You need to know and control the accesses to your organisation’s assets, whether they are cloud-based or on-site applications, physical accesses, shared folders etc. However the challenges are great and numerous: technical complexity and heterogeneity of systems, rapid changes on access and individuals, combined with a lack of accountability from the parties involved.
Brainwave Identity GRC gets you ahead of competition
Brainwave Identity GRC is a software solution specifically designed to alleviate the pain of extracting, correlating and analyzing access-related data in order to find control deviations and assess risks.
Identity Analytics is taken to the next level.
Brainwave GRC provides a better control on access to assets and improved visibility over who-has-access-to-what
While traditional Identity Governance & Administration (IGA) solutions focus on access fulfillment and provide only basic Analytics and Governance capabilities, Brainwave Identity GRC embraces the analysis of any system (infrastructure, business applications or data) and provides advanced control automation, risks scoring and access review capabilities. With Brainwave GRC, you can meet the auditors’ requests and improve your security posture while actually reducing the time and effort spent!
The major pitfalls of IGA
A great number of IGA projects experience difficulties due to a few well-known factors:
Poor Data Quality
The issue of poor data quality in target resources has a major impact for IGA systems. Indeed, IGA systems rely on these data for the application of entitlement business rules and for synchronizing across systems. Poor quality means the replication of wrongful entitlements.
Lack Of Shared Semantics
When trying to make sense of Identity and Access data extracted from a system, one has to understand the underlying technical implementation. This is the way the security model is designed in the system: roles and groups, authorization objects, access control lists…
There are many different security models, which represent access in various ways, which makes any analysis or comparison difficult.
Truncated Vision Of Access
Access rights can be broadly set in two categories: coarse-grained and fine-grained.
Coarse-grained access is what’s by an IGA system for assigning or revoking access to a user. They contain a set of fine-grained permissions which precisely describe what a user can or cannot do.
For instance, a coarse-grained “Accountant” profile contains a fine-grained “Enter GL” permission.
As the IGA system has no view on the fine-grained layer, it provides only a very partial view of what users can do and what are the risks, which means that deeper analysis requires to go into each system and application and manually extract relevant information.
Lack Of Business Understanding Of Access
Business people need to have a clear understanding of these rights: what level of access is granted? What can the user do? What are the risks? However, the IGA system manipulates technical access rights and attributes, such as groups or profiles, which are close to meaningless to business users.
This limitation of the IGA system is especially impactful in case of incompatible entitlements or privileged access: the wrong permission may be inadvertantly granted to a user because it is difficult to realize this permission poses a security or compliance risk.
Transform Data into Information
Brainwave GRC is a data analytics platform that helps identifying data quality issues. For instance: inconsistent logins or other user attributes across systems? Absence of shared unique identifier? Spelling mistakes in user names? All these situations can be easily targeted and resolved in Brainwave GRC, making the way upsteam of the IGA deployment.
Build A Content-Rich Entitlement Catalog
The chain of access represents how a user can access a given resource or execute a specific action. This chain of access is not only composed of identifiers and attributes, it bears a precise semantics which is specific to the target system. Objects such as accounts, groups, roles, transactions… can be leveraged in different fashions and with different meanings.
By building a central Entitlement Catalog, Brainwave GRC provides a unified way to analyze any chain of access on any type of system, consistently.
The Entitlement Catalog can be extended and meta-data can be added to it, such as: level of sensitivity of objects, ownership, data classification information, etc.
Have A Holistic View Of Access
To be in control of the risks related to access, you need to have a comprehensive view over who has access to what, across all systems and applications, down to the finest level.
Brainwave GRC provides an elegant way to ingest access data from any type of resource, on premises or in the cloud, and represent a consistent chain of access. Once ingested, you can search and browse the access information from any standpoint: on which financial applications is Mr Smith an Admin? Who can access this shared folder?
Run Business-Oriented Analyses And Reports
Brainwave GRC is in the business of transforming technical access data into actionable business information: the ability to report on risks and help stakeholders to make decisions is key to our approach.
Brainwave GRC supports push and pull information sharing strategies that can be adapted to any context: email notifications or alerts, multi-format reports, customizable dashboards, risk-based access reviews…
The risks caused by Privileged Access
Privileged Accounts are everywhere and are the keys to access the most sensitive systems with the highest privilege. The inappropriate accumulation or allocation of privileged access to users is a source of significant security and compliance risks.
Many organizations have implemented Privileged Access Management (PAM) solutions. However, it is a challenge to identify all privilged accounts and manage them centrally. As a result, some are managed with purely procedural processes or in an ad-hoc fashion, while others may benefit from a more streamlined management platform, such as a PAM.
IGA – We’ve got your back!
Brainwave GRC effectively covers a wide range IGA features while focusing on what’s really important: reducing the risks and enforcing compliance.
Tackle all data quality issues
Consolidate company identity repositories in a single source of trust
Detect changes (job, org, newcomers, leavers, …)
Reconcile all accounts
Consolidate all entitlements infra / data / apps
Enrich entitlements with metadata (owners, description, risk, …)
Provide both embedded workflows and third party workflows (Service Now)
Empower smart access request through A.I. analysis
Discover and consolidate roles through its role mining feature
Manage roles lifecycle
Discover role members
Detect overallocated rights
BPMN 2 compliant workflow engine
Graphical editor & debugger
Aggregated risk scores
Peer group analytics
User behavior analytics
42 off-the-shelf review templates
Compliance based review
Risk based review
Smart review with pivot table data visualisation
OpenICF 2 connector framework
Provides more than 100 read-only connectors
Provides read-write capabilities for Active Directory & ITSM systems
ITGC controls engine
SoD controls engine
Case management workflows
Detect all changes
Browse back in time
B.I. powered reporting engine with graphical editor
csv, pdf, office, openoffice
+200 reports off the shelf
Want to know more?
Create, maintain and update your roles using the unique Brainwave GRC methodology. Conduct workshops with your business teams using the Booster for IAM to combine both top-down and bottom-up approaches and deliver usefull and up-to-date roles to your IAM tools.
Compare the real access rights in the systems to theoretical access rights available from your IAM (Identity and Access Management) or ITSM tools, or even from any business role matrix. This way find out over and under allocation, take the right decision about this abnormal situations with regard to the context.
Evaluate and highlight the most risky situations. Investigate from each identities or involved resources to find out why and how to remediate the detected risks. Benefit from interconnexion capabilities between Brainwave GRC and ITSM or IAM (Identity and Access Management) tools to automate remediations.
Privileged Access Good governance for the most sensitive assets
Learn how Brainwave GRC can help you better manage and control Privileged Access, with or without a PAM solution.
Moving to continuous control
User entitlements and access change all the time. Only via automation can you consitnuously monitor those changes, detect anomalies and take remediative actions in due time.
Learn how in four steps.
“A powerful and intuitive solution for Identity and Access Control Management.”