What Keeps You Up at Night? Insights from a Ponemon Data Access Governance Study: Are Users Putting Your Sensitive Data at Risk?
Previously in this blog series, we talked about understanding your organization’s data footprint. We also discussed methodologies for identifying where sensitive data exists. At this point, you’re probably realizing how much data lives across your organization and wondering… who is accessing all this information?
The concern now isn’t solely about the data itself, but rather that users within your organization may have inappropriate access to this data. According to a recent Ponemon Study on the State of Data Access Governance, most respondents of a group of IT professionals thought it was likely or very likely that users were putting sensitive data at risk.
The scariest situation to imagine, of course, is the disgruntled employee who purposefully leaks data. The user in this nightmare scenario has access to multiple file shares, and their user activity flies virtually under the radar. 42% of IT professionals do have this fear, and it’s a circumstance that certainly can – and does – happen.
But other times, risky behavior exhibited by employees isn’t as clearly and purposefully malicious. Your users might be accessing sensitive or confidential data merely due to curiosity, or may be sharing access rights with colleagues within the organization when asked. Regardless of the reason, insiders are still absolutely putting sensitive data at risk, and that can be a serious problem.
Luckily, with the right plan in place, you realistically won’t need to worry about any of the ways employees and insiders are accessing data. All of these risks are actually pretty easy to address with a Data Access Governance (DAG) program. As discussed in our DAG 101 series, the methodology of implementing a DAG program begins with discovering your data footprint, followed by collecting and analyzing the data to determine where sensitive data lives across your organization. The next phase is monitoring the activity and seeing user’s interactions with that data. Once you get a sense of who within your organization truly needs access to what, you can restructure access rights so that only the appropriate people have the right access.
Ensuring a mechanism is in place that easily grants and revokes access to data really eliminates most likelihoods of inappropriate access for users. When access rights are assigned properly, users cannot access sensitive data out of curiosity, cannot leak data easily or without detection, and the certainly will not have access to data after leaving an organization.
Check out the 2018 Ponemon Study on the State of Data Access Governance for more insights and be sure to check back over the next 2 weeks as I break down additional findings from the Ponemon Study. You can also subscribe to receive email alerts each time a new blog in the “What Keeps You Up at Night? Insights from a Ponemon Data Access Governance Study” series posts by signing up here.
Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:
Tracy Fey is a Technical Marketing Documentation Specialist at STEALTHbits. Tracy creates tools and content to increase awareness of STEALTHbits products and capabilities, as well as educate on a variety of subjects in the cybersecurity space.