EDITOR ’ S QUESTION
DALE HEATH , SALES ENGINEERING MANAGER , AT RUBRIK A / NZ
When it comes to securing your business , access controls are one of the most fundamental principles . Roles-based access controls , for example , assign users access based on the principle of ‘ least privilege ’– assigning each user the precise amount of privileges required to perform their jobs , but not more .
Traditionally , the prevailing wisdom has been to seek more visibility into user behavior and application access .
In order to implement an effective access control strategy , IT leaders need insight into what their users are accessing so any violations can be identified . Ensuring better visibility over cloud access across the enterprise , however , requires decision makers to rethink what it is they ’ re seeking visibility into .
Traditionally , the prevailing wisdom has been to seek more visibility into user behavior and application access .
However , given increasing regulation and public scrutiny over data privacy , as well as the massive proliferation of cloud applications and infrastructure , IT leaders need visibility at the data level , rather than just the application and user level .
For example , with visibility into the application level , you might be able to see that user x has accessed applications y and z . What this won ’ t show you is the data they have accessed within each application . Critically , with so many new cloud applications and users working from remote locations , there ’ s the very real risk that sensitive data has been inadvertently stored in places it shouldn ’ t . Without visibility at the data-level , IT leaders are operating with a huge blind spot .
The other benefit to visibility across the enterprise at the data level is that Machine Learning and policybased algorithms can automate the scanning , discovery and classification of sensitive data ( such as credit card information ) in order to better understand overall risk posture , ensure regulatory compliance ( such as PCI-DSS compliance ) and remediate violations as soon as they occur .
Further , with this granular insight across the enterprise , roles-based access controls can then be defined at the data-level – meaning that even if sensitive or confidential data is stored incorrectly , only users with the necessary permissions will be able to access it ( even when located in an application they have access to ).
34 INTELLIGENTCIO APAC www . intelligentcio . com