Even technology savvy companies can be caught off guard at the sheer volume of unaccounted data in their network. Organisations need to not only have their data accessible whilst being effectively secured, they also need to understand what data they are currently storing within At rest platforms such as Sharepoint farms, NAS or SAN environments and Application stacks. Whether structured or un-structured data; their is a high risk that you have toxic combinations of sensitive data within these volumes that may not currently be effectively secured.
CyberOrchard uses a number of technology solutions, paired to highly experienced people and tried and tested methods in order to resources and create processes to rapidly improve your organisations’s Data at Rest risk register.
We work closely with our clients’ own team to help understand the current gaps that exist and how best our team can fill those and extend functionality to rapidly respond to your key risk indicators and craft a programme that achieves your goals in a time-sensitive manner. [/text-with-icon].
Policy Standards and Procedures
When creating a Data At Rest Programme one of the most important elements is to go into the project understanding what data elements the programme is designed to discover, how this is currently classified and where you are expecting to find this information. These questions however are always designed to be headings as invariably we will find this data in many locations you didn’t expect and also other forms of data that you had no idea was going to trigger against rules of sensitivity.
When designing the DAR service it is important to know how the system and process will feed both from your existing data security operations and back in to formalised business processes. Working closely for example with Identity Access Management (IAM) teams to look at how users are provisioned access to data storage and where the majority of these pools are located, working with applications teams to understand where structured data is held, what access model these systems conform to and who is responsible for the data. CyberOrchard takes all of these aspects into account when creating a programme for your enterprise and will design the process around your existing business, adding policies and process to help supplement where you have any gaps.
We have pre-defined Target Operating models that can be adapted to your environment, policies for source target data, scanning policies creation both at a basic and advanced level, access control models for results distribution, remediation strategies defined and ready to deploy.
Role-Based Access Control
Rolebased groups mirroring business functions with different geographic territories. This enables the reporting team to create specific but common reports and dashboards for all users and these then against the specific access permissions for the user logged in against the specific access permissions for the user logged in against their business function.