ForgeRock, profile picture
Uploaded byForgeRock
1,564 views

How to Deliver Closed-Loop Compliance

The document presents Brainwave's software solutions focused on access compliance and risk assessment, emphasizing the control of permissions across various resources. It highlights the importance of managing access rights to reduce compliance risks, as noted in Deloitte's security survey. Additionally, the software integrates with existing systems to automate remediation processes and improve operational reporting on access controls.

Embed presentation

Downloaded 19 times
Presenter’s Logo Here 2013 Open Stack Identity Summit - France Closed-Loop Remediation without breaking a sweat
About Brainwave
2011 Product RTM Innovation award 2010 Brainwave creation 1st patent 2012 20+ customers Gartner IAG Magic Quadrant 2013 KuppingerCole Leadership Compass Gartner Cool Vendor 2013 International Biz Dvp 25+ customers
What we do •  Our software helps our customers better control compliance and assess the risks related to permissions and access on any kind of resource •  Who can access NASsecretverysecretdocument.xls? •  Are there users who can access remotely to the ERP and issue bank transfers? •  Who left the Accounting Department and kept access to our data over the last six months?
Access Entropy
Access rights control: Compliance is at stake! •  As stated by Deloitte in their GFSI Security Survey, top external audit findings are about excessive access rights, Segregation of duties breaches and developper access to production systems http://www.deloitte.com/gfsi/securitysurvey 6
Brainwave Identity GRC Software solution for access compliance and risk assessment
Approach Company Policies, Regulations… Information System Identity GRC Cloud Devices Reports + Insight: •  What are my risks? •  What needs to be fixed? •  Am I compliant?
The Identity Ledger 9
Benefits •  Improve Data Quality •  Automate controls over fine-grained entitlements •  Even on very large scale (100M+ access rights, 1000s of SoD rules…) •  Provide operational reporting on top of IAM infrastructure •  Build business-oriented review / recertification processes…
Brainwave Customers (extract) 11
Connectorless Top Secret 12
Integration with OpenIDM
Identity GRC + OpenIDM Automated remediation actions Manual operations Automated provisioning IT Resources Accounts and fine-grained access rights information Identities and access rights assignments HR and organization-related information Access logs •  •  •  •  •  14 Access rights reconciliation Theoretical rights control Account Recertification process Remediation process Controls & Insight
Integration with OpenIDM •  Simple interface (REST services) •  easy to implement and maintain, easy to package •  Ability to automate remediation •  or to mix manual/automated scenarios •  Ability to demonstrate improvement over time •  Enforce remediation, track status, verify desired state •  Nice, customizable GUI and workflow processes
Demo time
Other ways to leverage Brainwave
« Pull » approach •  Build Views to query Brainwave Ledger and instantly publish REST services 18
« Push » approach •  Trigger email messages / reports based on control results, review results… 19
Presenter’s Logo Here 2013 Open Stack Identity Summit - France Thank you! Questions? Sebastien FAIVRE, Cyril GOLLAIN, Brainwave cyril.gollain@brainwave.fr +33.6 13 78 52 04

More Related Content

PDF
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
PDF
McKesson Case Study
byForgeRock
 
PDF
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
byMindtree Ltd.
 
PDF
Identity and Entitlement Management Concepts
byWSO2
 
PDF
The secure blockchain-based exchange for personal data - Initial Coin Offerin...
byPikcioChain
 
PPTX
XMANAI Technical Project Overview
byXMANAI
 
PDF
BigID Data Subject Rights Automation for GDPR & Privacy Data Sheet
byDimitri Sirota
 
PDF
POS System on .NET for a Financial Services Company
bydigitalsuccessagency
 
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
McKesson Case Study
byForgeRock
 
Increased market reach of an eDiscovery product suite for a pioneer in litiga...
byMindtree Ltd.
 
Identity and Entitlement Management Concepts
byWSO2
 
The secure blockchain-based exchange for personal data - Initial Coin Offerin...
byPikcioChain
 
XMANAI Technical Project Overview
byXMANAI
 
BigID Data Subject Rights Automation for GDPR & Privacy Data Sheet
byDimitri Sirota
 
POS System on .NET for a Financial Services Company
bydigitalsuccessagency
 

What's hot

PDF
Identity Verification
byIDology, Inc
 
PDF
BigID Virtual MDM Data Sheet
byDimitri Sirota
 
PPTX
Introduction To SAQ 4 U
byRAlcala65
 
PDF
BigID Data Sheet: GDPR Compliance
byBigID Inc
 
PPTX
McKesson - Business Process Redesign
byBhavik Doshi
 
PDF
BigID Data sheet: Consent Governance & Orchestration
byBigID Inc
 
PDF
BigID Data Sheet: LGPD Compliance Automated
byBigID Inc
 
PDF
MSFT-TechCheck_v1c
byAmirah Aidi Johnson
 
PDF
ENTITY EXCHANGE FOR SELL-SIDE FIRMS
byAlyssa Lewis Matabeek
 
PPTX
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
byBigID Inc
 
PPTX
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
byGene Kim
 
PPT
Hcl develops a fraud case management system for the new york state insurance ...
byHcl Brand
 
PPTX
The Digital Innovation Award - Planner Bee
byThe Digital Insurer
 
PDF
BigID Datasheet: CCPA Data Rights Automation
byBigID Inc
 
PDF
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
PDF
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
byForgeRock
 
PPTX
Clear priority analyst presentation jan 2014
bylearPriority
 
PDF
High capacity enrolment and authentication solution for the Unique Identifica...
byMindtree Ltd.
 
PPTX
The Future of Information Management
byMarco
 
PDF
Infosafe ah iam 2015
byAlain Huet
 
Identity Verification
byIDology, Inc
 
BigID Virtual MDM Data Sheet
byDimitri Sirota
 
Introduction To SAQ 4 U
byRAlcala65
 
BigID Data Sheet: GDPR Compliance
byBigID Inc
 
McKesson - Business Process Redesign
byBhavik Doshi
 
BigID Data sheet: Consent Governance & Orchestration
byBigID Inc
 
BigID Data Sheet: LGPD Compliance Automated
byBigID Inc
 
MSFT-TechCheck_v1c
byAmirah Aidi Johnson
 
ENTITY EXCHANGE FOR SELL-SIDE FIRMS
byAlyssa Lewis Matabeek
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
byBigID Inc
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
byGene Kim
 
Hcl develops a fraud case management system for the new york state insurance ...
byHcl Brand
 
The Digital Innovation Award - Planner Bee
byThe Digital Insurer
 
BigID Datasheet: CCPA Data Rights Automation
byBigID Inc
 
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
byForgeRock
 
Clear priority analyst presentation jan 2014
bylearPriority
 
High capacity enrolment and authentication solution for the Unique Identifica...
byMindtree Ltd.
 
The Future of Information Management
byMarco
 
Infosafe ah iam 2015
byAlain Huet
 

Similar to How to Deliver Closed-Loop Compliance

PDF
Closed Loop Compliance: Achieving closed loop compliance with Brainwave integ...
byForgeRock
 
PPTX
Next-gen Enterprise Identity Services with Brainwave Identity GRC
byForgeRock
 
PDF
Brainwave GRC presentation at IDM 2016 London conference
byBrainwave GRC
 
PDF
Brainwave GRC presentation at IDM 2016 London conference
byBrainwave GRC
 
PDF
Paradigmo specialised in Identity & Access Management
byJulie Beuselinck
 
PDF
Brainwave GRC - Continuous Audit and Controls at ISACA event
byBrainwave GRC
 
PPTX
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
byIBM Sverige
 
PPT
Core.co.enterprise.deck.06.16.10
byCore Security Technologies
 
PPTX
Continous Audit and Controls with Brainwave GRC
byGraeme Hein
 
PDF
#MFSummit2016 Secure: Introduction to identity, access and security
byMicro Focus
 
PPTX
IT Security Management -- People, Procedures and Tools
byAndrew S. Baker (ASB)
 
PPTX
What i learned at issa international summit 2019
byUlf Mattsson
 
PDF
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
byCloudIDSummit
 
PDF
Identity and Access Intelligence
byTim Bell
 
PPTX
Infosec is Broken “did you bring a knife to a gun fight?"
byJorge Sebastiao
 
PDF
Blue-Team-Summit-2023_Social-Engineering-your-Metrics_Joe-Gray.pdf
bysneakcozywaking
 
PDF
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
byIBM Security
 
PDF
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
byBigML, Inc
 
PDF
Resilience as a new Enforcement Model for IT Security based on Usage Control
bySven Wohlgemuth
 
PPTX
The Road to Identity 2.0
byAdam Lewis
 
Closed Loop Compliance: Achieving closed loop compliance with Brainwave integ...
byForgeRock
 
Next-gen Enterprise Identity Services with Brainwave Identity GRC
byForgeRock
 
Brainwave GRC presentation at IDM 2016 London conference
byBrainwave GRC
 
Brainwave GRC presentation at IDM 2016 London conference
byBrainwave GRC
 
Paradigmo specialised in Identity & Access Management
byJulie Beuselinck
 
Brainwave GRC - Continuous Audit and Controls at ISACA event
byBrainwave GRC
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
byIBM Sverige
 
Core.co.enterprise.deck.06.16.10
byCore Security Technologies
 
Continous Audit and Controls with Brainwave GRC
byGraeme Hein
 
#MFSummit2016 Secure: Introduction to identity, access and security
byMicro Focus
 
IT Security Management -- People, Procedures and Tools
byAndrew S. Baker (ASB)
 
What i learned at issa international summit 2019
byUlf Mattsson
 
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
byCloudIDSummit
 
Identity and Access Intelligence
byTim Bell
 
Infosec is Broken “did you bring a knife to a gun fight?"
byJorge Sebastiao
 
Blue-Team-Summit-2023_Social-Engineering-your-Metrics_Joe-Gray.pdf
bysneakcozywaking
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
byIBM Security
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
byBigML, Inc
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
bySven Wohlgemuth
 
The Road to Identity 2.0
byAdam Lewis
 

More from ForgeRock

PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
PPTX
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
PDF
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
PDF
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
PDF
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
PDF
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
PDF
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
PDF
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
PDF
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
PDF
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
byForgeRock
 
PPTX
Get the Exact Identity Solution You Need - In the Cloud - Overview
byForgeRock
 
PDF
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
PDF
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
PDF
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
PDF
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
PDF
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
PDF
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
byForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
byForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 

Recently uploaded

PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
API-First Architecture in Financial Systems
bycyy111112
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 

How to Deliver Closed-Loop Compliance

  • 1.
    Presenter’s Logo Here 2013Open Stack Identity Summit - France Closed-Loop Remediation without breaking a sweat
  • 2.
  • 3.
    2011 Product RTM Innovation award 2010 Brainwavecreation 1st patent 2012 20+ customers Gartner IAG Magic Quadrant 2013 KuppingerCole Leadership Compass Gartner Cool Vendor 2013 International Biz Dvp 25+ customers
  • 4.
    What we do •  Oursoftware helps our customers better control compliance and assess the risks related to permissions and access on any kind of resource •  Who can access NASsecretverysecretdocument.xls? •  Are there users who can access remotely to the ERP and issue bank transfers? •  Who left the Accounting Department and kept access to our data over the last six months?
  • 5.
  • 6.
    Access rights control: Complianceis at stake! •  As stated by Deloitte in their GFSI Security Survey, top external audit findings are about excessive access rights, Segregation of duties breaches and developper access to production systems http://www.deloitte.com/gfsi/securitysurvey 6
  • 7.
    Brainwave Identity GRC Software solutionfor access compliance and risk assessment
  • 8.
    Approach Company Policies, Regulations… Information System Identity GRC Cloud Devices Reports+ Insight: •  What are my risks? •  What needs to be fixed? •  Am I compliant?
  • 9.
  • 10.
    Benefits •  Improve DataQuality •  Automate controls over fine-grained entitlements •  Even on very large scale (100M+ access rights, 1000s of SoD rules…) •  Provide operational reporting on top of IAM infrastructure •  Build business-oriented review / recertification processes…
  • 11.
  • 12.
  • 13.
  • 14.
    Identity GRC +OpenIDM Automated remediation actions Manual operations Automated provisioning IT Resources Accounts and fine-grained access rights information Identities and access rights assignments HR and organization-related information Access logs •  •  •  •  •  14 Access rights reconciliation Theoretical rights control Account Recertification process Remediation process Controls & Insight
  • 15.
    Integration with OpenIDM •  Simpleinterface (REST services) •  easy to implement and maintain, easy to package •  Ability to automate remediation •  or to mix manual/automated scenarios •  Ability to demonstrate improvement over time •  Enforce remediation, track status, verify desired state •  Nice, customizable GUI and workflow processes
  • 16.
  • 17.
    Other ways toleverage Brainwave
  • 18.
    « Pull »approach •  Build Views to query Brainwave Ledger and instantly publish REST services 18
  • 19.
    « Push »approach •  Trigger email messages / reports based on control results, review results… 19
  • 20.
    Presenter’s Logo Here 2013Open Stack Identity Summit - France Thank you! Questions? Sebastien FAIVRE, Cyril GOLLAIN, Brainwave cyril.gollain@brainwave.fr +33.6 13 78 52 04