Added value

  • Overview of the access rights to crucial systems through diverse platforms (Documentum, mainframe applications, shared directories);
  • Efficient process for reviewing access rights based on reports generated automatically;
  • Significant time savings when preparing audits and controls;
  • Automated and standardized reporting.

The challenge

Generali Belgium, a company specialised in life and non-life insurance, engaged the company Paradigmo to help increase its computer security. Generali has 450 employees, including 70 in the IT department, underlining the company’s maturity in this area. Generali Belgium’s IT system comprises a variety of IT-applications linked to its insurance line of business, which means they are ‘business critical’. These applications include Documentum, various applications on the mainframe and shared directories, which are linked to specific projects, and for which the access rights are managed by a number of different people in the company.

Until now, each of these components was subject to decentralized management or kept in ‘silos’ for managing identities and access to the IT system. During audits or controls, this resulted in major operational and financial costs. It became clear that there was a need to set up a more efficient identity governance and access, to improve the knowledge of and control over access rights and thus to respond more effectively to monitoring and control needs.

The project

Generali therefore engaged Paradigmo to implement a solution based on the Identity GRC platform, developed by the company Brainwave. “As an insurer, especially one that’s listed on the stock exchange, Generali has a particular obligation to carry out various audits for the control bodies,” said Bruno Guillaume, IT Risk & Security Officer at Generali Belgium. “That means having an efficient and unique solution on the market, such as Brainwave Identity GRC. We now have a 360° view of everyone who has access to anything in the different IT components. Besides simplifying and speeding up the compliance controls, this improves the quality and efficiency of the process for revising access rights.”

The solution

Paradigmo’s solution meets the stringent requirements for security. “Having installed Brainwave Identity GRC, we can limit the risk of internal fraud and data leakage, and we can improve the overall security level of Generali Belgium’s information system.” Generali is also planning to make further use of the Brainwave Identity GRC platform on the extranet, for controlling and revising access rights.

The extranet includes a network of 1,000 brokerage offices, representing around 3,000 people. Solutions like Brainwave are sure to be used increasingly in all large companies, given the risks arising from companies being ever more open to interactions with the outer world.

Technical sheet

  • Use of the Brainwave GRC solution;
  • Modelling of the control model for application access on a mainframe (through successive layers);
  • Creating an inventory of the access rights;
  • Implementing the process for reviewing access rights;
  • Standardization of the data upload process.

Offices:

BRUSSELS
Buro & Design Center – Suite 511b
Esplanade 1 – box 91
B-1020 Brussels
T: +32 2 427 55 02
info@paradigmo.com
  LOUVAIN-LA-NEUVE
Axis Parc
Rue Fond Cattelain, 2
B-1435 Mont-Saint-Guibert