RSA Data Access Governance
Manage Access to Unstructured Data in Your Environment
Overview:
Gain control of access to unstructured data and implement processes for unstructured data governance. RSA Data Access Governance monitors, certifies and reports on who has access to unstructured data stored on the following resources: Microsoft Windows-, Linux- and UNIX file servers; network-attached storage devices; and Microsoft SharePoint servers.
- Unmatched Visibility - Enables IT and the business to know definitively who owns enterprise data resources, who has access to what data resources, how they got access, whether they should have access, and who approved it across Windows file shares and SharePoint.
- Effective Access Certifications for Business Users - An automated access certification process generates actionable reviews that are simple and effective for business users to work with. A closed-loop workflow tracks and audits access changes, providing the evidence needed by auditors and regulators.
- Identification of Data Owners - Leverages user activity monitoring to determine who frequently accesses the data in question, which can be used to suggest owners.
- Enforcement of Compliance Policies - Easy-to-use business rules enable business and compliance policies associated with users, groups and access permissions to be tested or automatically enforced.
- Leverage Existing Security Investments - Leverages Microsoft AD group-based data access lifecycle management. Data classifications derived from DLP systems can be leveraged to determine controls and used for access risk management processes.
With RSA Data Access Governance, Organizations Can:
- Gain visibility and ownership of user entitlements for Windows, Linux and Unix Servers, file shares and Microsoft SharePoint
- Automate the data access certification process for the lines-of-business
- Remediate inappropriate access and put in place a consistent methodology for group-based access to file shares and SharePoint
- Enable a closed-loop validation process for change to data access permissions
- Determine whether access policy and control objectives are being met
- Manage data access risk and provide auditable evidence of compliance
Capability Highlights
Scalable Architecture - The DAG architecture is a proven, scalable solution designed to meet the performance requirements of any size across tens of thousands of file shares and millions of files.
Enterprise-Wide Visibility - Automatically collects, correlates, and unifies user identities with Microsoft Active Directory accounts and groups, SharePoint groups and access permissions arcoss all Windows file servers, network-attached storage devices and SharePoint servers. During collection DAG has a mechanism for metadata and classification discovery that can be used for access risk analysis.
Ownership & Accountability - A unique process for indentifying business data owners and reaching out to them to validate ownership of the data, as well as metadata and classification information.
Access Certification - An automated end-to-end solution for data access certification enables IT Security to deploy a repeatable, auditable and business-oriented certification process. Up-to-data information about users, groups and permissions is collected from data resources and reviews are created automatically. Entitlement data used in the review process is presented in business friendly context. Changes resulting from the certification process are tracked, and the system validates that they have been successfully made. Dashboards help information security personnel understand the status fo certifications and escalations. Archived certifications and a complete audit trail provide the much needed evidence of compliance.
Configurable Workflow - Graphical workflow can be easily configured to accoummodate an organization's unique access governance processes for review, approval, exception handling and remediation. Integration with leading user provisioning and IT help desk systems routes changes to the appropriate individuals or access change fulfillment mechanisms.
Advanced Reporting - Ad hoc reporting, together with an extensive built-in reports, delivers detailed and summary analyses across all users, data resources, data entitlements and certifications.
Controls Automation - Business and IT teams can easily define data access business rules that automate the monitoring of inappropriate access permissions, including SoD violations, limiting the probability of business and compliance risks materializing. Compliance controls can be easily linked to the actual evidence.
Risk Analytics - In additon to providing comprehensive insight into the state of data access permissions, DAG provides IT security, compliance, audit and risk management teams with the metrics and decision support to make access risk management actionable.
Remediation - Automated remdiation of user access permissions is supported via email and task notification, though integration with existing identity management and IT change management infrastructure, or through RSA Identity Lifecycle. A closed-loop validation process ensures that revocations of permissions occur within target data resources and enables an automated escalation process.
Features:
Scalable Architecture
The RSA Data Access Governance architecture is proven, scalable and designed to meet any organization’s performance requirements across tens of thousands of file shares and millions of files.
Configurable Workflow
The user-friendly workflow can be easily configured to accommodate your organization’s unique data access governance processes.
Advanced Reporting and Risk Analytics
Ad-hoc reporting capabilities, combined with an extensive library of built-in reports, deliver detailed and summary analyses across all users, data resources, data entitlements and certifications. Risk analytics provide insight into the state of data access permissions.
Data Access Certification
Enable security teams to deploy a repeatable, auditable and business-oriented certification process that automatically creates access reviews, tracks changes from the certification process, and validates that changes have been successfully executed.
Controls Automation
Business and IT teams can easily define data access rules that automate the monitoring of inappropriate access permissions, including violations of segregation of duties policies. This helps reduce organizations’ exposure to compliance risks.
Remediation
RSA Data Access Governance supports automated remediation of user access permissions via email and task notification, through integration with existing identity management and IT change management infrastructure, or through RSA Identity Lifecycle.
Benefits:
Improve Data Protection
Better protect growing volumes of unstructured data by identifying and controlling who has access to unstructured data resources.
Accelerate the Access Certification Process
Define business owners and perform access reviews for data resources to achieve a faster and more cost-effective access certification process.
Engage the Business
Drive accountability for managing access to unstructured data resources into the business.
Easy Compliance
Make it easier to meet new compliance requirements that place restrictions on data access while lowering costs associated with legacy or manual compliance monitoring processes.
Improve Detection of Unauthorized Access
Detect unauthorized access to unstructured data resources more quickly with a closed-loop process for validating changes to data access permissions.
Leverage Existing Security Investments
Continue using Microsoft Active Directory group-based data access lifecycle management and data classification systems from data loss prevention (DLP) systems.
Documentation:
Download the RSA Data Access Governance Datasheet (.PDF)