Identity Governance & Identity Analytics

Augment your IGA capabilities and be ready for the third generation. Monitor operations, detect data quality or synchronization issues. Design business roles using an advanced collaborative approach and innovative mining algorithms and enforce their application throughout your infrastructure, data and application resources.

You need to know and control the accesses to your organisation’s assets, whether they are cloud-based or on-site applications, physical accesses, shared folders etc. However the challenges are great and numerous: technical complexity and heterogeneity of systems, rapid changes on access and individuals, combined with a lack of accountability from the parties involved.

Brainwave Identity GRC gets you ahead of competition

Brainwave Identity GRC is a software solution specifically designed to alleviate the pain of extracting, correlating and analyzing access-related data in order to find control deviations and assess risks.

Identity Analytics is taken to the next level.

Brainwave GRC provides a better control on access to assets and improved visibility over who-has-access-to-what

While traditional Identity Governance & Administration (IGA) solutions focus on access fulfillment and provide only basic Analytics and Governance capabilities, Brainwave Identity GRC embraces the analysis of any system (infrastructure, business applications or data)  and provides advanced control automation, risks scoring and access review capabilities. With Brainwave GRC, you can meet the auditors’ requests and improve your security posture while actually reducing the time and effort spent!

The major pitfalls of IGA

A great number of IGA projects experience difficulties due to a few well-known factors:

The Pitfalls

Poor Data Quality

The issue of poor data quality in target resources has a major impact for IGA systems. Indeed, IGA systems rely on these data for the application of entitlement business rules and for synchronizing across systems. Poor quality means the replication of wrongful entitlements.

Lack Of Shared Semantics

When trying to make sense of Identity and Access data extracted from a system, one has to understand the underlying technical implementation. This is the way the security model is designed in the system: roles and groups, authorization objects, access control lists…

There are many different security models, which represent access in various ways, which makes any analysis or comparison difficult.

Truncated Vision Of Access

Access rights can be broadly set in two categories: coarse-grained and fine-grained.

Coarse-grained access is what’s by an IGA system for assigning or revoking access to a user. They contain a set of fine-grained permissions which precisely describe what a user can or cannot do.

For instance, a coarse-grained “Accountant” profile contains a fine-grained “Enter GL” permission.

As the IGA system has no view on the fine-grained layer, it provides only a very partial view of what users can do and what are the risks, which means that deeper analysis requires to go into each system and application and manually extract relevant information.

Lack Of Business Understanding Of Access

Business people need to have a clear understanding of these rights: what level of access is granted? What can the user do? What are the risks? However, the IGA system manipulates technical access rights and attributes, such as groups or profiles, which are close to meaningless to business users.

This limitation of the IGA system is especially impactful in case of incompatible entitlements or privileged access: the wrong permission may be inadvertantly granted to a user because it is difficult to realize this permission poses a security or compliance risk.

 

The Remedies

Transform Data into Information

Brainwave GRC is a data analytics platform that helps identifying data quality issues. For instance: inconsistent logins or other user attributes across systems? Absence of shared unique identifier? Spelling mistakes in user names? All these situations can be easily targeted and resolved in Brainwave GRC, making the way upsteam of the IGA deployment.

Build A Content-Rich Entitlement Catalog

The chain of access represents how a user can access a given resource or execute a specific action. This chain of access is not only composed of identifiers and attributes, it bears a precise semantics which is specific to the target system. Objects such as accounts, groups, roles, transactions… can be leveraged in different fashions and with different meanings.

By building a central Entitlement Catalog, Brainwave GRC provides a unified way to analyze any chain of access on any type of system, consistently.

The Entitlement Catalog can be extended and meta-data can be added to it, such as: level of sensitivity of objects, ownership, data classification information, etc.

Have A Holistic View Of Access

To be in control of the risks related to access, you need to have a comprehensive view over who has access to what, across all systems and applications, down to the finest level.

Brainwave GRC provides an elegant way to ingest access data from any type of resource, on premises or in the cloud, and represent a consistent chain of access. Once ingested, you can search and browse the access information from any standpoint: on which financial applications is Mr Smith an Admin? Who can access this shared folder?

Run Business-Oriented Analyses And Reports

Brainwave GRC is in the business of transforming technical access data into actionable business information: the ability to report on risks and help stakeholders to make decisions is key to our approach.

Brainwave GRC supports push and pull information sharing strategies that can be adapted to any context: email notifications or alerts, multi-format reports, customizable dashboards, risk-based access reviews…

The risks caused by Privileged Access

Privileged Accounts are everywhere and are the keys to access the most sensitive systems with the highest privilege. The inappropriate accumulation or allocation of privileged access to users is a source of significant security and compliance risks. 

Many organizations have implemented Privileged Access Management (PAM) solutions. However, it is a challenge to identify all privilged accounts and manage them centrally. As a result, some are managed with purely procedural processes or in an ad-hoc fashion, while others may benefit from a more streamlined management platform, such as a PAM.

IGA – We’ve got your back!

Brainwave GRC effectively covers a wide range IGA features while focusing on what’s really important: reducing the risks and enforcing compliance.

Identity LifeCycle

Tackle all data quality issues

Consolidate company identity repositories in a single source of trust

Detect changes (job, org, newcomers, leavers, …)

Entitlement Management

Reconcile all accounts

Consolidate all entitlements infra / data / apps

Enrich entitlements with metadata (owners, description, risk, …)

Access Request

Provide both embedded workflows and third party workflows (Service Now)

Empower smart access request through A.I. analysis

Policy&Role Management

Discover and consolidate roles through its role mining feature

Manage roles lifecycle

Discover role members

Detect overallocated rights

Workflow

BPMN 2 compliant workflow engine

Graphical editor & debugger

Management interfaces

Analytics

Mashup dashboards

Data visualisation

Aggregated risk scores

Peer group analytics

User behavior analytics

Access Certification

42 off-the-shelf review templates

Compliance based review

Risk based review

Smart review with pivot table data visualisation

Fulfillment

OpenICF 2 connector framework

Provides more than 100 read-only connectors

Provides read-write capabilities for Active Directory & ITSM systems

Auditing

ITGC controls engine

SoD controls engine

Case management workflows

Detect all changes

Browse back in time

Reporting

B.I. powered reporting engine with graphical editor

csv, pdf, office, openoffice

+200 reports off the shelf

Want to know more?

Role Mining

Create, maintain and update your roles using the unique Brainwave GRC methodology. Conduct workshops with your business teams using the Booster for IAM to combine both top-down and bottom-up  approaches and deliver usefull and up-to-date roles to your IAM tools.

Theoretical Access Controls

Compare the real access rights in the systems to theoretical access rights available from your IAM (Identity and Access Management) or ITSM tools, or even from any business role matrix. This way find out over and under allocation, take the right decision about this abnormal situations with regard to the context.

Risk Scoring

Evaluate and highlight the most risky situations. Investigate from each identities or involved resources to find out why and how to remediate the detected risks. Benefit from interconnexion capabilities between Brainwave GRC and ITSM or IAM (Identity and Access Management) tools to automate remediations.

Privileged Access Good governance for the most sensitive assets

Learn how Brainwave GRC can help you better manage and control Privileged Access, with or without a PAM solution.

Click Here

Moving to continuous control

User entitlements and access change all the time. Only via automation can you consitnuously monitor those changes, detect anomalies and take remediative actions in due time.

Learn how in four steps.

Click Here

“A powerful and intuitive solution for Identity and Access Control Management.”

— Information Security Officer, Finance Industry

Connaissez-vous la Gouvernance des Accès à Privilèges ?

 

Les accès à privilèges protègent vos actifs les plus sensibles. Il y en existe partout : infrastructure, applications, stockages de données, Cloud… Comment les recenser de manière exhaustive ? Les classifier et comprendre qui les utilise, pourquoi et s’assurer que leur usage reste justifié et légitime dans le temps ?

Découvrez les méthodes et retours d’expérience client sur la Gouvernance des Accès à Privilèges avec notre prochain webinar, le 5 Mars 2020 !

 

Inscrivez-vous maintenant !