BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Data Governance – Why and How?

Posted July 30, 2011    Morgan Holm

In my first blog post I talked about proving and maintaining compliance for data governance rules defined for file system resources in the enterprise. This post will continue the discussion of data governance, reviewing some of the reasons organizations are implementing these policies and processes as well as the main challenges associated defining the rules for file system resources.

Data Governnance – Why and How?

Organizations are being driven to undertake data governance initiatives for compliance to internal policies and guidelines, contractual obligations, SLAs and regulatory compliance for FISMA, GLB, HIPAA, PCI, SOX among others. There also have been a number of high profile security breaches resulting in data theft that have substantial costs to both the organization’s reputation and bottom line. A significant portion of the data held by many organizations is in the form of unstructured data in the file system. How can they find out what permissions are currently set to create and align the data governance rules?

The first challenge for the creation of data governance rules for file system data is to define the locations of the meaningful data that is to be governed. Sometimes there is an immediate knee jerk reaction where the reply is “We need to know everything about all of the file system resources in the whole environment.” While this would be a panacea, it would also create unnecessary complexity and management costs. The result would be an overload of information making difficult to locate what is important in all the noise. For example, if I take a look at a simple member server in my test lab there are around 85,000 files in 19 GB of disk space in the c:\windows directory alone. For most organizations, understanding the permissions set on each individual file on every member server in their environment would not be considered valuable to a data governance initiative. Working with the data owners (stakeholders) and the data managers (stewards) the meaningful data in the file system can be defined.

Now that the files, folders and shares have been identified the creation of the data governance rules is easy, well no. Part of the process is to ensure that the appropriate control mechanisms are in place for the people responsible for managing data and for those who use it. In Windows environments this would be the permissions set on the files, folders and shares. Unfortunately there is no central repository for the permission information in Windows and with permission inheritance; permissions may be set on parent folders throughout the hierarchy. Even with targeted file system resources the effort required to analyze and report on these permissions would be daunting and not achievable for most organizations. Even if it could be accomplished once, it would be impossible to keep a regular historical record for these access rights for auditors or if a forensic investigation needs to be done.

BeyondTrust PowerBroker Privilege Explorer provides organizations with the ability to target the meaningful files, folders and shares in the environment to both analyze and set permissions on these file system resources. This enables the viewing and reporting on who has access to these resources, where a user or group has rights in the environment and what these permission were in the past. These are key elements to creating and aligning data governance rules and the ongoing resolutions to non-conformance.

Tags:
, , , , , , ,

Leave a Reply

Additional articles

gartner market guide image - aug 2014

Introducing the Gartner Market Guide for Privileged Account Management

Posted July 29, 2014    Chris Burd

Gartner recently released a new Market Guide for Privileged Account Management (PAM), and we’d like to share a complimentary copy with you. The report includes PAM market analysis and direction, vendor overviews, and recommendations for selecting PAM solutions for your environment. BeyondTrust is one of two representative vendors (out of 20) to address all solution…

Tags:
, , , , , , , ,
Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,