Your SlideShare is downloading. ×
How to Deliver Closed-Loop Compliance
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

How to Deliver Closed-Loop Compliance


Published on

Brainwave General Manager Cyril Gollain delivers this Solution Showcase session.

Brainwave General Manager Cyril Gollain delivers this Solution Showcase session.

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Presenter’s Logo Here 2013 Open Stack Identity Summit - France Closed-Loop Remediation without breaking a sweat
  • 2. About Brainwave
  • 3. 2011 Product RTM Innovation award 2010 Brainwave creation 1st patent 2012 20+ customers Gartner IAG Magic Quadrant 2013 KuppingerCole Leadership Compass Gartner Cool Vendor 2013 International Biz Dvp 25+ customers
  • 4. What we do •  Our software helps our customers better control compliance and assess the risks related to permissions and access on any kind of resource •  Who can access NASsecretverysecretdocument.xls? •  Are there users who can access remotely to the ERP and issue bank transfers? •  Who left the Accounting Department and kept access to our data over the last six months?
  • 5. Access Entropy
  • 6. Access rights control: Compliance is at stake! •  As stated by Deloitte in their GFSI Security Survey, top external audit findings are about excessive access rights, Segregation of duties breaches and developper access to production systems 6
  • 7. Brainwave Identity GRC Software solution for access compliance and risk assessment
  • 8. Approach Company Policies, Regulations… Information System Identity GRC Cloud Devices Reports + Insight: •  What are my risks? •  What needs to be fixed? •  Am I compliant?
  • 9. The Identity Ledger 9
  • 10. Benefits •  Improve Data Quality •  Automate controls over fine-grained entitlements •  Even on very large scale (100M+ access rights, 1000s of SoD rules…) •  Provide operational reporting on top of IAM infrastructure •  Build business-oriented review / recertification processes…
  • 11. Brainwave Customers (extract) 11
  • 12. Connectorless Top Secret 12
  • 13. Integration with OpenIDM
  • 14. Identity GRC + OpenIDM Automated remediation actions Manual operations Automated provisioning IT Resources Accounts and fine-grained access rights information Identities and access rights assignments HR and organization-related information Access logs •  •  •  •  •  14 Access rights reconciliation Theoretical rights control Account Recertification process Remediation process Controls & Insight
  • 15. Integration with OpenIDM •  Simple interface (REST services) •  easy to implement and maintain, easy to package •  Ability to automate remediation •  or to mix manual/automated scenarios •  Ability to demonstrate improvement over time •  Enforce remediation, track status, verify desired state •  Nice, customizable GUI and workflow processes
  • 16. Demo time
  • 17. Other ways to leverage Brainwave
  • 18. « Pull » approach •  Build Views to query Brainwave Ledger and instantly publish REST services 18
  • 19. « Push » approach •  Trigger email messages / reports based on control results, review results… 19
  • 20. Presenter’s Logo Here 2013 Open Stack Identity Summit - France Thank you! Questions? Sebastien FAIVRE, Cyril GOLLAIN, Brainwave +33.6 13 78 52 04