Imperva SecureSphere - User Rights Management for Files
Audit and Validate User Access Rights to Sensitive File Data
File permissions and file rights audits help ensure file data is accessible only by those with a business need-to-know, which is a key requirement for securing intellectual property, protecting customer data, and complying with data security regulations. However, there is no built-in system that keeps file access rights aligned with business requirements. In fact, it's challenging to simply get a regularly updated snapshot of which users have access to what data.
User Rights Management for Files (URMF) is an integral part of both SecureSphere File Activity Monitoring and SecureSphere File Firewall that ensures sensitive file data on file servers and network attached storage (NAS) devices has the correct access permissions. It automates user access rights aggregation, consolidation and reporting, identifies dormant users and excessive rights, and provides a framework for file permissions review. User Rights Management for Files helps organizations demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5 and reduce the risk of data breach due to overly accessible file data.
- Ensure that access is based on a business need-to-know
- Identify dormant users and excessive access rights
- Aggregate and report on user access rights to files across multiple file systems
- Perform a complete file rights audit and permissions review
- Classify data by location, owner, file type and other meta-data
Detect Dormant Users and Excessive Access Rights
SecureSphere helps identify dormant users and un-used access rights by correlating file permissions with actual file access activity. Dormant users, those users that never access files they have permissions to, may no longer be part of the organization, or don't need these permissions to do their job. Reviewers can easily identify these situations using SecureSphere analytics and reporting and mark them for further investigation or remediation to reduce the risk of data loss or failing an audit.
Aggregate and Report on User Access Rights to Files
SecureSphere automates file permissions audits by regularly aggregating and consolidating user rights across multiple file servers and NAS devices. Incremental changes are identified to make reviews more efficient. SecureSphere file rights reports provide a comprehensive, up-to-date view of access permissions to data owners and auditors which helps streamline review cycles.
Built-In Workflow for File Access Rights Review and Approval
SecureSphere helps organizations demonstrate an automatic, repeatable process for reviewing file access rights, as required by regulations like PCI DSS and SOX. A workflow framework keeps an audit trail of the review process, recording details as reviewers accept or reject file access rights. Actual permissions changes can be assigned to IT operations staff and their status tracked within SecureSphere.
Discover and Classify Sensitive File Data
SecureSphere provides data classification capabilities to simplify the process of securing sensitive data and reviewing access rights. Files can be classified based on meta-data – such as location, file name, owner, etc., file content (through integration with third party classification products), or manually. Once data has been classified, SecureSphere correlates user rights and classification information, allowing reviewers to focus their file rights audit on files that have the greatest business risk. SecureSphere policies can leverage file classification to enforce.
Ensure Access is Based on Need-to-Know
Access to sensitive file data should be granted based on a business need-to-know, which typically relates to a job role or department. SecureSphere can enrich user information from directory services with details from human resources information management systems such as job role, giving reviewers better decision making context. Analytical views and reports can then help identify file access rights not required by users to do their job so that those rights can be revoked, reducing the risk of file data breaches.
Increase IT Operations Efficiency
SecureSphere helps IT operations staff, such as Windows, storage, help desk and directory services administrators work more efficiently. For example, because SecureSphere creates an audit record of all file access activity, data that is not being accessed can be identified and deleted or archived. Help desk staff can make faster decisions about granting access rights with SecureSphere information about data owners and effective permissions. Data ownership details and information about unused data also expedite data migrations and directory services domain consolidations. Migration and consolidation projects are also a natural time to conduct rights reviews, which User Rights Management for Files dramatically simplifies.
Rely on the Leader in Data Security
SecureSphere offers best-of-breed file auditing and user rights management that accelerate compliance, bolster security, and streamline IT operations processes. Leveraging a powerful centralized management and reporting platform, SecureSphere meets the needs of any environment – from small organizations with a single file server to large enterprises with geographically distributed data centers. SecureSphere provides unparalleled data security with protection for Web applications, databases, and files.
Flexible inline and non-inline deployment modes offer easy installation with no changes to file servers, NAS devices, applications, clients, or network
- Non-inline Network Monitoring: Activity monitoring with zero impact on performance or availability
- Transparent Inline Protection: Drop-in deployment and industry-leading performance for proactive security
Features and Appliance Specifications:
|Operating Systems Supported
|File Systems Supported
|Directory Services Supported
|User Rights Management
|Events and Reporting
Download the SecureSphere File Security Datasheet (PDF).