Speaking about the success of the project Ken Johnson, Senior IT Security Analyst, for Nottingham Building Society explained, “For us, knowing who can access what data is the biggest challenge and practically impossible to do manually. Before we started this project, we could count the number of assigned data owners on one hand. Permissions were managed manually, using spreadsheets, and we knew it had to be better. We started with a relatively easy installation on a test server and let DatAdvantage run, monitoring progress, for about ten days. When we came back and looked at the results, they were very impressive. We could immediately see where our sensitive data was and who was accessing it.”
Nottingham Building Society has gone through several phases, the first to determine who has access to what. To do this, it uses DatAdvantage to aggregate Active Directory user and group details, ACL information and all data access events to build a complete picture of who can and who is accessing its data. DatAdvantage monitors access behaviour, identifies and assigns data owners, and then the IT team works with the data owners to get the permissions correct.
From this ‘clean’ stature, data owners use DataPrivilege’s self-service portal to perform entitlement reviews. Johnson adds, “It is so simple, and the language straightforward so even those without a technical background can understand. Users are immediately able to start handling permissions and entitlement reviews for themselves, direct within its interface, with minimal IT involvement or support. In fact, it’s been so successful, that the data owners have automatically started moving the project forward by working with our end users to initiate permission requests within the DataPrivilege portal.”
Speaking about the benefits of the project, Johnson concludes, “Everyone, right up to the CEO, is performing entitlement reviews using DataPrivilege on a quarterly basis, and they think it’s fantastic. Not only am I confident that data security has been tightened but it has also freed up IT so they can focus efforts on other areas of the infrastructure.”