Audit and Validate User Access Rights to Sensitive File Data
User Rights Management for Files (URMF) is an integral part of both SecureSphere File Activity Monitoring and SecureSphere File Firewall that ensures sensitive file data on file servers and network attached storage (NAS) devices has the correct access permissions. It automates user access rights aggregation, consolidation and reporting, identifies dormant users and excessive rights, and provides a framework for file permissions review. User Rights Management for Files helps organizations demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5 and reduce the risk of data breach due to overly accessible file data.
To learn more, click on the Capabilities tab.
Detect Dormant Users and Excessive Access Rights
SecureSphere helps identify dormant users and un-used access rights by correlating file permissions with actual file access activity. Dormant users, those users that never access files they have permissions to, may no longer be part of the organization, or don’t need these permissions to do their job. Reviewers can easily identify these situations using SecureSphere analytics and reporting and mark them for further investigation or remediation to reduce the risk of data loss or failing an audit.
Aggregate and Report on User Access Rights to Files
SecureSphere automates file permissions audits by regularly aggregating and consolidating user rights across multiple file servers and NAS devices. Incremental changes are identified to make reviews more efficient. SecureSphere file rights reports provide a comprehensive, up-to-date view of access permissions to data owners and auditors which helps streamline review cycles.
Built-In Workflow for File Access Rights Review and Approval
SecureSphere helps organizations demonstrate an automatic, repeatable process for reviewing file access rights, as required by regulations like PCI DSS and SOX. A workflow framework keeps an audit trail of the review process, recording details as reviewers accept or reject file access rights. Actual permissions changes can be assigned to IT operations staff and their status tracked within SecureSphere.
Discover and Classify Sensitive File Data
SecureSphere provides data classification capabilities to simplify the process of securing sensitive data and reviewing access rights. Files can be classified based on meta-data – such as location, file name, owner, etc., file content (through integration with third party classification products), or manually. Once data has been classified, SecureSphere correlates user rights and classification information, allowing reviewers to focus their file rights audit on files that have the greatest business risk. SecureSphere policies can leverage file classification to enforce.
Ensure Access is Based on Need-to-Know
Access to sensitive file data should be granted based on a business need-to-know, which typically relates to a job role or department. SecureSphere can enrich user information from directory services with details from human resources information management systems such as job role, giving reviewers better decision making context. Analytical views and reports can then help identify file access rights not required by users to do their job so that those rights can be revoked, reducing the risk of file data breaches.
User Rights Management for Files Specifications
|File Systems Supported|
|Directory Services Supported|
|User Rights Management|
|Tamper-Proof Audit Trail|
|Events and Reporting|