The Information Access Mafia

London, (PresseBox) - Responding to an Information Week feature on the trials and tribulations of a fictitious chief information officer, data governance specialist Varonis Systems says that least privilege automation is clearly the way forward and the controls on handling that data are an essential part of the Governance, Risk and Compliance (GRC) jigsaw, specifying who can do what, where and when with an organisation's information.

Mr. Laura is not alone-the employees in most organizations are over-entitled, and 90% is a pretty typical figure based on our experience. He is also not the only CIO whose business needs to collaborate digitally in order to survive (and thrive). Lastly, he points out that some data assets that are so sensitive that they "will never allow to escalate. But there's an enormous amount of data that is 'gray'..."

If I'm interpreting Mr. Laura's new approach correctly, he will be to make it easier for individuals to get access to data (that falls into the "gray" category), observe their use of that data, and then "come down very hard after the fact on those who abuse the privilege."

This approach is not vastly different from the approach we have helped many organizations shape, but I would offer some hope for those that have been operating under the hope that least privilege access is possible and effective: It's not that least access doesn't work, it's that least access doesn't work without the right automation, and correct use of that automation.

Automation is required because the amount of existing and new data that needs protection is enormous, the access control and group relationships are numerous and complex, and the rate of change has increased in the context of team collaboration with digital assets. Too many complex decisions need to be made too frequently in order to maintain a least privilege model through traditional, manual means.

Least access has also been difficult because organizations have lost track of which data belongs to whom-no one knows who is supposed to even make the decision on correct access. Furthermore, monitoring actual data access activity has been, until fairly recently, unrealistic or impossible for most organizations. Without an audit trail, use cannot be monitored, abuse cannot be observed, and access control effectiveness cannot be validated.

Luckily, automation now exists that can audit all data access activity, spot abuse, identify data owners, provide automated recommendations on how to reduce access, and automate the access approval and review processes. With this kind of automation, secure collaboration-with least access- is not only possible, but will become standard.

For more on Varonis:

For more on the Information Week CIO conundrum:

Varonis Deutschland

Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on, Varonis has more than 4,500 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel

Press releases you might also be interested in

Weitere Informationen zum Thema "Software":

Vom Dreiklang von Compliance, ITSM und DSGVO

Am 25. Mai 2018 ist es so weit: Die zwei­jäh­ri­ge Über­gangs­zeit der EU-Da­ten­schutz-Grund­ver­ord­nung (EU-DSG­VO) en­det und das Ge­setz tritt mit al­len Kon­se­qu­en­zen in Kraft. Das stellt Un­ter­neh­men je­der Grö­ß­en­ord­nung vor enor­me Her­aus­for­de­run­gen. So ver­langt die Ver­ord­nung eu­ro­pa­weit von al­len Be­trie­ben, sämt­li­che Ge­schäft­s­pro­zes­se kon­ti­nu­ier­lich zu über­prü­fen und zu ak­tua­li­sie­ren, die mit der Ver­ar­bei­tung per­so­nen­be­zo­ge­ner Da­ten zu tun ha­ben.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.