How to Deliver Closed-Loop Compliance
-
Upload
forgerock -
Category
Technology
-
view
558 -
download
1
description
Transcript of How to Deliver Closed-Loop Compliance
![Page 1: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/1.jpg)
Presenter’s Logo Here 2013 Open Stack Identity Summit - France
Closed-Loop Remediation without breaking a sweat
![Page 2: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/2.jpg)
About Brainwave
![Page 3: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/3.jpg)
2010 Brainwave creation 1st patent
2011 Product RTM Innovation award
2012 20+ customers Gartner IAG Magic Quadrant
2013 KuppingerCole Leadership Compass Gartner Cool Vendor 2013 International Biz Dvp 25+ customers
![Page 4: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/4.jpg)
What we do • Our software helps our customers better control
compliance and assess the risks related to permissions and access on any kind of resource
• Who can access \\NAS\secret\verysecret\document.xls?
• Are there users who can access remotely to the ERP and issue bank transfers?
• Who left the Accounting Department and kept access to our data over the last six months?
![Page 5: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/5.jpg)
Access Entropy
![Page 6: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/6.jpg)
Access rights control: Compliance is at stake! • As stated by Deloitte in their GFSI Security Survey,
top external audit findings are about excessive access rights, Segregation of duties breaches and developper access to production systems
6
http://www.deloitte.com/gfsi/securitysurvey
![Page 7: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/7.jpg)
Brainwave Identity GRC Software solution for access compliance and risk assessment
![Page 8: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/8.jpg)
Approach
Information System
Cloud
Company Policies,
Regulations…
Reports + Insight: • What are my risks? • What needs to be fixed? • Am I compliant?
Devices
Identity GRC
![Page 9: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/9.jpg)
The Identity Ledger
9
![Page 10: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/10.jpg)
Benefits • Improve Data Quality
• Automate controls over fine-grained entitlements • Even on very large scale (100M+ access rights, 1000s of SoD
rules…)
• Provide operational reporting on top of IAM infrastructure
• Build business-oriented review / recertification processes…
![Page 11: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/11.jpg)
Brainwave Customers (extract)
11
![Page 12: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/12.jpg)
Connectorless
12
Top Secret
![Page 13: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/13.jpg)
Integration with OpenIDM
![Page 14: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/14.jpg)
Identity GRC + OpenIDM
14
IT Resources
Manual operations Automated provisioning
Accounts and fine-grained access rights information
Identities and access rights assignments
• Access rights reconciliation • Theoretical rights control • Account Recertification process • Remediation process • Controls & Insight
Automated remediation actions
HR and organization-related information Access logs
![Page 15: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/15.jpg)
Integration with OpenIDM • Simple interface (REST services)
• easy to implement and maintain, easy to package
• Ability to automate remediation • or to mix manual/automated scenarios
• Ability to demonstrate improvement over time • Enforce remediation, track status, verify desired state
• Nice, customizable GUI and workflow processes
![Page 16: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/16.jpg)
Demo time
![Page 17: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/17.jpg)
Other ways to leverage Brainwave
![Page 18: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/18.jpg)
« Pull » approach • Build Views to query
Brainwave Ledger and instantly publish REST services
18
![Page 19: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/19.jpg)
« Push » approach • Trigger email messages / reports based on control
results, review results…
19
![Page 20: How to Deliver Closed-Loop Compliance](https://reader034.fdocuments.net/reader034/viewer/2022042614/5575854fd8b42ae7708b45a1/html5/thumbnails/20.jpg)
Presenter’s Logo Here 2013 Open Stack Identity Summit - France
Thank you! Questions?
Sebastien FAIVRE, Cyril GOLLAIN, Brainwave [email protected] +33.6 13 78 52 04