Policies and Alerting

Defining Policies

The Policies and Alerting feature within the LightBeam Governance module is a cornerstone of its data governance capabilities. It empowers organizations to define, enforce, and monitor data access policies, ensuring that sensitive information is accessed only by authorized individuals and in compliance with regulatory requirements. This section details the process of defining policies, configuring alerts, and managing policy violations.

Policies in the LightBeam Governance module are rules that dictate acceptable data access practices within an organization. These policies can be customized to address specific security requirements and compliance standards.

• Types of Policies

  • Open Access Policy: Defines what constitutes open access to files. By default, any file accessible via a link is considered to have open access. This can be customized to tighten or loosen the criteria based on organizational needs.

  • Excessive Access Policy: Sets thresholds for what is considered excessive access to files. The default setting considers any file accessed by more than half of the total number of users as excessively accessed. This threshold can be adjusted to better fit the organization's security posture.

  • Cross-Departmental Access Policy: Controls access to sensitive data across different departments. For example, financial data should not be accessible to non-finance teams, and HR data should not be accessible to non-HR employees.

• Creating Policies

  • Step 1: Define Criteria: Administrators define the criteria for each policy, specifying what conditions must be met for a policy to be considered violated.

  • Step 2: Assign Scope: Determine which data sources, user groups, and organizational units the policy applies to.

  • Step 3: Set Actions: Define the actions to be taken when a policy violation is detected, such as generating alerts, revoking access, or initiating automated remediation processes.

Configuring Alerts

Alerts are critical for real-time monitoring and response to policy violations. They ensure that administrators are promptly notified of any potential security issues.

• Types of Alerts

  • Immediate Alerts: Triggered instantly when a policy violation is detected. These are used for critical issues that require immediate attention.

  • Threshold Alerts: Triggered when access reaches or exceeds a predefined threshold. For example, an alert can be set to trigger when a file is accessed by more than a specified number of users.

  • Scheduled Alerts: Generated based on scheduled scans and checks. These alerts provide regular updates on policy compliance and potential issues.

• Setting up Alerts

  • Step 1: Define Alert Conditions: Specify the conditions under which an alert should be triggered. This can include criteria such as the type of data accessed, the number of users accessing the data, and the departments involved.

  • Step 2: Configure Notification Settings: Determine how alerts are communicated to administrators. Options include email notifications, SMS alerts, and dashboard notifications.

  • Step 3: Assign Alert Recipients: Designate the individuals or teams responsible for responding to alerts. This ensures that the right people are informed and can take action promptly.

Managing Policy Violations

Once policies and alerts are configured, the governance module continuously monitors data access to detect and manage policy violations.

1. Detection:

   1. The module uses real-time monitoring and periodic scans to identify policy violations. This ensures that any unauthorized access or risky behavior is detected as soon as it occurs.

2. Response:

   1. Automated Actions: Based on the defined policies, the module can automatically revoke access, block users, or move files to secure locations when a violation is detected.

   2. Manual Intervention: Administrators can review alerts and take manual actions as needed. This may involve investigating the root cause of the violation, contacting the affected users, or making adjustments to the access policies.

3. Audit and Reporting:

   1. Violation Reports: Detailed reports on policy violations provide insights into the nature and frequency of violations, helping administrators understand trends and potential security gaps.

   2. Audit Trails: Comprehensive logs of all policy-related activities, including detected violations, triggered alerts, and actions taken. These logs support auditing and compliance efforts, ensuring that the organization can demonstrate adherence to data governance policies.

Monitoring and Reporting

Effective governance requires continuous monitoring and reporting to ensure compliance with defined policies and to identify potential security risks.

Dashboards

• The governance module provides a comprehensive set of dashboards that display essential metrics, governance rule violations, and partner onboarding status.

• Specific dashboards include the Main Dashboard, Governance Dashboard, Data Source Level Governance Dashboard, Per User View, and Entity View.

Reports

• Detailed reports offer insights into high data access users, enabled rules, and rule violations at the data source level.

• These reports can be used to audit data access, assess compliance with security frameworks, and identify areas for improvement.