Installer Guides

Access

Introduction

The LightBeam Governance module is designed to provide organizations with comprehensive visibility and control over data access across various unstructured data sources. As digital platforms proliferate, ensuring secure access to sensitive information is crucial.

This module empowers organizations to monitor and manage employee access to sensitive data, integrating seamlessly with Azure Active Directory or CSV-based employee lists. Administrators can establish and enforce access rules, track who is accessing what data, and ensure compliance with security frameworks like SOC2, NIST and ISO 27001.

Supporting a wide range of data sources, including SharePoint, Google Drive, Outlook, Gmail, AWS S3, Salesforce, HubSpot, and Slack, the LightBeam Governance module offers a proactive approach to securing sensitive data and maintaining robust data governance across the organization.

Getting Started

Prerequisites

User Roles and Permissions

  • LightBeam Admins: Required to set up and manage the governance module.

Installation and Setup

To begin, Click on the Governance tab in the top menu bar and select Access Governance from the dropdown.

Select access governance from the drop down menu

Connecting Active Directory (AD)

Step 1: Access Directory Services

  • Navigate to the directory services section in the LightBeam platform from the sidebar menu.

Click on Directory Services from the sidebar menu

Step 2: Connect Multiple Directory Services

  • LightBeam Admins can connect multiple directory services to a single LightBeam instance.

    • Click on the new directory services tab at the right hand top corner

    Click on New Directory Service Tab in Blue

    • Select the desired directory service and click Next at the bottom.

    Choose the directory you wish to connect

    • Fill in the basic details to form a connection and click Next at the bottom.

    fill in all the required basic details to form a connection

Step 3: Set Sync Frequency

  • Configure the synchronization frequency (e.g., daily, weekly, monthly).

    Set Frequency for synchronisation

Step 4: Initiate Runtime Syncs

  • Perform manual syncs as needed.

Step 5: Review Synced Details

  • LightBeam will display synced users, roles, departments, employment status, current status with joining date, and groups.

Step 6: Error Handling

  • In case of synchronization errors, LightBeam identifies these issues and provides options for re-syncing. Various error scenarios are efficiently handled.

Step 7: Day 2 Syncs

  • LightBeam supports both Truncate load and incremental syncs. By default, the sync method is incremental, but administrators can choose Truncate load as needed.

Importing Via CSV

Step 1: Prepare CSV Files

  • Use the defined template including fields such as First Name, Last Name, Username, Email Address, Department, Role, Groups, Employment Status, and current status (active or inactive), along with the date of their addition to the organization.

Step 2: Import Employee Data

  • Navigate to the import section and upload the employee CSV file. The imported data will function like a typical Active Directory system.

Step 3: Import Groups Data

  • Upload a separate CSV for Groups and their respective members, ensuring proper mapping.

Step 4: Handle Updates

  • Similar to Active Directory, the system supports both truncate load and incremental updates based on email IDs.

Data Access Configurations

Configuration for Open Access

  • Define what constitutes open access at the governance level. By default, LightBeam considers any file accessible via a link as open access.

Configuration for Excessive Access

  • Customize the definition of excessive access. By default, any file accessed by more than half of the total number of users is considered to have excessive access.

Key Terminologies

Understanding the following key terminologies is crucial for effectively using the LightBeam Governance module:

  • Sensitive Information: Data that is protected against unwarranted disclosure and includes personally identifiable information (PII), financial data, and proprietary information.

  • Open Access: Files accessible by a large number of users, either internally or externally, potentially posing a security risk.

  • Excessive Access: When more users have access to a file than what is necessary for their role or department.

  • Incremental Sync: A synchronization method where only the changes since the last sync are updated.

  • Truncate Load: A synchronization method where existing data is deleted and a full reload of data is performed.

Architecture Overview

The LightBeam Governance module integrates seamlessly with the overall LightBeam Spectra platform, leveraging a modular architecture to enhance data security and governance. The core components include:

Directory Services Integration

  • Supports multiple directory services connections (e.g., Azure Active Directory) and CSV imports for user data.

  • Ensures that user roles, departments, and group memberships are synchronized efficiently.

Access Control Engine

  • Monitors and manages user access to sensitive information across various data sources.

  • Enables administrators to define and enforce rules regarding data access.

Alerting and Notification System

  • Triggers alerts for open or excessive access and unauthorized data sharing.

  • Provides real-time notifications to administrators for proactive risk management.

Reporting and Analytics

  • Offers detailed reports on user access, sensitive data exposure, and policy violations.

  • Provides timeline views for tracking access events and changes over time.

Integration with Data Sources

  • Supports a wide range of data sources, including SharePoint, Google Drive, Outlook, Gmail, AWS S3, Salesforce, HubSpot, and Slack.

  • Ensures comprehensive coverage of data governance across both on-premises and cloud environments.

Sensitive Information Exposure

The module proactively detects and alerts administrators about sensitive information exposure. It identifies files with sensitive data that are broadly accessible or shared externally, highlighting potential security risks. Specific scenarios include:

  • Files accessible to all employees.

  • Files shared with external parties.

  • Files exposed to a wide audience within the organization (more than 30 people).

  • Files accessible across different organizational units (e.g., engineering, sales).

User/Application Categorization

The governance module categorizes users and applications based on their access to sensitive information. This feature provides:

  • Lists of users and applications with access to highly sensitive information.

  • Detailed views of access permissions for different users and applications.

  • Insights into access across structured and unstructured data sources, including on-premises, SaaS, and cloud environments.

Features and Functionalities

Access Mapping

The module maps who has access to whose data, offering insights into potential access risks:

  • Geographic Access Insight: Identifies scenarios where data access spans across geographic boundaries, such as European customer data accessible to the US sales team.

  • Organizational Level Access: Highlights sensitive files with financial data accessible to non-finance teams, employee information accessible to non-HR employees, and customer data accessible to engineers.

Access Details:

Provides file-level and group-level access details, enabling administrators to track and audit data access comprehensively.

Governance and Policies

The Governance and Policies section of the LightBeam Spectra platform's governance module is designed to provide organizations with robust mechanisms for managing and enforcing data access controls. This ensures that sensitive information is protected and that data access aligns with organizational policies and compliance requirements.

Governance Overview

The governance module allows administrators to define and implement comprehensive data access policies, providing visibility into data access patterns and enabling proactive management of potential security risks. The key components of governance include:

Visibility

  • Provides detailed insights into open, excessive, and cross-departmental access to data.

  • Tracks which users have access to specific data and how this access is used across various applications and platforms.

Automation

  • Supports automated actions based on defined policies, such as revoking access, blocking users, or modifying access permissions.

  • Facilitates efficient management of data access, reducing the burden on IT and security teams.

PreviousGovernanceNextDashboard

Last updated