Imperva Blog|Login|中文Deutsch日本語
User Rights Management for Files

Audit and Validate User Access Rights to Sensitive File Data

File permissions and file rights audits help ensure file data is accessible only by those with a business need-to-know, which is a key requirement for securing intellectual property, protecting customer data, and complying with data security regulations. However, there is no built-in system that keeps file access rights aligned with business requirements. In fact, it’s challenging to simply get a regularly updated snapshot of which users have access to what data.

User Rights Management for Files (URMF) is an integral part of both SecureSphere File Activity Monitoring and SecureSphere File Firewall that ensures sensitive file data on file servers and network attached storage (NAS) devices has the correct access permissions. It automates user access rights aggregation, consolidation and reporting, identifies dormant users and excessive rights, and provides a framework for file permissions review. User Rights Management for Files helps organizations demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5 and reduce the risk of data breach due to overly accessible file data.

Key Capabilities
Ensure that access is based on a business need-to-know
Identify dormant users and excessive access rights
Aggregate and report on user access rights to files across multiple file systems
Perform a complete file rights audit and permissions review
Classify data by location, owner, file type and other meta-data

To learn more, click on the Capabilities tab.

Detect Dormant Users and Excessive Access Rights

SecureSphere helps identify dormant users and un-used access rights by correlating file permissions with actual file access activity. Dormant users, those users that never access files they have permissions to, may no longer be part of the organization, or don’t need these permissions to do their job. Reviewers can easily identify these situations using SecureSphere analytics and reporting and mark them for further investigation or remediation to reduce the risk of data loss or failing an audit.

Aggregate and Report on User Access Rights to Files

SecureSphere automates file permissions audits by regularly aggregating and consolidating user rights across multiple file servers and NAS devices. Incremental changes are identified to make reviews more efficient. SecureSphere file rights reports provide a comprehensive, up-to-date view of access permissions to data owners and auditors which helps streamline review cycles.

Built-In Workflow for File Access Rights Review and Approval

SecureSphere helps organizations demonstrate an automatic, repeatable process for reviewing file access rights, as required by regulations like PCI DSS and SOX. A workflow framework keeps an audit trail of the review process, recording details as reviewers accept or reject file access rights. Actual permissions changes can be assigned to IT operations staff and their status tracked within SecureSphere.

Discover and Classify Sensitive File Data

SecureSphere provides data classification capabilities to simplify the process of securing sensitive data and reviewing access rights. Files can be classified based on meta-data – such as location, file name, owner, etc., file content (through integration with third party classification products), or manually. Once data has been classified, SecureSphere correlates user rights and classification information, allowing reviewers to focus their file rights audit on files that have the greatest business risk. SecureSphere policies can leverage file classification to enforce.

Ensure Access is Based on Need-to-Know

Access to sensitive file data should be granted based on a business need-to-know, which typically relates to a job role or department. SecureSphere can enrich user information from directory services with details from human resources information management systems such as job role, giving reviewers better decision making context. Analytical views and reports can then help identify file access rights not required by users to do their job so that those rights can be revoked, reducing the risk of file data breaches.

User Rights Management for Files Specifications

Specification Description
File Systems Supported
  • Windows file servers
  • Unix/Linux file servers
  • NAS devices with CIFS (v1 and v2) file shares and NFS (v3) file shares
Directory Services Supported
  • Microsoft Active Directory (AD) users and groups
  • LDAP v3 users and groups
User Rights Management
  • Audit user access rights to files via file system permissions
  • Validate excessive rights on sensitive data
  • Identify dormant accounts
  • Identify files accessible by global groups
  • Track changes to user rights
  • Revoke rights and group membership
  • Recommend data owners
Data Classification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
Events and Reporting
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products