KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon, ladies and gentleman, welcome to our Ko call webinar five steps to protect your data from internal and external threats. This webinar is supported by white box security. My name is Martin Kuppinger I'm founder and principal Analyst of Ko Cole today.
With, with me here is Roy Paris VP of product management at Y security. We also will be joined by Christian Novitzky, who will do a short presentation on a business case towards the end of this webinar. Before we start some information about keeping a call and some housekeeping very quickly.
And then we will look at the agenda and directly dive into the webinar itself, coming a call via Analyst Analyst company, providing enterprise it research advice for services, decision supporter, networking for it professionals, and excludes our research such as leadership compass documents, where we compare vendors, advisor services for both end user organizations and vendors and events such as our European identity and cloud conference, which will be held next time May 5th to aids Munich. So this is our lead conference. The other thing which we just started, particularly in Germany.
So most of them are in Germany. Language are our leadership seminars. So most of the slide slide here is in German. There's one in London, managing risk and reverses from cloud and the internet of everything and everyone, the others are all in German language held in various cities across German. So this is just a quick overview on that. And now some guidelines for the webinar itself. You are muted centralist. You don't have to mute or unmute yourself. You are controlling these features.
We will record the webinar and the recording will be available latest, but tomorrow and the Q and a session will be at the end. And so at the end, we always to a Q and a session.
However, you can answer your questions at any time using the questions, featuring the go to webinar control panel, which usually is at the left right hand side of your screen. There's an area questions where you can answer questions and then we will pick up these questions later on. Let's have a look at agenda.
So in the first part, I will do a, a short presentation on the evolution of access governance and access intelligence sort of setting the scene for the presentation of Roy later on, and also focusing on some of the areas where we see a lot of evolution, such as access intelligence, such as entitlement and access governance, such as realtime monitoring and how this relates to relates to the need to protect data from internal and external threat. So I will do a quick five step list by the end of my presentation, which is a little bit more maybe broader than before, right?
Moves into the more detailed and concrete stuff with five steps to protect your data and how to do it. He also will do some demo within there. I got set it later by the end of the session, Roy will given some more details on a concrete business case. After that we have our Q and a session, which I have mentioned before. So when we look at this in the ones who a few have been in presentations of mine might notice slide. We are in a situation where our scope of information security is changing. It's not only the internal it anymore. We have a lot of other challenges.
So we use external services store information externally. So the cloud computing is one part of this computing.
We, we have more types of users integrated into business process, accessing our applications, cetera, different types of logins. We have to handle more identities than ever, and we have to mobile users. So with cloud social mobile computing, we have a, a number of new challenges and information protections. Really the, the big challenge we are facing here.
And, and all of this in fact is about how can I protect my information at the center of all these things at the end of the day, the information, and how can I ensure that my information is secure in all these various scenarios, regardless of where it's stored, regardless of who accesses it, regardless of which device I'm using, and clearly sort of traditional approaches, which are focused on how do I protect the server? How do you make a server safe are not sufficient anymore to handle this new landscape, especially because we are so facing a number of new types of threats.
So we need to understand who's accessing what, what is done here. What happens with our information and one set of technologies, which are used in this space is what commonly is called access governance. And given that we use the term and, and this webinar and various places, I just wanna give a quick definition of that. So access governance, what is this about? It's about some questions to answer. It's about questions who has access to what, who has access to what, or who is accessing, what, who is doing, what drives to access, what, who has granted access.
So all this stuff around this includes a number of technologies, and some of these are sort of more traditional collecting all the entitlements from various systems, doing recertification analytics and intelligence are clearly more new things. So there has been reporting for a while, but right now we see a number of more advanced analytical capabilities, trying to help us to understand what really is happening, which where are things going wrong? Where are anomalies, where are things which are just indicating a higher risk. And this, that directly relates to the access risk management.
There are other things coming in. So such as entitlement and governance, I will talk about this later, such as real time monitoring stuff.
Again, something I will talk about later. And Roy in particular, dive deeper into that. Then we have to request managements or requesting access management roles, managing the segregation of duty controls and all this is done to mitigate our risks. So when we talk about a risk model, this is about, it's about a threat we are facing, which has a probability. If there's no probability, then it's an uncertainty. It's not a risk. It's something which just can happen. It will have an impact on assets. So it can be impact.
That is we have to, we are penalized by the state for doing something wrong, whatever it can have impact on business process. So business process don't run us expected anymore. That's what happens then we need to mitigate these risks. And a lot of risks are around access. So commonly there's the definition of, well, we have strategic risks, which is business operational risks, which is business. And we have the it risk.
I think this is in fact, even while I show it here, it's in fact, a little bit of wrong definition because all of the it risks we are looking at are just, we are just looking at these because they are either operational or strategic. So this is the only reason why we look at these things. There are a number of sources for such risks, such as malicious activity, coordinated, a attacks hacking, et cetera. We see a lot of external attacks these days in, in various areas. There's misuse. So someone's abusing this privilege might be just curiosity or anything else. And there are mistakes.
So things are just going wrong. Someone does something wrong, which kind of have sometimes a very heavy impact on business processes.
And we, we need in particular need to look at access risks. So as I've said, a risk is it's read on there's a specific probability and impact. Then we have this information risk part. So the business is not interested in technology security. The business is interested in information security are the relevant assets, information assets for organizations. Are they safe? And what is the risk for specific information from the perspective of business? So it's a business risk, but it's also an access risk.
So a lot, lot of information risk, and this is something where business are really looking at. So roughly in fact, this is an information access risk. So who is accessing information in a way you should not look at. And that's the reason why we have to deal that doesn't requires that we understand what is our information. So what are our informational assets? We need us to understand the risk. So who might be the attacker who is interested in gaining access to the information? What does it mean if this information is lost?
If it's leaked, whatever so frequently, it's more about leaking the losing, and this is really what makes out the risk. Then we need to then mitigate the risks. So to set our focus on what are the biggest risks, where do we have to concentrate on? And at the end, it's a balance of risk and reward. And so the title of this webinar says, we are looking at external and internal threats. And I think this is a very important thing in these days. So the risk not only comes from our insider attacks from our internals. The risk comes also from an increasing number of outsider attacks.
At the end of the day, many of the outsider attacks in fact are done in a way where outsiders gain access to privileged internal accounts, and then create long running sophisticated attack. Just to give you a quick overview of that, what, what happens here and both of these are relevant inside and outsider leading to advanced attack, giving a quick idea of what happens here is, you know, for instance, typical story of an advanced persistence threat is that emails are sent to local internal users with some links containing malware.
So some fishing, maybe it happens before with some social phishing. So social networks used to identify potential recipients of such mails. Then someone will click or open the attachment. In most cases, stole the mail where the Mel cans network, and then it acts in the context of someone and it starts accessing things. So it spreads out, looks at our server, send information back. And at some point of this, some accounts are accessing information in a way which is uncommon. There are anomalies. So some thing is happening and this can be identified.
And the interesting point is that there are, there's a number of studies and some of them are saying that leverage attacker is in the systems for around about 200 days before he's detected. So it means things are going on for a while and we need to understand what is happening here, where are the things becoming anomalies? And then we need to react on this.
So we, we need, if you look at this entire access story, we need to understand it's a far more complex story than it ever has been before. We need to under protect information and we need to manage access, but it's not only about saying these are the access rights for someone. These are the sod controls. It's more than that. And one of the things is that we need to understand that we not only can control, have you said everything correct?
We need also to understand the behavior of people when they are working with systems, but not only that, going back to the sort of the more basic things within governance we need to understand is at all levels of systems and that, as I've said at the beginning, there are some three things I'd like to talk a little bit about in detail in my presentation. One is entitlement and access governance. So what about the lower level systems? The second is real time and then also access intelligence.
And so when I look at this multilayered security stuff, one of the points we have, when we look at traditional ways to identity management and ex governance, then we do it at a high levels. We do it at a very cross current level where we say, okay, we have a high level view. And then we have grant someone access to a business role in SAP or global troop in ID or whatever, but the ad global group might be, might consist of other local groups, etcetera. So we have another hierarchy of entitlements below that, and we need to understand this as well. So we need more insight into the details.
What is happening at the system level? How do, how are these things really done at the system level? And if someone changes the, the excess control entry for a local group, this might affect something up there and we need to understand all these relationships. This is what we call entitlement access governance.
So we see an increasing number of offerings, which provide insight, not only at the higher level, which traditional identity provisioning and access governance starts, but also at the lower little, for particular systems, particular unstructured information, such as file service and Microsoft SharePoint. So management and control of these systems, holding unstructured data and extending processes to these systems. So how to manage entitlements, how to request the access and prove it, how to do governance and intelligence.
So how to really analyze what, what is happening here, what are the entitlements, what are the, who can be do what, and who is doing what on these, bridging the gap between the system administration. So someone here for SAP, for SharePoint, for file service and the cross system act governance and intelligence, the traditional sort of identity management and provisioning in such systems, sort of the system administrations become sort of a tenant of an overarching solution. So S at the system administration level are handled by a standard solution.
But in fact, there are done specific things used by the windows, administrators or the SharePoint administrators, whatever, but in a more consistent model or more consistent context. And this is also includes capabilities of access, intelligence, identifying information, and the interesting where intelligence really comes into place, the realtime area. So one of the questions clearly is do we need realtime analytics? Traditionally, if you look at access governance, it sort of, we manage our roles, we put them into place.
We look at little bit of, if something is going wrong in the administration, and then we do a recertification occasionally every year or so, but we don't understand anything about anomalies. And we don't see things for chap in between. So in the 12 months between the re-certifications, a lot of things can go wrong. So from my perspective, yes, we need realtime capabilities. Tech already might be in, depending on the source might be quite long period of time. There might be lot of misuse mistakes, whatever that period of time.
And so we need to check it more frequently out of that standard governance does to look at user behavior. It looks at a title status. So it's the status, the static situation, correct, but not the dynamic use of systems. So we need to, to move forward on that. These are some of the evolutionary areas we really see for access governance, where we see a lot of things going on, tools becoming more capable. And this is something which we consider as very important.
So if I had to talk about five steps, just to give you some, some view, and this is where Roy will dive deeper into more specifically. And I think one of the first sort first step ever is you need to understand your risks and the attackers. So what are your risks and who might be interested in your information, you need to understand of out of all the various information security technologies, which risks they can help mitigating and how do they work together? So trust investing in one piece of technology never helps. You need to have a blueprint.
You need to understand these are my risks, and these are the technologies. If I combine the right side of technologies, I really can mitigate the most important risk have student deciding about which projects to do first, where to invest first, instead of having a firewall group here and endpoint security group here, which all are pushing their things totally disparate, which also then includes my service, define your guidelines, organizations, processes integrated for all aspects of security. And one of the actions is implement access governance and intelligence.
You need to understand what is going on in your systems with real time capabilities and add EHE entitlement, access governance. So do not do it only on the course grain high level, but do it per systems integrated so that you understand what happens at the file server level that you can manage consistently integrated your processes and right, and will dive into five steps, which go a little bit more into detail on the access governance, intelligence, route time part. And that's where I hand over to him.
So in the next part of our presentation, Roy Paris will talk about how to do it and show how to do it. Roy, it's your term. Thank you Martin, for this interesting introduction. Hello everyone. I'm Roy per and I'm the video product management for white book security. Our agenda for today is going through a very brief presentation, explaining our technology followed by five years cases that discuss how to better cope with the rising internal and external threats. Few words about white book security. It was funded in 2007. It is based in the us with offices in EA and APAC.
We have over 60 happy customers worldwide. And at the bottom of the slide, you can see some of the awards given to white ops, our data access governance platform. This slide summarizes some of our well known customers starting from Fiat automobile, going through Texaco in the energy sector, MTS, which is the largest carrier mobile carrier in Russia and visa among others. So when we deal with data access governance, we provide our customers with the ability to answer five key questions. Where does my sensitive data site followed by permissions who has access to do what in our applications?
Next question is talking more about activities who has actually access what and when, and where did each and every access occur. Fourth question is talking a little bit about compliance. So who has been violating policies while accessing resources? Third question allows us to be more efficient in managing the it resources. So what data and accounts are enacted or not in use, and which permissions are state. When we deal with data, we always say that data is data is data. So it's the type is, does not matter. And this is where yips comes in place. We allow you to protect all types of data.
It doesn't matter if it's unstructured, semistructured structured. If the application is commercial or homegrown, or if the application is stored in premise or on the cloud, we've got you covered. This is the last slide before we dive into the use cases. And the most important thing about this slide is for you to understand how quick the time to value is. So within a day of installation, we can start dealing with visibility, asking questions about our sensitive data, who has access to it and who is accessing it. It is followed by control and compliance that you'll be gaining within a week.
So we'll start talking about security insights about overexposed folders, et cetera, assigning data owners, setting access policies, to make sure that we know of violation as they happen and can respond to them. And in terms of compliance, we can start performing access reviews or re-certifications automate compliance controls and automate segregation of duties tests to make sure our access is being kept on a need to know basis.
So our five use cases for today, starting from gaining visibility into activities, detecting the access violation as they happen, understanding permission and simulating changes involving business users in compliance processes. And we have another surprise coming up at the end. So let's start with the beginning, gaining visibility into activities. It's very important for us to understand as Martin indicated, who is doing what and to get the full audit trail for this particular activity, to make sure that we can investigate incidents and know that they happen.
So let's see how it's done within wides. This is wide and this is the activity screen. And the activity screen was designed to answer each and every question one may have about who did what and when, and where did access occur. So you can see here, the currently monitored applications, there's active directory environment exchange file server, homegrown application SharePoint, et cetera, with your permission, I'm going to pass on the obvious and simple scenarios and go through the more comprehensive ones.
So let's start talking about permissions from the users about activities from the user's perspective to do that, or just go to the user still here and just search for a specific user by double clicking on the user and click on apply. I'm going to get all of this user activities across all the organizational applications. So I can see his activities in the Oracle environment, in the SAP environment, in this database and getting basic information such the creation time, username, IP address, et cetera.
But if I want to get the full security context, all I need to do is double click on this particular activity. And I'll be getting the full security context about the activity about the user, about the machine, et cetera. So this is an SAP activity, so we can see the executed transaction. We can see that terminal ID connection type and some more proprietary SAP information. We can also see more information about the executing user from the active directory. So we see his department, we see his distinguished name. We see his group membership at the time of execution, et cetera.
We can also see that white ops allows you to enrich monitored activities from different in place security applications as well. So if you'll dig down more to this list of activities, we'll be able to see also five server activities as we see here. So this is an access to an Excel pile or SharePoint activities where you can see the exact URL. You can see the exact internal SharePoint groups that the user is a member of at the time of execution and also active directory activities like this one here that says that a Smith was modifying a specific user.
This is the user and for active directory activities, you get to see the previous values together with the new values to make sure you know, how to war back, if something bad happened, resulted from an activity. So this was rather simple query. We didn't stop there and allowed you to create sophisticated queries using each and every monitored and enriched attribute. We do that using simple w H questions. So let's see how it's done. Let's say that we want to get all the it members activities that have accessed credit cards, information, something that of course shouldn't happen.
So we're talking about the it members. So about the user, we'll go with the who question, choose the department attribute, choose the right operator, ask quiet ops for the possible values, choose the right value. And this is the first part of the filter department equals it. But we want to add another one. We want to add another filter expression about what was accessed about information. So we're going with the, what question, choose the classification category again, operator value. And we're all set in few clicks of a button.
We've created a very sophisticated printer saying we want to get all the it members that have access credit cards, click on apply. And you'll be able to see here both SharePoint activities, as well as file server activities. Because as we say, data is data is data and credit cards should be protected on SharePoint and on file servers together. So basically this screen allows you to ask anything you want about activities back to the, so our next scenario is talking about detecting access violations as they happen.
So we always say that time is of the essence when dealing with data protection, and we might ensure that the right security content context is being kept because for example, it members shouldn't have, shouldn't use their or abuse their permissions to access sensitive information. And we also want to be able to respond in real time. So let's see how it's done in Y to do that, or to look at access policy, let's go with the policy screen and double click on the accounts folder, which is a monitored folder under the file server to see the access policy configured to it.
So wide ups access policies are comprised of three different types. Of course, today we'll be covering two of them. So the first one is called discard and is here to filter irrelevant activities from being saved to the database. So in this case, we've defined irrelevant activities as ones that are being carried out by the NetApp AV user, coming from a specific it and performing lead activities. We do that because we do not want all the antivirus read or files to be saved to the database.
Next type of rule would be a alert with the red tag and a alert rules are here to catch specific incidents and allow you to respond to them in real time. So the first alert we'll hear is talking about action type permission change. So we want each and every permission change to be alerted to the auditor and also to open an alert within white with responses. We allow you to send emails in real time, send USS messages, send clog activities to your so systems and also run user exits to perform customized responses again, in real time.
Next alert tool here is a bit more comprehensive as is, is talking about. We want to make sure that no, it guy is accessing senior management information and performs, read, or right to it. We do not want the it guy to use their permissions rules can be easily created here using our manual creation or using the innovative policy, which allows you to create rules based on the usage patterns. And of course, white ups count out of the book source for your ease of use. So the next scenario is talking about understanding permissions and simulating changes before actually committing them.
We wanna know who has access to what across all the organizational applications. We want to identify their practices. And we want to know how to simulate activities before actually committing them. So back to vitals. And now I'm getting into the entitlement screen in which we can start talking about investigating permissions. So let's start with a basic filter saying, I wanna see all the permissions granted on the accounts folder, just double click on the accounts folder, click on apply. And I'll be getting all the roles that have access in this case.
That's the domain main source only, and the exact users. So as you can see, we get information such as the user that have the access. In this case, we have a cell here that have the access granted directly to him, which is a pet practice, no whole name here. You see that there, those are modified permissions and you can see for each and every access the LA the date of latest use, as you can see here, there are black records and red, black records presents permissions that have been in news in the latest last 24 months.
And the regular also present permission that haven't been in use in this, in this timeframe. You can also get for each and every permission indication for inheritance effectiveness, risk.
Cetera, of course, here, you can also use our user perspective or use the w H question so you can choose a Smith again and take a look on his fine grain permissions across all the organizational applications. So his permissions in the hunger application, SharePoint 5, 5, 7, et cetera. The next thing I want to show you here is the, what if simulation analysis screen? So let's simulate an addition of a user to a group. Let's speak the domain admin group and say, we want to add a Smith to this group.
So will tell us exactly to what new locations will a Smith be, getting new permissions resulted by this particular change. So we can see that he'll be getting permission to the finance website, also to the accounts and finance folders, to the CEO mailbox, and also to a sensitive organization and unit within the active directory. We can also see the fine grain permission here. So we think that it's very important for us to make sure that we are not overexposing sensitive information by a permission change that we want to do.
So it's very important to go through simulation before committing any changes to our current groups and permission changes. So our next use case is talking about involving business users in compliance processes. And we do that first and foremost to meet the regulatory requirements, but we also want do that in order to delegate authority to the business users, as they know the business best, and they know the data the best because they use it on daily basis.
So for that matter, we've created a whole separated, dedicated interface for business users in which they can take participation in compliance processes. So let's have a look on this interface. So as you can see here, the interface is much more simplified, less technical. We're now taking a look on a Smith view.
You can see that the, this interface is fully multilingual, so you can get it in any language that you want, because it's important for the business visitors to perform compliance processes in their, you can see that they can perform access reviews, access requests, get reports that were assigned to them, review compliance, controls violations, and have their own dashboard, which is customized to their exact needs. So let's go through on access review, for example, just to see how simple it is for a user to participate in such a process.
So right after I clicked the access review button, I'm going to get the list of certification that a Smith takes participation in. And I'm going to go with the five server one. So I'm going to get a rather central table of information. I have the username here, the display name, the permission type that this user have. And we also get more specific, intelligent information like the less usage, permission, risk indications, and also indications for sensitive data that is hidden behind these particular permissions.
And all that everyone needs to do is just to decide whether to certify this access or to revoke it, of course, that we can work in box to do the work much faster. So we can, by, for example, the permission type and say that we can see that most of the permissions are about through and execute permissions. There are some for full control and some for modified, we can further drill down to that and say, let's see that by role name, for example. And we can see that some of the permissions are granted by the everyone rule and some for by the authenticated users hold.
So that of course, a, that practice as well with, so everything was designed here to make the business user very, very effective in performing his compliance duties. And we also allow him to investigate activities, issues, trends, and anomalies in a very, very interactive and easy to use way. So let's sum up what we have seen so far. YOP provides you with visibility into activities, permissions, and data. We also provide you with insights into security issues and bad practices and violations of compliance processes and access violations as well.
And I'm asking you today, can the it handle them all by itself? We believe that the answer is no, there's just too much information across too many applications. The it is also is, is over overburdened and finance. And if we be completely honest, the it doesn't doesn't have a well enough knowledge about the entire organizational information in order to take the decisions for all of those insights and, and risks. So we gave a lot of thought to the situation and came up with a innovative idea. We should crowdsource your data protection.
Think about that, just translating all those problems, insights, all those risks, basically to human, simple questions and approaching those who know the information, the best the business users, because they are using it on daily basis. And they're creating it on, on daily basis. You can really boost up the deployment and the pace of elimination of risks. You can relieve the overburden it department from the responsibility of all the organizational information, and you can on the way, educate business users about information security. So let's see how we do that using our new product.
So wan Peterson, Juan Peterson is every guy from the organization. And when I'm going to click on his image right here, YOP will start asking him questions that is, that are needed for YOP to automate and streamline processes for taking care of the risks. And YOP will ask him only questions about his information, about information he uses on daily basis. So let's see how it's done. As you can see, I'm logging Aswan on seeing the amount of points that he's achieved up until now, the amount of activities he has left. And we're asking him simple questions, Huan, who owns the following folder.
The folder that we're talking about is project X. These are the files that you've recently used under this folder, and also suggesting with the eligible men and woman for the job. So you can just say, who do you think the owner should be and continue to the next question. The next question is different yet. Very simple again. So do you still need the following access Kwan, you have permissions to the sales folder you haven't been using for almost, or for more than a year, and you also have permissions to the finance folder. You haven't been used in the last eight months.
So let's say you want to keep the sales permissions and move onto the next one. That's the same owner question just for different folders. So let's pass on that. And as you can see, once in every three activities, we're going to sum up things for Huan and tell him, how does he doing in compare to others? So you can see he's leading the data protection heroes child here, how his department is doing against other departments. And most importantly, how his personal information is being utilized.
So 153 users can read the report you've created this week, or five users have deleted data from the quarterly reports folder. Another thing I can tell you about Juan, that is the owner of this quarterly reports folder. So if you want to get more information, it just click on this folder and gets into the data owner's dashboard in which you can find more important information and can perform activities.
So you get information about sensitive information within this folder, the trends about the size of the folder on a timeline, how much sta information is within his folder, activities, heat map for easily detection of, of anomalies. So for example, here, we can see half a year calendar with, in which each rectangular represents a different day and the dock, the color on the Ang, the more activities that took place on the day. So it's very easy to deduce or to identify problems if he wants to further investigate activities. He's doing that in a very interactive, very easy to use way.
So we, we are very excited with this new product that we're going to launch early in 2015 in the beginning, we're now in a close bed of it. And the responses are very, very positive. So we really believe that the next generation of data governance products is involving the business users, as they know the information best and can produce us with the better, with better results. So without further, Raj, I'm going to ask Martin into pass the presenter role to Mr. Kristen whisky. Mr.
Norski is the managing director of in telecom, and he'll be telling you about and success story that we've experienced in the, the region lately. Thank you. Thank you. You're very impressive. Very impressive. I hope you all can see my screen right now with the PowerPoint presentation. My name is Christian. Perfect. Thank you for that. My name is Christian noit. I'm the general manager and founder of in telecom, GM BH, a German value added dis and it security research and architecting. I will give only a very short overview of my company.
And without a waste of time, I will jump over to show you something about project. We realized with white box security in telecom was founded in 2004. We get present presence in Germany, Austria, and Switzerland, working very well with about 450 retailers and associated consultants. Our customers include also those with the highest security requirements. So highly confidential ones.
We, our own network operations center to prevent security and attacks and to, to react. So our own computer emergency response team. We have an academy in near Frankfurt in Germany to train it expert experts in state of the art offense and defense technologies. And we are member of the German federal association of it experts and appraisers also of the German Alliance for cyber security. And of course we are platinum white box security partner.
The next slide I will begin to give you brief overview of case study of project, which just completed with white box security platform wide ops, where we, as a value added security, we always focus initially on the clients requirements and then define a solution. Based upon these, we summarized the client's requirement in that case into four points.
First one was they had no idea who was accessing which information and where these information besides the complex access administration and approval processes, the large amount of partners and contractors that are using data obligation to clients and partners to demonstrate data is protected. And the management and regulatory audits increasingly difficult time consuming and quality question marks white box in that case provided us and decline with the perfect platform to address these issues and create a strong collaboration between it security and business users.
Based upon the white box business act, we've implemented a framework to continuously address the issues the company was facing. Starting with the business owners. We identified ified sensitive data and who should or should not to have access to it. We implemented a policy platform and remediation workflows. The certification programs were particularly effective for the initial cleanup work while contributing to compliancy or the centralized access request Porwal Porwal enables round off the solution perfectly.
For example, enforcing a role concept by raising an each time X is, was ed directly scheduling the scheduling the removal of unused rights. Also that very simple then where is my sensitive data, easy to set up classification rules scans the environments and finds documents contains sensitive data in their and their location. Now I know where my sensitive data is. I can implement policies to determine what can and cannot happen to this who can have access and under what conditions access can take place.
Now, we have created the ideal, intuitive and centralized platform upon which it security and the business responsible persons can manage access to data. Hence protecting it. The workflow ensures this is maintained on a day to day basis without any effort. And what did we achieve? Lots following some examples in the next slide. Yeah. And the results, of course, 55% of access rights removed within five months, get a very clear insight as to where sensitive data is and who was, who has access them.
We get a transparency of rights across all environments, a full audit trail for automation of audits and complaint compliance to data protection. Law demonstrate personal data is secure. All of that was done within the last six months. We've finished that, and that was show overview of what can be done with white box security. And I think we should come now to the point of a question and answer for today. Okay. So thank you.
Thank you, Christian. I will take over the moderator of thank you. And we will move to the Q and a session. So Q and a, just a second. So as I've said, we right now we'll do the Q and a.
So again, I ask the attendees to enter their questions if they have, we have the first questions already here. And so I think we directly start with them and then pick up other questions, which come in, we have some few minutes left.
So, so one of the questions I have here, Roy, at the beginning, you've mentioned that you can rise quickly serve the requirements of organizations. And one of the questions came in is so, so what is the size of the company you can serve in a week? So is it more for small mid companies or does it really also work for Russell large organizations or do you start at a department level then? So what is the approach then?
Well, the time that I've mentioned there are eligible both for small organization, as well as legal organizations, because visibility does not cost us or need any intervention from us, just install Y dots, which takes two to three hours and then starts connecting applications to it each and every out of the box application supported application, we connect takes between five to 10 minutes, and then we can be done with a very large environment, as well as small environments in the same day. And then information will start growing and answers could be, get very easily.
Okay, perfect. Thank you. And so if you do a POC, so how quickly are you, you able to show this another question which came in to show results, which really support clients in their sort of management process for, and that is system making. Is it really in a global organization that you can beat up quickly? Actually, yes.
From our experience with all of our customers and from current processes that we're having POCs takes between two days to three days, tops to demonstrate the value, to let the organization to gain visibility into the data, into activities, into permissions and having security insights and compliance processes in place. It doesn't take more than more than that. Another question, which I think is, is interesting is if you do recertification more, let's say risk based. So not on the, the regular schedule where you say I do every six or 12 months.
What is your experience in concrete practical projects from, from the auditor side on that? So they are used a little bit to, we do it every six or 12, so six high risk 12 for, for non high risk items.
And if you move to sort of a more risk based approach, what is perception and the reaction of auditors that Well, I can tell you from our experience in some of our customers that for more sensitive information and for, I say more sensitive transactions in ERP systems, then the auditor will ask for a shorter time period for classification as well as classification that it's not only based on risk, but based on change.
And I mean that, for example, if someone is moving between position within an organization, then if that someone is accounted as an executive or someone with a high level of permission, someone from the it, then the trigger for this re certification should be the actual change. So we use both risk test certification and change, I'd say change based classification that are shorter than those regular scheduled precertification processes. Okay. And last question then a lot of organizations already have some, some identity provisioning, some identity manager tool in place.
How, how do you deal with such existing tools? So you, in fact, from what I see at marketability, so is your, your approach and OS you sort of act as good citizen is existing environments. And where do you see them? The big value add you deliver?
Well, we work with in harmony with IBM existing IDM applications. We allow them to look into the permissions from the bottom up approach. So we do not stop at the whole level and can translate the roles that the IDMs are aware into fine grain permissions. We can enrich their information with the actual usage of permission so we can tell them which roles are used, which roles are not in use and allow organization to really assess the effectiveness of each and every role. So we work closely with IBM products and some of our customers.
We also integrated our, what if scenarios and segregation of duties engines in access request forms that was carried out by the actual IDM. So the user fill out the IDM form for access request. The form gets to white segregation of duties. Assessment is taking place and the reviewer gets the request as well as the segregation of duties assessment that comes from wide ups.
Okay, perfect. So thank you for the answers and thank you to all the attendees and speakers and scooping a call webinar for participating today in our company co webinar, there are a number of webinars coming up in the next few weeks. There's our conference next year, made the seminars, etcetera. So hope to have you again, soon as participant in one of these events. Thank you for your time and have a nice day. Bye.