Sensitive Data Manager

As companies grow increasingly complex, so does the complexity of protecting sensitive data from deliberate or accidental exposure. As a result, more organizations are concerned with where their sensitive data is, who has access to it, and how they can reduce the risk of the data being compromised.

Data Loss Prevention (DLP) and Identity and Access Management (IAM) technologies are both all about reducing risk. DLP products discover, monitor, and protect confidential data wherever it is stored or used. DLP answers three fundamental questions:

• Where is your confidential data?
• How is it being used?
• How do you prevent data loss?

IAM, on the other hand, addresses the question:

• Who has access to the confidential data across your organization?
• Should they have access to the confidential data?
• What remediation actions should be take to mitigate the greatest risk?

IAM and DLP Synergy

Until recently, DLP and IAM solutions worked separately, and IT and security managers were unable to leverage their complementary capabilities in a unified solution. Also, DLP solutions tend to provide information that is not well-suited for business users to consume.

Today, Courion is addressing this problem by delivering Sensitive Data Manager, a solution that integrates ComplianceCourier™ – Courion’s access certification and compliance management solution – with leading DLP vendors, such as Symantec, RSA, and others.

ComplianceCourier automatically manages the access certification process by notifying authorized managers when it is time to review employee access rights and activities, and enabling them to verify that the employee’s access complies with corporate policy or relevant industry/government regulations (SOX, PCI DSS, HIPAA, GLBA, etc.).

Sensitive Data Manager combines data from DLP with identity in the context of ComplianceCourier to enable your organization to answer the questions:

• Where is my confidential data?
• Who has access to it?
• How did they obtain access?
• What are the risks associated with that access?
• How should I reduce these risks?

When a DLP scan discovers sensitive data, it evaluates if the data is vulnerable to external exposure, alerts the appropriate personnel and takes steps to protect the data. However, in many instances the data owner or security manager will want to know who has access to this data, how they gained the access, and what impact it has on the risk that the data may be compromised.

Combining DLP and IAM makes it possible for business managers to make intelligent decisions concerning the appropriate response to a DLP alert, by enabling them to more easily determine the level of risk associated with a specific alert.

Using Courion’s highly interactive worksheets Sensitive Data Manager provides managers with detailed identity-based context for the DLP alert, such as: name, role, title, department, manager, location, entitlement, group memberships, etc. This additional context enables the manager to evaluate the level of risk associated with this access.

Integrated Remediation Strategy

Sensitive Data Manager’s integration with ComplianceCourier enables managers to chose the most appropriate remediation strategy, based not only on what kind of data has been found, but who has access to it. These steps may include:

• Approving the user access rights and documenting the reasons why
• Modifying the DLP alert level
• Creating an email message or help desk trouble ticket
• Notifying the DLP solution to encrypt or quarantine the data
• Modifying user access rights
• Blocking or removing access for individual users or specific groups of users.

If access rights to enterprise resources need to be changed, ComplianceCourier can automatically trigger the appropriate actions to initiate corrections, using a variety of remediation options. An audit trail tracks all review and remediation transactions undertaken by authorized managers.

How Does It Work?

Sensitive Data Manager (SDM) implements a vendor-neutral approach to the integration of DLP data and alerts with Courion’s Access Assurance Suite.

Courion extracts data from the DLP system, normalizes it into a consistent format and loads it into a Courion database. Courion combines this data with ownership data on Windows file shares and user profile data from Active Directory to build a comprehensive view of who has access to the sensitive data and how they obtained it (i.e., because the user is in an AD Group which has access.)

This combined data is then available to ComplianceCourier, which combines it with identity data stored in Courion’s IdentityMap user repository for further, detailed analysis. The data is also available to Courion’s advanced analytics framework, where it can be used in a security and compliance dashboard for ongoing monitoring and review.

Features of the combined Sensitive Data Manager and ComplianceCourier solution include:

• Datasheet: Sensitive Data Manager
• Datasheet: ComplianceCourier
• Webinar: Assuring Access to Sensitive Data – Where IAM and DLP Meet