How to Deliver Closed-Loop Compliance

Presenter’s Logo Here 2013 Open Stack Identity Summit - France

Closed-Loop Remediation without breaking a sweat

About Brainwave

2010 Brainwave creation 1st patent

2011 Product RTM Innovation award

2012 20+ customers Gartner IAG Magic Quadrant

2013 KuppingerCole Leadership Compass Gartner Cool Vendor 2013 International Biz Dvp 25+ customers

What we do •  Our software helps our customers better control

compliance and assess the risks related to permissions and access on any kind of resource

•  Who can access \\NAS\secret\verysecret\document.xls?

•  Are there users who can access remotely to the ERP and issue bank transfers?

•  Who left the Accounting Department and kept access to our data over the last six months?

Access Entropy

Access rights control: Compliance is at stake! •  As stated by Deloitte in their GFSI Security Survey,

top external audit findings are about excessive access rights, Segregation of duties breaches and developper access to production systems

6

http://www.deloitte.com/gfsi/securitysurvey

Brainwave Identity GRC Software solution for access compliance and risk assessment

Approach

Information System

Cloud

Company Policies,

Regulations…

Reports + Insight: •  What are my risks? •  What needs to be fixed? •  Am I compliant?

Devices

Identity GRC

The Identity Ledger

9

Benefits •  Improve Data Quality

•  Automate controls over fine-grained entitlements •  Even on very large scale (100M+ access rights, 1000s of SoD

rules…)

•  Provide operational reporting on top of IAM infrastructure

•  Build business-oriented review / recertification processes…

Brainwave Customers (extract)

11

Connectorless

12

Top Secret

Integration with OpenIDM

Identity GRC + OpenIDM

14

IT Resources

Manual operations Automated provisioning

Accounts and fine-grained access rights information

Identities and access rights assignments

•  Access rights reconciliation •  Theoretical rights control •  Account Recertification process •  Remediation process •  Controls & Insight

Automated remediation actions

HR and organization-related information Access logs

Integration with OpenIDM •  Simple interface (REST services)

•  easy to implement and maintain, easy to package

•  Ability to automate remediation •  or to mix manual/automated scenarios

•  Ability to demonstrate improvement over time •  Enforce remediation, track status, verify desired state

•  Nice, customizable GUI and workflow processes

Demo time

Other ways to leverage Brainwave

« Pull » approach •  Build Views to query

Brainwave Ledger and instantly publish REST services

18

« Push » approach •  Trigger email messages / reports based on control

results, review results…

19

Presenter’s Logo Here 2013 Open Stack Identity Summit - France

Thank you! Questions?

Sebastien FAIVRE, Cyril GOLLAIN, Brainwave [email protected] +33.6 13 78 52 04