Dashboard

Accessing the Access Governance Dashboard

To navigate to the Access Governance Dashboard:

Step 1: From the home screen, click on the Governance tab in the top navigation bar Step 2: In the dropdown menu that appears, select Access Governance. Step 3: This action directs the user to the Access Governance Dashboard.

Dashboard Overview

The Governance Module Dashboard provides governance officers with comprehensive visibility into the organization’s data access landscape. The primary role of a governance officer is to ensure that users have access only to the data necessary for their roles and to eliminate unnecessary or excessive access. The dashboard plays a crucial role in achieving this by offering detailed insights into users, groups, and data access patterns.

Purpose:

• Provides detailed information about the organization’s users, including:

  • Who the employees are.

  • Which groups they belong to.

  • Differentiation of employment types (e.g., employees vs. contractors).

• Gives governance officers a clear picture of the employee architecture and user identities by pulling data from the connected directory service.

Key Components of the Dashboard

1. Directory Service or IAM (Identity Access Management) Box

• Located on the right side of the dashboard, this box displays the connected directory service, such as Azure Active Directory. The directory service is essential for understanding the organization's employee structure and identity details.

1. Users

• Found on the left side of the dashboard, this box shows a breakdown of the total users within the organization.

• Example:

  • There are a total of 178 users, out of which 22 are employees and 34 are contractors.

  • Out of the 178 users- 70 users have access to sensitive data

• Purpose:

To quickly identify the distribution of users, facilitating decisions related to data access and policy enforcement.

1. Groups

• Located in the center of the dashboard, this box provides an overview of the groups within the organization.

• Example:

  • After scanning, the system identifies 306 groups.

  • Out of which 22 groups have access to sensitive data

• Purpose:

Shows the different groups to which users are assigned, aiding in the management and assignment of access controls

1. Objects with Open Access

• Open Access refers to files that are accessible by a wide range of users—either internal or external. This level of exposure can present significant security and compliance risks.

• Total Open Access Objects: 98 objects across all integrated data sources.

• Top Data Sources:

  • LB GDrive: Highest count with ~60 objects having open access.

  • LB SharePoint: ~15 objects flagged.

  • LB OneDrive: ~20 objects accessible openly.

• Risk Implication:

Open access to sensitive files increases the risk of data leaks, unauthorized access, and non-compliance with governance policies.

• Purpose:

This dashboard helps to identify and address data exposure by highlighting data sources with the most open-access files.

1. Objects with Excessive Access

• Excessive Access refers to instances where more users have access to a file than necessary, based on their role or department. This overexposure may lead to compliance violations or increase the risk of unauthorized data use.

• Total Objects Affected: Approximately 13 objects across connected data sources.

• Top Data Sources with Excessive Access:

  • LB GDrive: 6 objects.

  • LB SharePoint: 4 objects.

  • LB OneDrive: 3 objects.

• Risk Implication: Granting excessive access undermines the principle of least privilege. This makes sensitive data more vulnerable to leaks, misuse, or breaches.

• Purpose:

This dashboard helps governance teams detect and reduce access beyond what's necessary, ensuring tighter data control and minimizing risk.

1. Users Having Access to Entities Data

• Users Having Access to Entity Data section provides a graphical representation of the types of users who have access to various entities within the system.

• Users with Access:

  • 3 Employees

  • 2 Contractors

• Total Entities in the system

  • 1.3k entities

• Visual Insight:

  • The bar chart shows that employees access a significantly higher number of entities compared to contractors.

• Purpose:

  • This view helps to track how entity data is distributed among internal and external users.

  • It supports identifying potential overexposure or misalignment with access policies.

1. Unresolved alerts

The Unresolved Alerts section highlights active security issues or policy violations that have not yet been addressed.

Dashboard Overview:

• Displays a list of critical access-related alerts across various data sources (e.g., SharePoint, OneDrive, GDrive).

• Types of alerts shown:

  • My Company Data Open to the World: Indicates that internal company data is publicly accessible.

  • Vulnerable Customer Data Sharing: Flags sensitive customer data that is improperly shared or exposed.

• Each alert includes a View Details link, enabling deeper investigation and resolution.

Purpose: This section helps to identify and prioritize unresolved risks, ensuring that sensitive data is properly secured and compliant with organizational policies.