Access
Last updated
Last updated
The LightBeam Governance module is designed to provide organizations with comprehensive visibility and control over data access across various unstructured data sources. As digital platforms proliferate, ensuring secure access to sensitive information is crucial.
This module empowers organizations to monitor and manage employee access to sensitive data, integrating seamlessly with Azure Active Directory or CSV-based employee lists. Administrators can establish and enforce access rules, track who is accessing what data, and ensure compliance with security frameworks like SOC2, NIST and ISO 27001.
Supporting a wide range of data sources, including SharePoint, Google Drive, Outlook, Gmail, AWS S3, Salesforce, HubSpot, and Slack, the LightBeam Governance module offers a proactive approach to securing sensitive data and maintaining robust data governance across the organization.
LightBeam Admins: Required to set up and manage the governance module.
To begin, Click on the Governance tab in the top menu bar and select Access Governance from the dropdown.
Step 1: Access Directory Services
Navigate to the directory services section in the LightBeam platform from the sidebar menu.
Step 2: Connect Multiple Directory Services
LightBeam Admins can connect multiple directory services to a single LightBeam instance.
Click on the new directory services tab at the right hand top corner
Select the desired directory service and click Next at the bottom.
Fill in the basic details to form a connection and click Next at the bottom.
Step 3: Set Sync Frequency
Configure the synchronization frequency (e.g., daily, weekly, monthly).
Step 4: Initiate Runtime Syncs
Perform manual syncs as needed.
Step 5: Review Synced Details
LightBeam will display synced users, roles, departments, employment status, current status with joining date, and groups.
Step 6: Error Handling
In case of synchronization errors, LightBeam identifies these issues and provides options for re-syncing. Various error scenarios are efficiently handled.
Step 7: Day 2 Syncs
LightBeam supports both Truncate load and incremental syncs. By default, the sync method is incremental, but administrators can choose Truncate load as needed.
Step 1: Prepare CSV Files
Use the defined template including fields such as First Name, Last Name, Username, Email Address, Department, Role, Groups, Employment Status, and current status (active or inactive), along with the date of their addition to the organization.
Step 2: Import Employee Data
Navigate to the import section and upload the employee CSV file. The imported data will function like a typical Active Directory system.
Step 3: Import Groups Data
Upload a separate CSV for Groups and their respective members, ensuring proper mapping.
Step 4: Handle Updates
Similar to Active Directory, the system supports both truncate load and incremental updates based on email IDs.
Configuration for Open Access
Define what constitutes open access at the governance level. By default, LightBeam considers any file accessible via a link as open access.
Configuration for Excessive Access
Customize the definition of excessive access. By default, any file accessed by more than half of the total number of users is considered to have excessive access.
Understanding the following key terminologies is crucial for effectively using the LightBeam Governance module:
Sensitive Information: Data that is protected against unwarranted disclosure and includes personally identifiable information (PII), financial data, and proprietary information.
Open Access: Files accessible by a large number of users, either internally or externally, potentially posing a security risk.
Excessive Access: When more users have access to a file than what is necessary for their role or department.
Incremental Sync: A synchronization method where only the changes since the last sync are updated.
Truncate Load: A synchronization method where existing data is deleted and a full reload of data is performed.
The LightBeam Governance module integrates seamlessly with the overall LightBeam Spectra platform, leveraging a modular architecture to enhance data security and governance. The core components include:
Directory Services Integration
Supports multiple directory services connections (e.g., Azure Active Directory) and CSV imports for user data.
Ensures that user roles, departments, and group memberships are synchronized efficiently.
Access Control Engine
Monitors and manages user access to sensitive information across various data sources.
Enables administrators to define and enforce rules regarding data access.
Alerting and Notification System
Triggers alerts for open or excessive access and unauthorized data sharing.
Provides real-time notifications to administrators for proactive risk management.
Reporting and Analytics
Offers detailed reports on user access, sensitive data exposure, and policy violations.
Provides timeline views for tracking access events and changes over time.
Integration with Data Sources
Supports a wide range of data sources, including SharePoint, Google Drive, Outlook, Gmail, AWS S3, Salesforce, HubSpot, and Slack.
Ensures comprehensive coverage of data governance across both on-premises and cloud environments.
The module proactively detects and alerts administrators about sensitive information exposure. It identifies files with sensitive data that are broadly accessible or shared externally, highlighting potential security risks. Specific scenarios include:
Files accessible to all employees.
Files shared with external parties.
Files exposed to a wide audience within the organization (more than 30 people).
Files accessible across different organizational units (e.g., engineering, sales).
The governance module categorizes users and applications based on their access to sensitive information. This feature provides:
Lists of users and applications with access to highly sensitive information.
Detailed views of access permissions for different users and applications.
Insights into access across structured and unstructured data sources, including on-premises, SaaS, and cloud environments.
The module maps who has access to whose data, offering insights into potential access risks:
Geographic Access Insight: Identifies scenarios where data access spans across geographic boundaries, such as European customer data accessible to the US sales team.
Organizational Level Access: Highlights sensitive files with financial data accessible to non-finance teams, employee information accessible to non-HR employees, and customer data accessible to engineers.
Provides file-level and group-level access details, enabling administrators to track and audit data access comprehensively.
The Governance and Policies section of the LightBeam Spectra platform's governance module is designed to provide organizations with robust mechanisms for managing and enforcing data access controls. This ensures that sensitive information is protected and that data access aligns with organizational policies and compliance requirements.
The governance module allows administrators to define and implement comprehensive data access policies, providing visibility into data access patterns and enabling proactive management of potential security risks. The key components of governance include:
Visibility
Provides detailed insights into open, excessive, and cross-departmental access to data.
Tracks which users have access to specific data and how this access is used across various applications and platforms.
Automation
Supports automated actions based on defined policies, such as revoking access, blocking users, or modifying access permissions.
Facilitates efficient management of data access, reducing the burden on IT and security teams.
