User Behavior Analytics

Booster for Google Apps for Work

CLOUD APPLICATION SECURITY

BRAINWAVE BOOSTERS

The Brainwave’s Boosters for Identity GRC are comprehensive modules which allow to spread easily and economically Brainwave Identity GRC’s functional coverage.

Google Apps for Work

PROVIDE control, VISIBILITY and protection for your cloud applications

 

Secure your apps and data in the Cloud with Brainwave GRC

More and more organizations are adopting Cloud collaborative applications, not only to reduce costs but also to unlock agility and improve time to market and collaboration

The data shared and stored in the Cloud are often composed of very sensitive assets, it can involve intellectual property, customer data and even financial information.

User access to these data must be managed, controled, protected and audited to avoid that awkward, hostile users, or compromised by an attack can exfiltrate the most precious capital of the company. 

directeur financier

Your needs and our solutions

FEATURES

FROM MAPPING TO BROWSING

Brainwave for Google Apps for Work collects information from your HR information system and “Active Directory” to map the authorizations and access rights to your applications. Doing so the solution establishes a dynamic link between the status of a employee or contractor and its access rights.

If inconsistencies are detected the solution integrated workflow allows to automate communication between the IT organization and other line of business to follow-up on the exceptions up to their remediation.

The innovative and user friendly web portal allows a very intuitive browsing into the information. This makes non-IT users to easily use the solution without extensive training. Brainwave becomes the tool of choice for business as well as IT professionals.

Access rights Analysis

The analysis of user permissions helps to answer immediately to questions such as:

  • Who has access to what?
  • What are the access rights for Mr. Doe?

The results of the analysis is consolidated and makes all changes visible. This allows a ‘share’ to go in public access by mistake or some active accounts of employees who have left the company.

Brainwave knowing the link between users, data and applications, highlights exceptions or anomalies. You can then remedy any exception very easily in a proactive way.

  • Gain visibility onto whom access to what and who shares what
  • Limit the risks of fraud and data leaks by analyzing the suspicious or abnormal behaviors
  • Makes sure that the accounts are deactivated when employees or contractors leave the company.
  • Mitigate the risks when Drives go public
  • Check the legitimacy of the user access to Google Apps for Work including control of privileged users
  • Detect and maps sharing Google Drive to check legitimacy and coherency.
  • Reduced the total cost of ownership by auditing inactive, unused or orphan accounts.
CONTROL ALERTS AND INVESTIGATIONS

You can govern your data in the cloud, such as files that are stored in drives. Brainwave Identifies anomalies bound to use of the resources of the information system. Whether it is important or unusual movements of data, connections made from unusual places or surprising time of the day, every drift is analyzed and is pushed to you for investigation.

Whether it is for a one-off investigation or a recurrent audit, the solution offers the possibility to navigate through Identity data over time in a simple and user-friendly way, and emphasize any anomaly or suspect activity. Brainwave Identity GRC controls data in the cloud and help you comply with yours regulatory mandates.

BENEFITS

Automated continuous control on Google accounts and Drives

To help you to check the application of your company security policies, Brainwave automates access rights continuous control to the Google accounts and Drives audited. Brainwave for Google Apps for Work creates a collaborative environment for the IT and the internal audit teams to collaborate effectively, in order to improve IT security and compliance.

The access rights review is among the most complex to manage because it requires to aggregate a gigantic volume of data. Brainwave proposes to automate the entire user access review process, for a more consistent and seamless access reviews and recertification.

The solution includes different options to manage review process:

  • Reviews per users, per rights, per organization or per application, per access to directories
  • Per business and technical roles
  • Incremental reviews can reduce the workload by including only items that have not been reviewed since a particular date or timeframe.

At the end of the review all the results is consolidated, reports of compliance are automatically generated and Brainwave manages all the remediation actions directly or via the organization’s ITSM system.

AUDIT DASHBOARD AND REPORTING

Brainwave provides over 200 standard reports. Reports are accessible via the Web portal and they are dynamically generated according to the profile and the rights of the user. They can be exported under various standard formats (pdf, Microsoft Office, open office, etc.).

Reports aggregate the information under the shape of an easy to read, contextualized and visual document. Brainwave integrates a powerful reporting engine which comes with its graphic editor. You can customize the existing reports or make your own brand new report in just a few clicks.

Brainwave Booster for Google Apps for Work reports displays the information in a hierarchical and very intuitive and ergonomic way. The user can navigate within a global view and then drill down into details.

Capture d’écran 2016-07-05 à 10.29.06

 

mapping User Access to data

Brainwave allows to map all of the user access to resources and assets of the company. Without this mapping, the company increase the risks of security breach, fraud and data leaks.

The solution allows the management and employees to work with IT security team and CISO, to lead the user access review. By orchestrating the process, the CISO empowers functional managers to decide wether a  user access is legitimate or not by using the reports produced by Brainwave

Access review in the Cloud

The processes of access rights reviews are among the most complex to manage because they require to aggregate an gigantic volume of data. Brainwave proposes to automate the entire user access review process, for more consistent and seamless access reviews and recertification.

Brainwave integrate the whole Google Apps for Work landscape within your process of access certification.

The solution includes different options to manage review process:

  • Reviews per users, per rights, per organization or per application, per access to directories
  • Per business and technical roles
  • Incremental reviews can reduce the workload by including only items that have not been reviewed since a particular date or timeframe.

Brainwave leans for it on its Identity catalog as well as the results of controls. At the end of the review all the results is consolidated, reports of compliance are automatically generated and Brainwave Identity GRC platform manages all the remediation actions directly or via the organization’s ITSM system.

With Brainwave, you can finally manage access reviews with no burden!

BRAINWAVE GRC SOLUTIONS TAILORED TO YOUR INDUSTRY AND YOUR JOB

Take a look at your needs by Industry

DIGITAL TRANSFORMATION - REGULATORY COMPLIANCE - FIGHT AGAINST FRAUD 

The Insurance sector is chaging very fast. With an increasing regulatory pressure, insurers need to face multiple challenges such as conducting properly their digital transformation without security imperatives impending operational efficiency, the management of sensitive business processes and fighting against cyber attacks. 

Assurance

Visit the insurance sector page  

REGULATORY COMPLIANCE - SENSITIVE DATA - DIGITALIZATION

The banking sector faces multiple challenges today: intensification of compliance requirements, wide spread digitalization, imperative of protecting sensitive assets, preventing data breaches, etc.

Banque

Visit the banking sector page  

FIGHTING  AGAINST CYBER ATTACKS – CYBER SECURITY 

The energy industry has quickly become a privileged target for hackers, especially petroleum and gas industries. These external attacks are becoming more common, and they can quickly impact all or part of an entire country by shutting down the electrical grid, like the hackings in Ukraine and Israel, for example. 

Energie

Visit the energy sector page  

OPENING IT SYSTEM - SECURING LOGISTICS CHAINS - DIGITAL TRANSFORMATION 

The manufacturing industry, now rapidly changing, is faced with many strategic issues, both circumstantial and structural. The proliferation of unstructured data, logistics chains’ sensitivity (particularly to fraud risk), the size of the organizations, and the importance of protection for information systems are all major current challenges for the industry players.

Industrie

Visit the manufacturing sector page  

CYBER ATTACKS – LEGISLATION ISSUES – DIGITAL TRANSFORMATION

The increasing number of cyber attacks on hospitals and health facilities in general, as in the hacking of the Hollywood Presbyterian Medical Center, implies higher risks of fraud, data breach, and external attacks for the entire sector, without any recourse for stakeholders to better protect themselves.

Santé

Visit the healthcare sector page  

CYBER ATTACKS – SENSITIVE DATA AND PROCESSES - REPUTATION

Currently, trading activity is faced with more and more cyber security risks, at the height of the financial and economic issues connected to it. The financial consequences and impact of a cyber attack on the reputation of the companies involved represent increasingly significant risks. The industry players are starting to take action against these risks.

Trading

Visit the trading sector page  

Take a look at your needs by job title

SECURITY POLICY -  RISK MAPPING - OPERATIONAL EFFICIENCY 

The "security" topic within a business is often taken in charge by the CISO and CSO's collaboration, when both actors are present. Yhe definition of the security policy and the risk mapping, conducted by the CISO, define the path to follow fot the policy's implementation, this being the CSO's responsability.  RSSI

Visit the CISO and CSO page  

OPERATIONAL EFFICENCY - PERFORMANCE – GOALS

The operational plan's efficency and the IT function's performance are the CIO's first priorities. In this context, IT security is often perceived as a constraint. Nevertheless, not considering enough IT security issues can rapidly impact IT teams' operational efficiency. 

CIO

Visit the CIO page  

ENSURE OPERATIONAL FUNCTIONING AND SECURING WITHIN THE SCOPE OF YOUR BUSINESS.

Each application and infrastructure manager within the organization must ensure operational maintenance within their scope. They must also operate level 1 controls to implement internal control plans and respond to any auditor request.

Responsable-Infra

Visit the Infrastructure manager page   

COMPLIANCE REQUIREMENTS, ANALYSIS, RISK GOVERNANCE

The current challenges present in IT auditing are manifold: verification of the integrity of data and systems, verification of compliance with internal policies and regulations, detection of drifts, etc. In addition to monitoring regulatory compliance, audit is taking on a role that is increasingly complementary to data security: are the organization’s resources and data being used appropriately and by legitimate users?

Auditeur

Visit the auditor page  

COMPLIANCE – RISK MANAGEMENT AND MANAGEMENT OF ACTIVITIES – RESOURCES – PROCESSES

Internal control has now a vast scope of responsibilities: compliance checks, the definition and proper application of segregation of duties (SoD) matrices, control plans’ implementation and the resulting KPIs, remediation processes’ implementation, etc.

Contrôleur-Interne

Visit the internal control inspector page  

PERFORMANCE – OPERATIONAL EFFICIENCY – SECURITY OF THE DEPARTMENT

Any supervisor of a department or business unit is primarily responsible for organizational efficiency and ensuring that objectives are achieved. The challenges that you face today include access rights review of your teams, fulfilling regulatory compliance requirements, and being aware of security risks such as internal fraud.

Manager

Visit the manager page  

FIGHT AGAINST FRAUD - ENSURE OPERATIONAL AND FINANCIAL EFFICIENCY

"Fake president" scams, information theft, internal fraud... Never have finance departments had so much to worry about in terms of IT resources misappropriation. These forms of embezzlement present known risks to organizations’ image and profitability.  Statutory Auditors are increasingly demanding in their audits, and they point out systematically failures regarding control monitoring, which are becoming increasingly difficult to ignore.

Directeur-Financier

Visit the CFO and CRO page  

GROWTH - RISKS - DIGITAL TRANSFORMATION 

Information thefts, confidential data breaches, internal fraud... Never have financial departments have had to worry as mcuh regarding proven and potential risks threatening their organization's profitability and reputation. External auditors are more and more demanding in verifications and highlight more and more failures to comply to control obligations, becoming impossible to ignore any longer.

Inspection-DG

Visit the general management page  

Share This