RSA Data Access Governance
Manage Access to Unstructured Data in Your Environment

Overview:

Gain control of access to unstructured data and implement processes for unstructured data governance. RSA Data Access Governance monitors, certifies and reports on who has access to unstructured data stored on the following resources: Microsoft Windows-, Linux- and UNIX file servers; network-attached storage devices; and Microsoft SharePoint servers.

• Unmatched Visibility - Enables IT and the business to know definitively who owns enterprise data resources, who has access to what data resources, how they got access, whether they should have access, and who approved it across Windows file shares and SharePoint.
• Effective Access Certifications for Business Users - An automated access certification process generates actionable reviews that are simple and effective for business users to work with. A closed-loop workflow tracks and audits access changes, providing the evidence needed by auditors and regulators.
• Identification of Data Owners - Leverages user activity monitoring to determine who frequently accesses the data in question, which can be used to suggest owners.
• Enforcement of Compliance Policies - Easy-to-use business rules enable business and compliance policies associated with users, groups and access permissions to be tested or automatically enforced.
• Leverage Existing Security Investments - Leverages Microsoft AD group-based data access lifecycle management. Data classifications derived from DLP systems can be leveraged to determine controls and used for access risk management processes.

With RSA Data Access Governance, Organizations Can:

• Gain visibility and ownership of user entitlements for Windows, Linux and Unix Servers, file shares and Microsoft SharePoint
• Automate the data access certification process for the lines-of-business
• Remediate inappropriate access and put in place a consistent methodology for group-based access to file shares and SharePoint
• Enable a closed-loop validation process for change to data access permissions
• Determine whether access policy and control objectives are being met
• Manage data access risk and provide auditable evidence of compliance

Capability Highlights

Scalable Architecture - The DAG architecture is a proven, scalable solution designed to meet the performance requirements of any size across tens of thousands of file shares and millions of files.

Enterprise-Wide Visibility - Automatically collects, correlates, and unifies user identities with Microsoft Active Directory accounts and groups, SharePoint groups and access permissions arcoss all Windows file servers, network-attached storage devices and SharePoint servers. During collection DAG has a mechanism for metadata and classification discovery that can be used for access risk analysis.

Ownership & Accountability - A unique process for indentifying business data owners and reaching out to them to validate ownership of the data, as well as metadata and classification information.

Access Certification - An automated end-to-end solution for data access certification enables IT Security to deploy a repeatable, auditable and business-oriented certification process. Up-to-data information about users, groups and permissions is collected from data resources and reviews are created automatically. Entitlement data used in the review process is presented in business friendly context. Changes resulting from the certification process are tracked, and the system validates that they have been successfully made. Dashboards help information security personnel understand the status fo certifications and escalations. Archived certifications and a complete audit trail provide the much needed evidence of compliance.

Configurable Workflow - Graphical workflow can be easily configured to accoummodate an organization's unique access governance processes for review, approval, exception handling and remediation. Integration with leading user provisioning and IT help desk systems routes changes to the appropriate individuals or access change fulfillment mechanisms.

Advanced Reporting - Ad hoc reporting, together with an extensive built-in reports, delivers detailed and summary analyses across all users, data resources, data entitlements and certifications.

Controls Automation - Business and IT teams can easily define data access business rules that automate the monitoring of inappropriate access permissions, including SoD violations, limiting the probability of business and compliance risks materializing. Compliance controls can be easily linked to the actual evidence.

Risk Analytics - In additon to providing comprehensive insight into the state of data access permissions, DAG provides IT security, compliance, audit and risk management teams with the metrics and decision support to make access risk management actionable.

Remediation - Automated remdiation of user access permissions is supported via email and task notification, though integration with existing identity management and IT change management infrastructure, or through RSA Identity Lifecycle. A closed-loop validation process ensures that revocations of permissions occur within target data resources and enables an automated escalation process.