Today, we are introducing a new method to tackle Data Subject Access Requests (DSARs) that will enable our customers to obtain results in seconds. Available as an add-on to complement StealthAUDIT, Data Privacy Engine effectively connects identities with the location of their personal information. Thanks to the pre-discovery of attributes of data subjects across all repositories (structured, unstructured, on-premise, in the cloud, etc.) along with an understanding of which files and tables relate to which people, DSARs can easily be facilitated because the solution already knows the answer before the question is asked. If you want to get a better understanding of what I’m talking about, I’ve recorded a video that further demonstrates the functionality firsthand.
While DSARs are certainly on the rise with only 21% of CISOs responsible for GDPR compliance saying their organizations did not see a rise in DSARs during the past 12 months, they aren’t the only aspect that needs to be addressed when discussing data privacy. The reality is that achieving data privacy goes well beyond simply protecting the data. In fact, there are three priorities that are required to achieve privacy and while it does include protecting the data, it also requires protecting credentials and protecting systems. Let me explain a bit further why this multi-layered approach is so important.
Data Access Governance is about making access to data exclusive. It’s about limiting the number of people who have access to data – and their permissions to data – to the lowest levels possible. At a high level, this involves the discovery of where your data lives followed by classifying, monitoring, and remediation of the conditions that make managing data access so difficult in the first place. The result is effective governance that promotes security, compliance, and operational efficiency.
If you are only leveraging a data access governance solution, while you may have taken the time to ensure that only the right people in the right roles have access to your sensitive data, how secure can your data truly be if a bad actor can simply leverage Active Directory to create a new user and grant that user access? Ensuring the security also relies heavily on the security of Active Directory. It’s crucial to pinpoint vulnerabilities in Active Directory permissions, account passwords, privileged access rights, configurations, objects, and more. Ensuring that Active Directory is clean, understood, configured properly, monitored closely, and controlled tightly, directly impacts data security, virtually wherever your data lives.
Finally, breaches typically begin at the desktop and server layers of an organization’s IT infrastructure and spread through the overabundance of privileged access rights. Reducing “standing privileges” and remediating misconfigurations and vulnerabilities across desktop and server infrastructure mitigates risks like lateral movement and privilege escalation, keeping AD safe from advanced attacks. Imagine if you could provision only temporary access to perform a specific task, then remove it when the task is completed. If approached in that manner, you’d eliminate standing privileges altogether, drastically reducing your attack surface. The bottom line is that the importance of data privacy and data security is only going to continue to increase with each newly reported breach and new regulation passed. Now is the time to really tackle these challenges in a pro-active manner that gets to the root cause so that you aren’t left scrambling in a reactive mode later. For more information on our new Data Privacy Engine as well as our overall data privacy solution set, please visit us at: https://stealthbits.com/data-privacy-solution/
Adam Rosen serves as Vice President of Data Access Governance at Stealthbits – now part of Netwrix. An expert on managing and securing unstructured data, Adam has helped organizations of all sizes implement controls and policies to meet security, compliance, and efficiency objectives. In his current capacity at Stealthbits, he manages the industry-leading StealthAUDIT suite that enterprises around the world depend on to defend their most critical information.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.