Installer Guides

Governance Module Dashboard

Governance Module Dashboard Overview

The Governance Module Dashboard provides governance officers with comprehensive visibility into the organization’s data access landscape. The primary role of a governance officer is to ensure that users have access only to the data necessary for their roles and to eliminate unnecessary or excessive access. The dashboard plays a crucial role in achieving this by offering detailed insights into users, groups, and data access patterns.

Purpose:

  • Provides detailed information about the organization’s users, including:

    • Who the employees are.

    • Which groups they belong to.

    • Differentiation of employment types (e.g., employees vs. contractors).

  • Gives governance officers a clear picture of the employee architecture and user identities by pulling data from the connected directory service.

Key Components of the Dashboard

  1. Directory Service or IAM (Identity Access Management) Box

    • Located on the right side of the dashboard, this box displays the connected directory service, such as Azure Active Directory. The directory service is essential for understanding the organization's employee structure and identity details.

Directory Service Box

  1. Users

  • Found on the left side of the dashboard, this box shows a breakdown of the total users within the organization.

Displays number of users with access

  • Example:

    • There are a total of 250 users, out of which 206 are employees and 44 are contractors.

  • Purpose:

    • Helps the governance officer quickly identify the distribution of users, facilitating decisions related to data access and policy enforcement.

  1. Groups

  • Located in the center of the dashboard, this box provides an overview of the groups within the organization.

Displays number of groups with access

  • Example:

    • After scanning, the system identifies 16 groups.

  • Purpose:

    • Shows the different groups to which users are assigned, aiding in the management and assignment of access controls.

  1. Sensitive Objects Across Departments

  • The Sensitive Objects Across Departments section provides a graphical representation of the most sensitive data sources within the organization.

  • This section helps governance officers identify which data repositories contain the most sensitive information. It also shows how that data is distributed across departments.

  • The dashboard highlights the top 5 data sources where sensitive objects are stored. These data sources are ranked based on the level of sensitivity and the volume of sensitive data they contain. There are 643 Highly Sensitive objects.

Displays Sensitive Objects Access Across Departments

5. Users Having Access to Entity Data

  • Users Having Access to Entity Data section provides a graphical representation of the types of users who have access to various entities within the system.

This section breaks down users by type. It shows who has access to entity data within the organization:

  • Total Users with Access: The dashboard indicates that there are 191 employees and 43 contractors with access to entity data.

  • Entities in the System: These users collectively have access to approximately 115,000 entities in the system. Entities could include files, documents, records, or any structured or unstructured data objects within the organization.

Displays total users with access to entities data

6. Unresolved Alerts

The Unresolved Alerts section highlights critical alerts that have yet to be addressed according to the organization's data governance policies. This section is crucial for governance officers to identify and act on potential security risks or policy violations.

  • In the current view, the dashboard shows that Christine What from the Engineering Department has access to sensitive information, specifically Customer USA Social Security Number (SSN) data. This access is considered a potential policy violation, as it may not align with the organization’s guidelines regarding who should have access to such sensitive information.

Displays unresolved alerts

Users

Navigating to the Users tab from the left panel of the Governance dashboard displays a detailed list of users with access to sensitive data

Select users in the left menu panel
Detailed List of users with access to sensitive data.

This window is a critical tool for governance officers to monitor and manage data access across the organization.

Overview of the User Access Window

  • Total Employees and Contractors with Access: The window displays a breakdown of all users with access to sensitive data:

    • Out of the 206 total employees, 30 employees have access to high-data privilege.

Displays the the number of employees with High Data privilege

  • Out of the 44 contractors, 7 contractors have access to high-privilege data.

Displays the the number of contractors with High Data privilege

  • Departmental Distribution: These users are distributed across 10 departments, highlighting how access to sensitive data is spread across different parts of the organization.

Number of departments

  • Within the Users dashboard of the Governance Module, there is also a detailed department-wise bifurcation that highlights employees who have access to high-privilege data. This view helps governance officers assess how sensitive data access is distributed across departments.

Detailed bifurcation of all the users across all departments

Click on a department like Engineering in the Users dashboard. You’ll see all employees in that department who have access to sensitive data. This helps governance officers manage and review access more effectively.

Click on any department box

Overview of the Department-Specific Access View

  • Employee List: A comprehensive list of all employees and contractors in the selected department is displayed. It offers detailed insights into each individual's level of data access.

Name of every user is displayed

  • Access Level: Each individual is assigned an access level—Low, Medium, or High—based on the sensitivity of the data they can access. This helps quickly identify users with high-privilege access who may pose greater risk.

Displays the data privilege of each individual user

  • Entities and Data Sources Accessed: The table shows the following information for each user:

    • Number of Entities Accessed: The total number of data entities that each employee or contractor has access to.

Number of entities that can be accessed by each user

  • Number of Data Sources Accessed: The number of distinct data sources (e.g., SharePoint, Google Drive, Salesforce) each user has access to.

Number of Data Sources accessible by each user

  • User Type: The table clearly differentiates between employees and contractors to help governance officers assess the appropriateness of data access levels.

Displays the employment type of each user

  • User View: Accessing User Details

To view detailed information about a specific user, go to the Users dashboard and click on the user's name. For example, selecting Daniel Sullivan reveals comprehensive insights into their data access profile.

Click on the name of any user

User-Specific Dashboard: User’s Access Details

Clicking on a user's name in the Users Dashboard opens a dedicated dashboard with a comprehensive view of their data access. For example, selecting Daniel Sullivan reveals his access level, location, employment type, and other key details. This helps governance officers monitor and manage access effectively.

Detailed overview of a specific user

Overview Summary:

  • Data Sources: 3 data sources

  • Entities: 73 entities

  • Attributes: 7 attributes

  • Groups: 0 groups

Data Sources Section

  • Displays a list of data sources a user can access, detailing the objects containing sensitive information.

  • Displays the total number of objects, entities, and attributes user can access across each data source. This offers granular visibility into his access rights and potential areas of exposure.

list of data sources accessible by a specific user

Entities Section

  • List of Entities Accessible by the user

    • Entities at Risk: 101

    • Entity Types: 1

      • Two types of entities can be found in the system- Human or Organizational

Overview of Entities section dashboard

Types of Entities and Risk Assessment:

  • Human Entities: 101 entities (all 101 are at risk)

  • Organization Entities: No organizational entities

Navigating Human and Organization Entities

  • Click on the Human or Organization entity type to view a detailed list showing:

Click on Human or Organizational Entity to see more detailed information

  • Entity names (e.g., names of people)

  • Risk status (whether the entity is at risk or not)

  • Entity type

  • Number of data sources, objects, and attributes associated with each entity

Detailed Information from Human Entity type

Organization Entities:

  • Names of organizations

  • Risk status

  • Entity type

  • Number of data sources, objects, and attributes linked to each organization

Attributes Section

  • Displays the total number of high, medium, or low-sensitive attributes a user has access to.

Detailed overview of Attributes a user has access to

  • In this case, the user has access to 4 High-sensitive, 11 Medium-sensitive and 3 Low-sensitive attributes

  • Scrolling down reveals all 18 attributes along with their 21,000 instances. This breakdown highlights the type and volume of data accessed by the user, helping identify potential risk areas.

Groups Section

  • Displays all the groups a user belongs to, helping identify access inherited through group memberships.

    • In this case the user is part of the Engineering group with High-Data Privilege and with access to 18 Attributes.

Displays all the groups to which a user belongs

Unresolved Alerts Section

  • The Unresolved Alerts section displays all active alerts associated with the user that have not yet been reviewed or addressed, helping governance teams prioritize follow-up actions.

Unresolved alerts section

Groups Dashboard

Navigating to the Groups tab from the left panel of the Governance dashboard displays a detailed list of Groups with access to sensitive data

Select Group tab in side panel
Detailed Groups Dashboard

This window is a critical tool for governance officers to monitor and manage data access across the organization.

Overview of the Group Access Window

  • Total Groups with Access: The window displays a breakdown of all groups with access to sensitive data:

    • In the above image 16 groups have access to high-data privilege.

Within the Groups dashboard of the Governance Module, there is also a detailed Group-wise bifurcation that highlights members who have access to high-data privilege. This view helps governance officers assess how sensitive data access is distributed across multiple groups.

Detailed Group Bifurcation

  • Click on a group like Engineering Managers in the Group dashboard. You’ll see detailed information of members, attributes, entities and data sources accessible by the group.

Group detailed overview section

Overview Summary:

  • Data Sources: 2

  • Entities: 113

  • Attributes: 20

  • Members: 6

Data Sources Section

  • Displays a list of data sources a Group can access, detailing the objects containing sensitive information.

  • Displays the total number of objects, entities, and attributes a group can access across each data source. This offers granular visibility into his access rights and potential areas of exposure.

Detailed view of Data Sources in Group Section

Entities Section

  • List of Entities Accessible by the group

    • Entities at Risk: 113

    • Entity Types: 1

      • Two types of entities can be found in the system- Human or Organizational

      Detailed view of Entities Section in group window

Types of Entities and Risk Assessment:

  • Human Entities: 113 entities (all 113 are at risk)

  • Organization Entities: No organizational entities

Navigating Human and Organization Entities

  • Click on the Human or Organization entity type to view a detailed list showing:

Click on Human Entity

  • Entity names (e.g., names of people)

  • Risk status (whether the entity is at risk or not)

  • Entity type

  • Number of data sources, objects, and attributes associated with each entity

Detailed Information from Human Entity type

Attributes Section

Displays the total number of high, medium, or low-sensitive attributes a group has access to.

Detailed overview of Attributes a group has access to

  • In this case, the group has access to 6 High-sensitive, 11 Medium-sensitive and 3 Low-sensitive attributes

  • Scrolling down reveals all 20 attributes along with their 166k instances. This breakdown highlights the type and volume of data accessed by the user, helping identify potential risk areas.

Sub-groups Section

The Sub-groups section shows all smaller groups that are part of a main group. This helps in understanding how access is shared through group layers.

Sub-group section

Members Section Displays all the members that belong to a specific group, helping identify access inherited through group memberships.

Detailed members overview

  • In this case, the group has access to 4 Employee Members and 2 Contractor Members

  • The list shows the names of every members, their data privilege, memeber type and employee type.

Sensitive Objects Dashboard

Selecting Sensitive Objects from the left panel opens a dashboard that shows data access across sources. It highlights potential security risks and helps identify sensitive data that may be overexposed or improperly accessed.

Click on sensitive objects

Overview of the Sensitive Objects Dashboard

Overview of different types of sensitive objects access

  • Open Access: The dashboard shows that 2 data sources have sensitive objects with open access. This means all users in the organization can access them, posing a high risk of unnecessary exposure of sensitive information.

  • Excessive Access: There are 2 data sources with excessive access, meaning users have more access than permitted by the organization's data governance policies. This increases the risk of data breaches or misuse of sensitive information.

  • Cross-Department Access: There are 2 data sources with cross-department access, indicating that sensitive data is accessible by users across multiple departments. This can lead to unnecessary exposure and increased risk of data being accessed beyond its intended scope.

This section provides visibility into the volume and distribution of sensitive objects across the organization. It helps governance officers evaluate data exposure and take informed actions to manage access more effectively.

Breakdown of Sensitive Objects

  1. All Objects:

Overview of all objects

  • Total: The dashboard shows a total of 126k objects across the four data sources, representing all the sensitive data currently identified.

  • LB SharePoint: Contains 125K objects. This represents a significant portion of sensitive data, requiring careful monitoring and governance due to its widespread use.

  • LB OneDrive: Has 526 objects. While smaller in number compared to SharePoint, these objects still require scrutiny to ensure appropriate access controls.

  • Redaction Data: Shows 176 objects.

  • AWS-FSX: Contains 6 objects.

  1. Open Access

Open Access section of the Sensitive Objects dashboard provides detailed information on sensitive data objects that are currently accessible by all users within the organization.

Detailed open access window

Breakdown of Objects with Open Access

  • LB SharePoint:

    • 6.3K objects have open access. meaning they are accessible to all users in the organization. This poses a significant risk, especially if these files contain confidential or critical information.

  • LB OneDrive:

    • 22 objects have open access. Similar to SharePoint, these objects are widely accessible, increasing the risk of data leakage or unauthorized modifications.

  1. Objects with Excessive Access

The Objects with Excessive Access section of the Sensitive Objects dashboard highlights data objects that have more access granted than is deemed necessary or appropriate under organizational policies. This increased access raises the risk of data breaches, unauthorized changes, or misuse. It's important for governance officers to address these risks promptly.

Detailed view of objects with excessive access

Breakdown of Objects with Excessive Access

  • LB SharePoint:

    • 13K objects have excessive access. These are sensitive objects within SharePoint that have been accessed by more users than permitted by the organization’s access control policies. This could include cross-departmental access or access by employees who do not have a legitimate business need.

  • LB OneDrive:

    • 54 objects have excessive access. Although the number is smaller compared to SharePoint, these objects may still pose a risk if sensitive information is unnecessarily accessible to a larger group of users.

  1. Cross-Department Access

The Objects with Cross-Department Access section of the Sensitive Objects dashboard reveals data objects that are accessible across multiple departments, which may not always be necessary or appropriate. Cross-department access can expose sensitive information to employees who do not have a legitimate business need, increasing the risk of data leaks, misuse, or compliance violations.

Detailed view of objects with cross departmental access

Breakdown of Objects with Cross-Department Access

  • LB SharePoint:

    • 97K objects have cross-department access. This represents a significant number of sensitive data objects on the SharePoint platform that are accessible by users from different departments, potentially creating security risks or policy violations.

  • LB OneDrive:

    • 412 objects have cross-department access. While fewer in number, these objects still pose a risk if they contain sensitive information that should be restricted to specific teams or departments.

Accessing Governance Module Through Datasources Dashboard

The Governance of a specific Datasource feature in the LightBeam dashboard offers a detailed view of access control and data distribution across various data sources, allowing governance officers to monitor and manage data access effectively.

Accessing the Governance Details

Navigate to the Data Source Section:

  • Open the Data Source section in the LightBeam dashboard.

Click on Datasources tab on the top

  • Search for the data source you want to investigate (e.g., LB SharePoint).

Search the name of the data source in the search bar

  • Click on the data source name (LB SharePoint in this case).

Click on the name of the data source

View the Governance Information:

  • Scroll down to find the Governance of the Data Source on the right side.

Scroll down to find this window in the dashboard

  • This section presents a graphical representation of the data source's governance status.

Understanding the Governance Graph

  • User Access: The dashboard shows that LB SharePoint is accessible to 251 users.

  • Object Count: There are 61K sensitive objects under this data source.

  • Access Levels: A bar graph provides a breakdown of the different levels of access (e.g., open access, excessive access, cross-departmental access) for these objects.

    • You can hover over each bar in the graph to see the specific number of objects at that level of access. For example:

    Hover over a specific bar to see the exact number

    • 6.3K objects with open access.

    • 13K objects with excessive access.

    • 97K objects with cross-department access.

Navigating the Governance Dashboard

  • You can also click on a bar (such as the open access bar) to be redirected to a more detailed governance dashboard for this data source.

Click on a specific bar to see more details

  • Here, you will see:

Detailed view of every user with open acess

  • The number of owners (e.g., 250 owners) with open access to this data source onjects

  • It also shows the number of objects accessible to each owner

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected].

PreviousAccess Governance StatisticsNextAccess Governance V2 (Activity Logging)

Last updated