Identity Governance and Identity Analytics

Augment your IGA (Identity Governance and Administration) capabilities and get ready for the third generation. Monitor operations and detect data quality or synchronization issues. Design business roles using an advanced collaborative approach and innovative mining algorithms in order to enforce their application throughout your infrastructure, data and application resources.

Whether your organization’s assets are cloud-based or on-premise applications, you need to be able to control access to them. Challenges to this control can be numerous: technical complexity and heterogeneity of systems, rapid changes to access and individuals, and a lack of accountability from the parties involved.

Brainwave Identity GRC gets you ahead of competition

Brainwave Identity GRC is a software solution specifically designed to alleviate the pain of extracting, correlating and analyzing access-related data in order to find control deviations and assess risks.

Identity Analytics is taken to the next level.

Brainwave GRC provides better control and improved visibility to access permissions across your enterprise.

While traditional Identity Governance and Administration (IGA) solutions focus on access fulfillment and offer only basic capabilities, Brainwave GRC welcome the analysis of any system, infrastructure, business applications or data and delivers advanced control automation, risks scoring and access review competencies. With Brainwave GRC, you can respond to an auditors’ request and improve your security posture while actually reducing the time and effort spent.

The major pitfalls of IGA

A great number of IGA projects experience difficulties due to a few well-known factors:

The Pitfalls

Poor Data Quality

The issue of poor data quality in target resources has a major impact on IGA systems. IGA systems rely on this data for the application of entitlement business rules and for synchronizing across systems. Poor quality leads to the replication of erroneus permissions.

Lack Of Shared Semantics

When trying to make sense of Identity and access data extracted from a system, one has to understand the underlying technical implementation. This is the way the security model is designed in the system: roles and groups, authorization objects, access control lists and the like.

Because there are a number of security models which have different access models, it can be difficult to analyze and compare them.

Truncated Vision Of Access

Access rights can be broadly set in two categories: coarse-grained and fine-grained.

Coarse-grained access is what is used by an IGA system for assigning or revoking access to a user. It contains a set of fine-grained permissions which precisely describe what a user can or cannot do.

For instance, a coarse-grained “Accountant” profile contains a fine-grained “Enter GL” permission.

As the IGA system has no access to the fine-grained layer, it provides only a very partial view of what users can do and what the risks may be. This means that further analysis is required to delve into each system and application in order to manually extract relevant information.

Lack Of Business Understanding Of Access

Business people need to have a clear understanding of these rights. What level of access is granted? What can the user do? What are the risks? The IGA system handles technical access rights and attributes, such as groups or profiles, which, oftentimes, have no meaning to the business user.

This feature of the IGA system is especially impactful in case of incompatible entitlements or privileged access: a high-risk permission (security or compliance) may inadvertently be granted to a user because of the difficulty of knowing that it is, indeed, high-risk.

 

The Remedies

Transform Data into Information

Brainwave GRC is a data analytics platform that helps to identify data quality issues. Some examples of this are: inconsistent log-ins across systems, absence of a shared unique identifier, misspelling of user names and other user attributes. All of these situations can be easily located and resolved in Brainwave GRC, moving forward with the IGA deployment.

Build A Content-Rich Entitlement Catalog

The chain of access represents how a user can access a given resource or execute a specific action. This chain of access is not only composed of identifiers and attributes: it includes a precise semantics which are specific to the target system. Objects such as accounts, groups, roles, transactions can be leveraged in different ways and with different meanings.

By building a central Entitlement Catalog, Brainwave GRC provides a unified way to analyze any chain of access on any type of system, consistently.

The Entitlement Catalog can be extended and meta-information such as level of sensitivity of objects, ownership, data classification information, can be added to it.

Have A Holistic View Of Access

To be in control of the risks related to access, you need to have a comprehensive view of who has access to what, across all systems and applications, down to the lowest level of permissions.

Brainwave GRC provides a highly effective method of way of acquiring access data from any type of resource, on premise or in the cloud, and represents a consistent chain of access. Once gathered, you can search and browse the access information from any viewpoint: on which financial applications is Mr Smith an administrator, who can access this shared folder in addition to other key permission issues.

Run Business-Oriented Analyses And Reports

Brainwave GRC is in the business of transforming technical access data into actionable business information: the ability to report on risks and help stakeholders to make decisions is key to our approach.

Brainwave GRC supports push and pull information sharing strategies that can be adapted to any context: email notifications or alerts, multi-format reports, customizable dashboards, risk-based access reviews and others.

The risks caused by Privileged Access

Privileged Accounts are everywhere and are the keys to accessing the most sensitive systems with the highest privilege. The inappropriate accumulation or allocation of privileged access to users is a source of significant security and compliance risks. 

Many organizations have implemented Privileged Access Management (PAM) solutions. However, it is a challenge to identify all privileged accounts and manage them centrally. As a result, some are handled with purely procedural processes or in an ad-hoc fashion, while others may benefit from a more streamlined management platform, such as a PAM.

IGA – We’ve got your back!

Brainwave GRC effectively covers a wide range IGA features while focusing on what’s really important: reducing the risks and enforcing compliance.

Identity LifeCycle

Tackle all data quality issues

Consolidate company identity repositories in a single source of trust

Detect changes (job, org, new hires, departures, etc.)

Entitlement Management

Correlate all accounts and identities (reconciliation)

Consolidate all entitlement infrastructure / data / apps

Enrich entitlements with metadata (owners, description, risk, etc.

Access Request

Provide both embedded and third party workflows (Service Now)

Empower smart access requests through A.I. analysis

Policy and Role Management

Discover and consolidate roles through the role mining feature

Manage the role lifecycle

Discover role members

Detect over-allocated rights

Workflow

BPMN 2 compliant workflow engine

Graphical editor and debugger

Management interfaces

Analytics

Mash-up dashboards

Data visualization

Aggregated risk scores

Peer group analytics

User behavior analytics

Access Certification

42 off-the-shelf review templates

Compliance based review

Risk based review

Smart review with pivot table data visualization

Fulfillment

OpenICF 2 connector framework

Provides more than 100 read-only connectors

Provides read-write capabilities for Active Directory and ITSM systems

Auditing

ITGC control engine

SoD control engine

Case management workflows

Detect all changes

Browse back in time

Reporting

B.I. powered reporting engine with graphical editor

csv, pdf, office, openoffice

200+ off-the-shelf reports

Would you like to know more?

Role Mining

Create, maintain and update your roles using the unique Brainwave GRC methodology. Conduct workshops with your business teams using the Booster for IAM to combine both top-down and bottom-up approaches and deliver useful and up-to-date roles for your IAM tools.

Theoretical Access Controls

Compare the real access rights in the systems to theoretical access rights available from your IAM (Identity and Access Management) or ITSM tools, or even from any business role matrix. In this way, you can discover both under- and over-allocation which will help to make the best decision about these overlooked situations.

Risk Scoring

Evaluate and hightlight the most risky situations. Search each identity or resource for associated risks and take corrective action.  Benefit from interconnexion capabilities between Brainwave GRC and ITSM or IAM (Identity and Access Management) tools to automate remediations.

Privileged Access for the Most Sensitive Assets

Learn how Brainwave GRC can help you better manage and control Privileged Access, with or without a PAM solution.

Moving to Continuous Control

User entitlement and access change all the time. Only through automation can you consitnuously monitor these changes, detect anomalies and take corrective action in due time.

Learn how in four steps.

“A powerful and intuitive solution for Identity and Access Control Management.”

— Information Security Officer, Finance Industry