INSIDER THREAT SECURITY BLOG

Part 1: Do You Know Where Your Data Lives? Thinking of all the data that lives across your organization? It’s a spooky thought. According to a recent Ponemon study on the current state of Data Access Governance (DAG), 62% of people have no confidence or little confidence of where users are storing unstructured data. On the surface, it might seem like a daunting task to figure out where all your data lives. However, with the right tools and a plan, we don’t think you need to worry. In f…

Part 6: Governing Data Access to Meet Security, Compliance and Operational Standards In this 6th and final post of our “Moving from Checkbox Compliance to True Data Security” blog series, we’re going to see how all the work we’ve done in discovering where our data lives, collecting and analyzing relevant information about our data, monitoring activity, and restructuring access rights will pay off in a major way. As you’ve likely gathered already, “Governance” is a pretty important compone…

Part 5: Restructuring Permissions to Achieve a Least Privilege Access Model In part 4 of this 5-part blog series, ‘Moving from Checkbox Compliance to True Data Security,’ we discussed why it’s important to monitor file share activity before you begin to take any action so you can get a full understanding of: Who is leveraging their access privileges What types of operations each user performs Who is creating or contributing the most amount of content If you’ve completed that step and …

If you’ve been following along in this 5-part Checkbox Compliance to True Data Security series, you should have a better understanding of how to locate your data, pinpoint which data is considered sensitive or risky to your organization, and compile a priority list of the sensitive data you’ll want to govern first. You may be thinking that once you’re done with the above it’s time to start making changes to security and locking down the risky data you found, however, we’re not quite there yet…

As the amount of data managed by companies continues to grow both in volume and importance, so does the criticality of ensuring access to this data is controlled. In part 1 of this 5-part ‘Checkbox Compliance to True Data Security’ blog series, we took you through the Discovery process. Now that you know your organization’s data footprint, the next step to true data security is the Collect and Analyze phase. The goal of the Collect and Analyze phase is to assess relevant data points to answe…

Despite the prevalence of data breaches, Data Access Governance (DAG) is still security’s big unaddressed to-do item. In the first blog post of this 5-part Checkbox Compliance to True Data Security blog series, we discussed how DAG is a crucial aspect of security for companies because it is the last line of defense against theft of an organization’s data. Organizations are starting to shift their focus to establish a core set of principles around protecting their data, and they need a bluepri…

Organizations are shifting their focus to a core set of principles around protecting their credentials and data, but they struggle with a starting point. In this 5-part ‘Checkbox Compliance to True Data Security’ blog series, we will provide a foundational blueprint. The series will cover an overview of Data Access Governance (DAG) and introduce the 5 phases that will help shape a true data security program. In an interview with Dark Reading, Brian Christensen, head of global audit for Proti…

User access and permissions to data are excessive – especially within network file share infrastructure – due in large part to the highly complex and/or error-prone processes administrators have been forced to navigate over the years.  Adding insult to injury, the location of sensitive data within shared file systems is largely unknown in most organizations, which is a problem given this type of data is a target in virtually every breach scenario. Securing a file share isn’t too difficu…

Well Ladies and Gentlemen, GDPR is finally upon us. I say finally because we have collectively been studying, reviewing, preparing and planning for this day for quite some time now. I know that not everyone is ready. And the European Commission equally knows that not everyone is ready. That is not an invitation to flaunt the rules however. In fact, I have pointed out before that there are indications that the European Commission will be keen on ensuring the regulation is taken seriously out o…