Security Controls and Automation: Protecting Sensitive Data in the Cloud
Read Our Post
At Dasera, we believe in ownership and collaboration. To achieve effective data governance, enterprises need clear ownership and seamless, cross-functional collaboration. One of the largest problems with data governance today is stakeholders too often work in functional silos. Solutions are often designed to meet the needs of a single function, thus reinforcing the silos. Such a segmented approach to data governance results in high amounts of manual inefficiencies, a lack of transparency, non-enforced accountability, and -- fundamentally -- a data governance program that is woefully insufficient.
That’s where Dasera comes in. We’re excited to announce our new Crater Lake 5.0 release which allows you to identify and onboard key data decision makers from the Security, Data and Compliance teams including Data Owners & Stewards, provides them with object level data and user access visibility and enables sharing the context across the ecosystem with Dasera APIs. Identifying Data Owners is a prerequisite to any good data governance program, as they typically curate metadata catalogs that enterprises rely upon to inform the right data access decisions. Crater Lake 5.0 incorporates granular Role-Based Access Control with audit tracking and Open APIs that empower owners to use Dasera’s programmatically derived metadata to integrate and enrich their own metadata.
Why Crater Lake?
Crater Lake National Park is famous for its deep lake. Likewise, Dasera’s deep analysis provides your Security, Data and Compliance teams with full data store, user and usage context thus empowering them to make the right business decisions while saving time and money.
What’s in it for You?
Everyone knows that today’s world revolves around data and being competitive requires enterprises to be data-driven. According to Accenture, 70% of the world’s most valuable corporations are data-driven, up from 30% in 2008. Being so requires them to not only collect and store increasing amounts of data, but also ensure that it is stored and used safely and appropriately. In other words, they need good data governance.
But for most companies, good data governance is really a broken promise. We should not have to “check-box” our way through data governance. Check boxes are manual processes and prone to manual error which means your data really isn’t being governed.
Enterprises need to operationalize their Data Governance. They need DataGovOps to graduate from the manual to the always-on model, thus achieving effortless data governance.
Crater Lake 5.0 Highlights
Onboard your Security, Data and Compliance Teams with granular Role-Based Access Control
Data Governance is a shared responsibility. It requires a significant amount of coordination and collaboration across multiple teams — Security, Data and Compliance, Privacy and more. Role-Based Access Control (RBAC) is a method of assigning who can do what within the system, depending on the organization’s structure and the users’ responsibilities. RBAC is also a type of role-based security that can restrict actions based on a user's department or business unit, position, and authority level. If your business deals with sensitive data, it’s important to understand what RBAC is and how you can use it to improve security.
Dasera provides granular Role-Based Access Control to onboard your Security, Data, Compliance and other Teams with the right level of roles and responsibilities within Dasera. It helps identify the key decision makers and assign Data Owners to each data set responsible for coordinating data governance activities across the organization.
Track Every Action in Dasera via Platform User Audit Trail Reporting
In the event of a breach, audit trails can facilitate the reconstruction of historical events related to a record, including the “who, what, when and why” of the action that was performed by a user that resulted in an incident.
Dasera captures time of record creation, alteration, or deletion by every Platform User onboarded via Role-Based Access Control. It also provides the change log of the record to help mitigate the risk of data breaches.
Provide Data Governance Stakeholders with User Context on Who has access to Sensitive Data with Object-Level Privilege Analysis
Over-privileged Users increase the potential for breaches within an organization and the extent of damage should a breach occur. Without adequate control, common privileged threat vectors, including hackers, and rogue insiders may misuse and exploit highly-sensitive information. Even well-meaning users may cause damage. A 2021 study conducted by Aberdeen Strategy and Research found that 78% of insider data breaches are unintentional. This is why enforcing the principle of least privilege is extremely important. In order to apply it, the Admins needs to know
- Who has access to sensitive data?
- Are there governance policies that define the restrictions for Who is supposed to have access to this sensitive data??
Dasera provides Admins with information on which users have access to what type of sensitive data. It also helps drill down into which fields actually map to these sensitive data types. This correlated with the Employee metadata helps Admins determine if any users or departments should be authorized to have access to critical assets, revoke access if needed thus applying the Principle of Least Privilege, minimizing access to only who need to and reducing the attack surface.
Identify Ghost Database Users by Linking Database Users to Real Employees
A majority of the companies expect their Employees will access databases using SSO credentials. Database usernames, however, are often manually-provisioned by Data teams and completely independent from the organization’s IT teams. In today’s cloud-first environments -- where DevOps is spinning up databases left-and-right -- no one is keeping track of which users are being provisioned on these databases and with which usernames. As a result, many companies might miss inactivating certain database users while off-boarding employees. Additionally, temporary access for some users is often not revoked. These situations violate the Principle of Least Privilege and can leave Data Stores vulnerable to attacks.
Dasera can automatically map database users to Active Employees based on your corporate policies then highlight ghost database users that do not map to any Active Employees or service accounts. This helps Data teams gain visibility into over-privileged users and cleanup their data access posture. They can also map multiple usernames on different databases to the same Active Employee identity, so their profiles can be aggregated to provide the correct risk posture.
Dasera Open APIs
We understand the need for your team to work at cloud scale, with cloud velocity and to leverage services which coexist well within your ecosystem. In order to support your team’s unique needs and integrate with the apps and workflows where they spend their days, we are pleased to announce the launch of our Dasera APIs. Our open api’s include secure pathways for full capabilities of Dasera classification and tagging, enabling organizations to exchange metadata and enriching the data context irrespective of where it resides in your environment.
Our team is here to support you on the next phase of your data governance journey. Please reach out to us with any questions on how to get started!
Click here for more details on our Crater Lake 5.0 release.
