Direct Data Access Revocation
Automate revocation of direct access assigned to user accounts granting privileges to data assets and resources
Business Problem
Directly assigned access presents a significant security and governance risk. Since it lives outside standard governance processes and life-cycle management automation - it is hard to manage, often forgotten and may lead to permission creep and over-provisioning that could be exploited if an identity is jeopardized.
Identity Security administrators need to have the ability to automatically revoke unwarranted access to data - such as privileges and access rights assigned directly to users (not through entitlements), direct access links (both internal and external), and public shares. Remediating such access can help reduce attack surface, reduce exposure risk and maintain a clean access model.
While doing that, administrators also need to maintain an audit trail and ensure all actions are approved, documented and can be justified and reported on.
However certification campaigns currently do not support automated revocation of direct access.
How You Can Help
Data Access Security is looking to introduce automated revocation of direct access to data assets, allowing Administrators and Compliance Managers to set an option to automatically revoke direct access based on review decisions. Direct access may include direct permissions or links set for a user or a group.
We are continuing to validate our understanding of the problem space and solution, and are conducting research calls to gather feedback and understand the needs and desired behavior, to ensure we address most common use-cases.
We would love to hear from you!
Please schedule a call to discuss this topic further, and provide insights specific to your business problem and use cases. If you don’t see a calendar opening that aligns with your availability, feel free to send me a direct email at [email protected].