GSA UK - Ten Top Tips to Ensure Your Security: part 1

Founding Member of FormIGA – the global Industry for Good Alliance

Home
RESOURCES
Industry News
Ten Top Tips to Ensure Your Security: part 1

Ten Top Tips to Ensure Your Security: part 1

28 Aug 2012 12:00 AM | Anonymous

With recent advancements in data governance software automation, IT can now easily implement 10 simple steps to prevent data from being misused or stolen:

1. Audit Data Access

The first step towards getting your data under control and averting disaster is to properly audit all data access activity. Once your data touches are being audited, you can easily determine who is doing what with your data. This opens the door to answering questions IT is often stumped by, like “who deleted my files”, “what data is someone using”, or “which data is stale”. Auditing also provides the necessary data to allow IT to start to determine who owns a data set so they can be involved in deciding out who should have access to their data. More on that later…

2. Inventory Permissions and Group Memberships

Once you are tracking what people are doing with your data, you need to look at who has access to what data. All too often people gain access to more and more data over time, but that access is rarely, if ever, revoked – even as changing roles obviate the need for that access. A full inventory of permissions for all of your data stores and the folders within them can take time, especially if you’re creating it manually. Thankfully you can now automate all of this. By combining the permissions data with group memberships, you can start to see who has permission to access each file or folder. With this data IT can quickly answer fundamental data protection questions like “Who has access to a data set” and “Which data sets does a user or group have access to”. This forms the foundation for cleaning up permissions.

3. Prioritize at risk data

While all data needs to be protected, not all data is created equal. Some files contain confidential corporate information; other files contain customer or partner data; maybe you keep credit cards on file; perhaps you’re storing social security numbers. Regardless of what it is, some data is sensitive and needs extra protection. By using tools that analyze your data to identify sensitive content and combining that data with other relevant metadata you will be able to locate files and folders where such data is overexposed. A good tool will enable you to prioritize data that is most at risk, so you can remediate that first.

4. Remove global access groups and revoke broad access rights

In many organizations today, access controls have been in place for years and often much of the data is open to global access groups like the “Everyone” group. Even if this exposed data isn’t sensitive or confidential in nature, excessively broad access controls like this invite trouble. Removing global access groups is a good step towards ensuring that only the right people can get to your data. Once these permissions have been revoked, aligning data to the right users becomes much easier. However, it may be unwise to remove these groups without first having a plan for restoring access to those who may require it for their jobs. The right technologies will allow you to ‘sandbox’ your changes to see what the impact will be on business processes before committing the changes to your production environment.