When it comes to governance and compliance, the biggest issue facing IT organizations is often simply trying to figure out who owns the data that is being accessed. To solve that problem, Whitebox Security, within its WhiteOPS governance software, makes available crowdsourcing techniques to allow IT organizations to query end users to determine who owns the data they are accessing.
Whitebox Security CEO Maor Goldberg says that before any kind of effective governance and compliance policy can be put in place, the internal IT organization needs to know who should actually have permissions to access that data. Unfortunately, that’s not as easy as it might seem. Employees change jobs inside organizations, and even when they leave the company, many of them still retain passwords to sensitive documents and applications.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iIn addition to providing the tools IT organizations need to manage compliance, Goldberg says Whitebox Security gives IT organizations the tools they need to establish a baseline from which to assess who in the organization should have access to which data. To that end, Whitebox Security has updated its WhiteOPS to add a portal and simplified entitlements and identities forensics. In addition, the new release includes best practices for governance that IT organizations can immediately leverage.
When it comes to governance, Goldberg says it’s pretty clear that far too many users are running around with privileged access to data that they either shouldn’t have or no longer need. Each one of those users represents a potential insider threat that is likely to throw up a red flag any time a compliance audit is conducted.
Naturally, the IT organization will bear most of the blame for that compliance violation, unless, of course, they can proactively find a way to avoid ever allowing that violation to occur in the first place.