LightBeam Dashboard Outlay

Outlay

The Outlay section of the dashboard helps monitor and assess the organization’s data risk posture. It focuses on tracking sensitive data, privacy compliance, and security policies to help identify potential vulnerabilities.

Dashboard Views and Tabs

LightBeam now supports multiple dashboard views to help administrators and security teams analyze data risk, privacy posture, and governance insights at different levels of granularity.

Main Dashboard

The Main Dashboard provides an aggregated view of metrics across all connected data sources. All widgets described in the sections below represent organization-wide insights when viewed from the Main Dashboard.

This view is intended for:

• Executive-level visibility

• Organization-wide risk posture assessment

• Cross–data source trend analysis

Data Source–Specific Dashboards

For each onboarded data source, LightBeam automatically generates a data source–specific dashboard tab (for example, Azure, Dropbox, Compliance (PCI), etc ).

These dashboards display the same set of widgets as the Main Dashboard; however, all metrics are scoped exclusively to the selected data source. This enables administrators to:

• Investigate risks within a single system

• Analyze alerts without cross-source noise

• Perform targeted remediation and ownership assignment

Pinning Data Source Dashboards

Administrators can control which data source dashboards appear as tabs using Dashboard Settings.

• By default, data source dashboards are not pinned.

• Administrators can pin frequently monitored data sources.

• Pinned dashboards appear as tabs alongside the Main Dashboard for quick access.ge

This allows organizations to customize dashboard views based on operational priorities and risk exposure.

Widget Scope Across Dashboards

All dashboard widgets described in the following sections appear on both:

• The Main Dashboard

• Data source–specific dashboards

When viewed from a data source dashboard, widget values are automatically filtered to reflect data only from the selected data source.

Main Dashboard:

The main dashboard supports various widgets to give an overview of the organization and various Data source related status. Widgets like Data Sources, Live Data Discovery, Policies with Alerts, Duplicate Data, Entities, Privacy rights, Risk distribution, Unresolved alerts, Critical Alerts, Document distribution Privacy assessment, Governance etc.

Data Sources

This metric provides an overview of the data sources being monitored, categorizing them into healthy and at-risk groups based on policy violations. The data sources in the “At risk” category are those in which objects have violated a configured policy.

Risky Data Sources

This metric identifies data sources categorized as "risky," meaning one or more objects in the data source is violating a configured policy. This helps highlight areas that need immediate attention and mitigation strategies.

Live Data Discovery

Live data discovery helps track an organization’s data landscape in real-time. It provides an up-to-date understanding of the total volume being monitored and the organization's sensitive data exposure in terms of the number of sensitive data elements found. It ensures that any new or evolving data is monitored continuously for security risks. Allows to sort the View by Day or Cumulatively.

Total Data Monitored

This metric shows the total volume of data being actively monitored, measured in gigabytes (GB). It helps to quantify the scope of data being tracked and managed for privacy and security risks.

Total Attribute Instance(s) Found

This metric counts the number of attribute instances (sensitive data elements) found across all your data sources. Identifying sensitive data instances is essential for ensuring adequate data protection measures and compliance with data privacy regulations such as GDPR.

Total Policies with Alerts

This section shows the total number of active policies in place that have triggered alerts. These alerts indicate a violation of security or privacy policies and need immediate review.

Discovery and Classification - Detection (Total Alerts)

This metric reflects the total number of alerts triggered from a Detection policy.. These alerts are generated when sensitive data is identified in unauthorized locations.

Data Lifecycle: Retention (Total Alerts)

This metric shows alerts related to data retention policies. Alerts are triggered when data exceeds retention periods or is improperly managed, ensuring compliance with regulations such as GDPR or CCPA.

Access Policies: Internal Access (Total Alerts)

This metric tracks alerts triggered by internal access to sensitive data. It focuses on monitoring unauthorized internal access to critical information, which is key to enforcing access control policies.

Privacy Rights

Privacy rights metrics track data subject rights requests and help manage privacy compliance.

Data Subject Requests (Open and Total)

This metric tracks the total number of open and completed data subject requests (DSRs), such as requests for access, deletion, or modification of personal data. It’s essential for ensuring compliance with privacy regulations like GDPR.

Consent Management (Consent Records) (Opt-Ins, Opt-Outs, Total)

This metric tracks consent records and the actions associated with them. It includes opt-ins, opt-outs, and the total number of consent records, ensuring that consent is appropriately managed in line with data protection laws.

Cookie Consents (Total Domains and Total Cookies)

This metric monitors cookie consent for your organization. It tracks the total number of domains and cookies where consent has been collected, helping ensure that your organization complies with cookie consent requirements across websites.

Document Types: Labels (Top 5)

This metric categorizes and labels the top five document types containing sensitive data. Labeling helps prioritize document security, ensuring that critical documents are protected from unauthorized access.

Entities (Total and At Risk)

This section tracks the total number of entities (e.g., persons, organizations, systems) whose sensitive data is present within your data sources, and identifies those considered "at risk" due to policy violations.

Users with Access

This metric tracks the number of users who have access to entities' data. It helps ensure that only authorized personnel can access entities' information and plays a key role in maintaining data security and access governance.

Unresolved Alerts (Total Alerts)

This metric shows the total number of alerts that remain unresolved. These alerts typically indicate security or privacy violations that require further investigation or action to mitigate risks.

Critical Alerts

This sub-metric focuses specifically on critical alerts—those representing severe security or privacy breaches that require immediate attention

Privacy Assessments

The Privacy Assessments section provides insights into the organization’s readiness to manage privacy risks and assess the impact of processing activities on personal data.

PIA (Privacy Impact Assessment) (Review Pending and Total)

This metric tracks the status of Privacy Impact Assessments (PIAs), showing how many are pending review and how many are completed. PIAs help assess the risk and impact of processing activities on personal data and ensure compliance with privacy laws.

RoPA (Records of Processing Activities) (Review Pending and Total)

This metric tracks the completion and review status of RoPA, which documents the organization's data processing activities. It helps ensure compliance with data protection regulations and provides transparency into how data is handled.

Governance (Users with Access and Sensitive Objects)

The Governance section focuses on access control and the management of sensitive objects within the organization. It gives visibility into how many users have what type of access to how many sensitive objects. The Governance module additionally ensures that only authorized users can access sensitive data. Includes a Link to the Governance Dashboard.

It is important to note a few kinds of access related risks that can help understand the threats to the security structure of an organization, if left unchecked:

• Open Access: This refers to unrestricted access to data or resources. It allows anyone to view, use, and distribute information without any limits.

• Excessive Access: This happens when unrestricted access to data or resources is given, allowing anyone to view, use, and distribute information without any limits.

• Cross Department Access: This involves granting access to data or resources across different departments in an organization. This lack of segregation can cause unnecessary exposure to sensitive information in an organization.

Users with Access

Tracks the number of users who have been granted access to sensitive data or systems. This metric ensures that access rights are appropriately assigned and reviewed regularly to limit the exposure of sensitive data.

Sensitive Objects

Monitors the total number of sensitive objects (e.g., files, records) within the organization, helping to enforce data governance policies.

Data Source Specific Dashboard

Adding / Pinning DS Dashboards

In the main dashboard page, click on Dashboard Actions & click on "Go to Dashboard Settings"

The settings allows to pin the desired dashboard based on the name & type of dashboard, showing the owner and editors of the DS, along with its pinned status.

Compliance (PCI) Dashboard:

Lightbeam helps with PCI compliance by automating the discovery, protection, and governance of cardholder data (CHD) and Primary Account Numbers (PANs) across an organization's systems, reducing scope and risk by identifying where sensitive data lives, controlling access with least-privilege policies, enforcing retention/minimization, and generating audit-ready reports for continuous compliance with PCI DSS. It uses identity-centric controls to map data to users and automates remediation for open shares and excessive permissions, streamlining processes that used to require multiple tools.

This is how the Compliance (PCI) Dashboard will look like with the default widgets PCI Compliance Summary, Files with PCI data, Databases with PCI data, file distribution by PCI Labels, PCI data shared with Partners, Access related data for files.

PCI Compliance Summary:

It shows the total number of instances found in files and databases (structured & unstructured), access status, file modification under Retention tab.

By clicking "View All PCI Data" it opens the main attribute management tab and details like total attributes, no. of data sources, which are the attributes etc.

Files with PCI data:

It gives a data source based (Unstructured) representation of objects contains card information. It shows the top 5 DS.

Database with PCI data:

It shows the structured data in which datasource are the instances found. For e.g 66 columns and 36 tables in 2 DBs.

Files distribution by PCI labels:

If the files are labelled with PCI Files then it is shown in the following widget.

PCI data shared with Partners:

If the data / file is being shared with someone outside the organization through mail or other ways it will come here.

The e.g shows 446 entites and maximum files shared through Gmail.

There's another filter to this which is shared by Data sources, in this e.g Sharepoint is the data source with highest no of files which were shared with external partners.

Access related data for files:

Files categorized based on the access to those files "Open Access" & "Excessive"

Compliance HIPPA Dashboard:

Similar to PCI data this dashboard gives the summary based on the attributes of Personal Health Information (PHI) like Medical record number, USASSN, etc.