhymes with chaos. The last defense against data leakage is operations’ close attention to confidentiality and security requirements regarding the information they handle. Something that can get lost with a relentless focus on speed of execution.

 

A centralized risk management is necessary, along operations’ autonomy

Business units cannot do without security and IT risk management. But they can’t take different approaches to regulatory compliance or reporting. Firms need a way to provide central control alongside a flexible environment and decentralized decisions.

Risk management needs to map resources and services that touch the company’s vital processes. To fully understand the impact of leaks, one needs to know what and where data is. You need a 360° degree view of your resources, access rights, and users’ behavior. Dinosaurs can still be useful… but eagles rather than brontosauruses

You need a tool capable of collecting all the information and to include it in continuous control and monitoring. 

Automate data extraction and secure up-to-date security audit

Automate data extraction and secure up-to-date security audit

Automate processes from data extraction to security risks analysis and accounts/permissions review

Lots of data extractors are already available on the Brainwave GRC Marketplace, allowing you to automate your data extractions and save significant time and efforts! By doing so, you can easily increase the frequency of your audits and analyses throughout the year, be more proactive and efficient and mitigate your security risks.

 

Extract data easily using Brainwave GRC add-ons

Data extractors for systems such as FTP and SFTP add-ons allow you to extract data from distant servers. Also, all the extractors for the Miscrosoft suite are available on the Marketplace for download: SQL servers, Active Directory, Shared folders, Exchange and Sharepoint.

You will also find an LDAP add-on, allowing you to extract data from any directory.

Extracting data from cloud applications has never been so easy

You can also automate easily extraction from cloud applications using the JSON REST add-on for applications that publish data on the web using JSON/REST, but also OKTA add-on for cloud applications using OKTA technologies.

If you use Forgerock OpenIDM for your identity provisioning projects, download the related extractor add-on.

You will also fin specific data extractors available for cloud applications – in the Google Drive booster for example – to highlight security risks regarding Google drive data.

 

Automate authorization objects extraction, regardless of the system and application

By doing so, you are able to automate from end-to-end the generation of reports and dashboards, but also review campaigns’ execution, whatever the systems and applications are.

 

These extractors are already available on the Brainwave GRC marketplace and can be installed in just a few clicks.