The Information Access Mafia
Mr. Laura is not alone-the employees in most organizations are over-entitled, and 90% is a pretty typical figure based on our experience. He is also not the only CIO whose business needs to collaborate digitally in order to survive (and thrive). Lastly, he points out that some data assets that are so sensitive that they "will never allow to escalate. But there's an enormous amount of data that is 'gray'..."
If I'm interpreting Mr. Laura's new approach correctly, he will be to make it easier for individuals to get access to data (that falls into the "gray" category), observe their use of that data, and then "come down very hard after the fact on those who abuse the privilege."
This approach is not vastly different from the approach we have helped many organizations shape, but I would offer some hope for those that have been operating under the hope that least privilege access is possible and effective: It's not that least access doesn't work, it's that least access doesn't work without the right automation, and correct use of that automation.
Automation is required because the amount of existing and new data that needs protection is enormous, the access control and group relationships are numerous and complex, and the rate of change has increased in the context of team collaboration with digital assets. Too many complex decisions need to be made too frequently in order to maintain a least privilege model through traditional, manual means.
Least access has also been difficult because organizations have lost track of which data belongs to whom-no one knows who is supposed to even make the decision on correct access. Furthermore, monitoring actual data access activity has been, until fairly recently, unrealistic or impossible for most organizations. Without an audit trail, use cannot be monitored, abuse cannot be observed, and access control effectiveness cannot be validated.
Luckily, automation now exists that can audit all data access activity, spot abuse, identify data owners, provide automated recommendations on how to reduce access, and automate the access approval and review processes. With this kind of automation, secure collaboration-with least access- is not only possible, but will become standard.
For more on Varonis: www.varonis.com
For more on the Information Week CIO conundrum: http://bit.ly/pw6zre
Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,500 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel
Press releases you might also be interested in
Weitere Informationen zum Thema "Software":
Vom Dreiklang von Compliance, ITSM und DSGVO
Am 25. Mai 2018 ist es so weit: Die zweijährige Übergangszeit der EU-Datenschutz-Grundverordnung (EU-DSGVO) endet und das Gesetz tritt mit allen Konsequenzen in Kraft. Das stellt Unternehmen jeder Größenordnung vor enorme Herausforderungen. So verlangt die Verordnung europaweit von allen Betrieben, sämtliche Geschäftsprozesse kontinuierlich zu überprüfen und zu aktualisieren, die mit der Verarbeitung personenbezogener Daten zu tun haben.Weiterlesen