t cht lk that problem . So that ’ s usually the first thing we address and we come in and do an assessment with a new organisation .
We see all this over-provisioned access and we start giving them a map of how to get it down to an appropriate alignment .
DW : Enterprise and businesses have gone through the accountability and the visibility of what their users are doing with applications within the organisation , but the data side of the business has not really been addressed yet .
Daniel Wright , Regional Sales Manager MEA , Stealthbits
on a network , for example , by adopting a set of controls , applications and techniques that will identify the relative importance of these different data sets – their sensitivity and regulatory compliance requirements , and then applying appropriate protections to secure those resources . Proper data security is one that embodies the core elements of data security , which are confidentiality , integrity and availability .
Of course , we know confidentiality ensures that data is assessed only by authorised individuals , integrity ensures that the information is reliable as well as accurate , while the last component , which is availability , ensures that data is both available and accessible to satisfy business needs .
What kind of challenges are Stealthbits customers in this region facing right now ?
AR : One thing that we see frequently when we engage with a new organisation is over-provisioned access to data . So the big challenge is when people move within an organisation or leave the organisation , keeping up with the necessary changes to their privileges to the various different resources , be it unstructured data , structured data on-prem in the cloud or collaboration platforms . We tend to find that people have access to data that they don ’ t need and they don ’ t know where to start remediating
We only need to read the press to see this is where the attacks are typically happening . When we go and engage with customers , it ’ s almost quite alarming to see the lack of control and the lack of visibility and the lack of understanding these businesses have over their data , and who ’ s got access to it , which is a big concern and something that businesses need to address .
Could you tell us how the Stealthbits Credential and Data Security Assessment ( CDSA ) solution is helping to address some of these key challenges ?
AR : The CDSA starts by analysing the different data stores within an organisation – where their sensitive information is and who has access to it – and draws out a path of how different misconfigurations can be abused to mishandle that information . So , everything from privileges directly to the data itself , all the way through misconfigurations within Active Directory or the underlying system that could result in that data being compromised .
It gives high , medium and low priorities so you know where to start . These are the high-risk items and then you kind of work your way on down . But it uncovers not just what the problems are , but how to address those things .
How does the solution provide visibility and enable calculation of risk assessment ?
AR : Visibility starts with understanding where there ’ s sensitive information , who has access to it , what kind of risk is associated with that access and how , across a whole
host of different systems in an enterprise . So that could be everything from sensitive attachments to emails to sensitive files and collaboration platforms like SharePoint and SharePoint Online and OneDrive . And what the credentials and data security assessment is geared towards doing is giving you a holistic view of where the risks are across that data and all those different systems and prioritising .
How can CISOs adopt this into their strategy ?
AR : A big part of it is risk prioritisation . So starting with understanding where all the risks lie , all the unknown unknowns and that ’ s what really helps roll it up into a broader strategy , starting with ‘ okay , here are the things we ’ re doing well out , here are the things we don ’ t quite understand yet ’. And then bringing back the necessary data points to prioritise that . This is where Stealthbits really helps shine a light .
What best practice advice would you offer CIOs for ensuring a robust long-term data security strategy and posture ?
AR : I think the key to securing data is equally considering what ’ s exploitable throughout the system level and with the credentials themselves . So , looking at the data is just one piece of the pie . You also need to think about
68 INTELLIGENTCIO www . intelligentcio . com