DLP Role-Based Access – Who’s monitoring the monitors?
Yes, securing Intellectual Property is an important subject. My nightly reading includes perusing security news sites in an attempt to stay current on information security news and trends. I’ve read no fewer than 2 new articles a night regarding the need to secure data leakage of Personally Identifiable Information and Intellectual Property.
A product such as McAfee Data Loss Prevention does a great job of detecting incidents and alerting on policy violations. Depending on the type of violations, often times multiple gatekeepers will need to be alerted in addition to the DLP administrator, such as the compliance manager or the business unit manager. And what happens in a scenario where the violator is the DLP administrator himself? If administrator is the violator, he possesses the rights to delete the alert without anybody knowing!
This is why I like McAfee DLP’s Role-based Access Control features. Role-based Access Control is also known as Separation of Duties. It provides granular control over users who view DLP Incident Manager and Operational Events data. By assigning incidents to specific administrators or groups and building permission sets in ePO, users can control which reviewers see which incidents. There are many benefits that come with role-based access control.
For example, let’s say your company has international offices with headquartered in the US. An incident happened in the UK sales office where an employee tried to email out a list of customers’ personal identifiable information to a competitor. Certain European privacy laws specify that local incidents stay local. With role-based access control, you can allow local UK DLP admin to view the incidents while the global DLP admin at the US head quarter cannot. And all this can be easily managed by McAfee ePO management console.
Check out the cool video here (http://goo.gl/BCTRB) on how role-based access is used to further improve security!