Sensitive Data Manager
Integrates identity with information from leading data loss prevention (DLP) products. Adding an identity context to DLP enables business managers to identify which users have access to the sensitive data, how they obtained the access, determine whether the access is appropriate or not, and take remedial action if necessary.
The combination of DLP and IAM:
- Improves security – by ensuring that only the right people have access to sensitive data.
- Reduces risk – by enabling organizations to implement the most appropriate remediation policy.
- Streamlines business – by allowing managers to quickly and easily approve exceptions or modify alert levels where appropriate.
- Improves productivity – by highlighting sensitive data alerts that represent the highest level of risk to the organization.
As companies grow increasingly complex, so does the complexity of protecting sensitive data from deliberate or accidental exposure. As a result, more organizations are concerned with where their sensitive data is, who has access to it, and how they can reduce the risk of the data being compromised.
Data Loss Prevention (DLP) and Identity and Access Management (IAM) technologies are both all about reducing risk. DLP products discover, monitor, and protect confidential data wherever it is stored or used. DLP answers three fundamental questions:
- Where is your confidential data?
- How is it being used?
- How do you prevent data loss?
IAM, on the other hand, addresses the question:
- Who has access to the confidential data across your organization?
- Should they have access to the confidential data?
- What remediation actions should be take to mitigate the greatest risk?
IAM and DLP Synergy
Until recently, DLP and IAM solutions worked separately, and IT and security managers were unable to leverage their complementary capabilities in a unified solution. Also, DLP solutions tend to provide information that is not well-suited for business users to consume.
Today, Courion is addressing this problem by delivering Sensitive Data Manager, a solution that integrates ComplianceCourier™ – Courion’s access certification and compliance management solution – with leading DLP vendors, such as Symantec, RSA, and others.
ComplianceCourier automatically manages the access certification process by notifying authorized managers when it is time to review employee access rights and activities, and enabling them to verify that the employee’s access complies with corporate policy or relevant industry/government regulations (SOX, PCI DSS, HIPAA, GLBA, etc.).
Sensitive Data Manager combines data from DLP with identity in the context of ComplianceCourier to enable your organization to answer the questions:
- Where is my confidential data?
- Who has access to it?
- How did they obtain access?
- What are the risks associated with that access?
- How should I reduce these risks?
When a DLP scan discovers sensitive data, it evaluates if the data is vulnerable to external exposure, alerts the appropriate personnel and takes steps to protect the data. However, in many instances the data owner or security manager will want to know who has access to this data, how they gained the access, and what impact it has on the risk that the data may be compromised.
Combining DLP and IAM makes it possible for business managers to make intelligent decisions concerning the appropriate response to a DLP alert, by enabling them to more easily determine the level of risk associated with a specific alert.
Using Courion’s highly interactive worksheets Sensitive Data Manager provides managers with detailed identity-based context for the DLP alert, such as: name, role, title, department, manager, location, entitlement, group memberships, etc. This additional context enables the manager to evaluate the level of risk associated with this access.
Integrated Remediation Strategy
Sensitive Data Manager’s integration with ComplianceCourier enables managers to chose the most appropriate remediation strategy, based not only on what kind of data has been found, but who has access to it. These steps may include:
- Approving the user access rights and documenting the reasons why
- Modifying the DLP alert level
- Creating an email message or help desk trouble ticket
- Notifying the DLP solution to encrypt or quarantine the data
- Modifying user access rights
- Blocking or removing access for individual users or specific groups of users.
If access rights to enterprise resources need to be changed, ComplianceCourier can automatically trigger the appropriate actions to initiate corrections, using a variety of remediation options. An audit trail tracks all review and remediation transactions undertaken by authorized managers.
How Does It Work?
Sensitive Data Manager (SDM) implements a vendor-neutral approach to the integration of DLP data and alerts with Courion’s Access Assurance Suite.
Courion extracts data from the DLP system, normalizes it into a consistent format and loads it into a Courion database. Courion combines this data with ownership data on Windows file shares and user profile data from Active Directory to build a comprehensive view of who has access to the sensitive data and how they obtained it (i.e., because the user is in an AD Group which has access.)
This combined data is then available to ComplianceCourier, which combines it with identity data stored in Courion’s IdentityMap user repository for further, detailed analysis. The data is also available to Courion’s advanced analytics framework, where it can be used in a security and compliance dashboard for ongoing monitoring and review.
Features of the combined Sensitive Data Manager and ComplianceCourier solution include:
|Compliance and attestation||Effectively respond to auditor and regulator demands for data demonstrating compliance with corporate policies or key industry and government regulations concerning access to sensitive data.|
|Designed for Business Users||Provide security and business managers with a business-friendly view of entitlements to confirm or remediate user access rights.|
|Automatic Notification||Remind business managers when they need to review and verify user access rights to sensitive data.|
|Comprehensive Data Integration||Identify users with access to sensitive data, based on data from industry-leading DLP systems, enterprise directories, and Courion’s IdentityMap.|
|Integrated remediation||Enable business users to automatically initiate corrective actions, without the need to install a provisioning solution.|
|Audit Tracking||Capture decisions in an transaction database for ongoing analysis, audit tracking or forensics analysis.|