Order in your files and folders: how to organize access control and protection against leaks
20.04.2021
Back to blog listExpansion of the IT infrastructure complicates controlling who accesses, makes copies, moves from folders, and deletes the information. In case company's confidential files and folders are not organized, it's almost impossible to keep that data secure. The task is solved with specialized DCAP systems.
Figure out who needs DCAP and for what purposes!
What tasks does DCAP solve?
The term DCAP, which stands for Data-Centric Audit and Protection, is relatively new. This does not mean that the companies did not need to audit the documents. The point is that the problem becomes more acute - the amount of data is growing exponentially, and it is no longer possible to ensure the order in the file system manually.
Automated DCAP systems help information security specialists solve several tasks at once:
1) Find the location of the documents containing critical information: personal data, trade secrets, payment card numbers, passwords.
2) Track all operations that users perform with these files. That is, be aware of who created, edited, moved, deleted, or copied the document.
3) Perform audit of access rights to automatically track open resources, files that are available to both a specific user and a group, as well as accounts with privileged rights.
4) Recover lost information if a user deliberately or not deletes the files. To do this, the system creates shadow copies and stores different versions of the documents.
Solution to the problem
In 2019, SearchInform released a solution for automated file system audit – SearchInform FileAuditor. New product met the basic functional requirements: the system detected and classified vulnerable data, conducted access rights audit, created an archive of critical documents, and monitored user actions.
The problem of data at rest control was solved as follows: the software places tags by category (this helps to find all files with a certain content at once), monitors access rights as well as all operations with the files. FileAuditor also allows for configuration of security policies, and notifies about their violation.
At the beginning of 2021, the vendor implemented proactive file protection. Now FileAuditor is able to block the content in accordance with the tags - so it prevents unauthorized access to the documents as well as sending them via any channel.
Example of FileAuditor interface
For March 2021, the DCAP system SearchInform FileAuditor automatically blocks unwanted actions with the files, depending on their content. The task is solved by using tags that are automatically assigned to the files – "Trade secrets", "Personal data", "Contracts", "Financial statements", "Files with passwords", etc. Then, in accordance with the tags, it is possible to configure permissions and prohibitions, namely: which users, which PCs, and which applications can open and edit the file.
Tags are very important component of DLP operation, they allow for instant blocking of the confidential data leakage, - now the security system does not need to check the contents of each file. To understand how critical a document is, DLP checks the tag. This method allows avoiding system overload. Blocking in accordance with the tags is also implemented in SearchInform DLP.
Advantages of FileAuditor solution
Integration capability. FileAuditor easily integrates with other SearchInform products, primarily with SearchInform DLP. As mentioned above, this significantly increases the level of information protection, since it provides protection not only for data at rest (via FileAuditor) but also for data in motion (via DLP).
Example of the FileAuditor interface
How to choose the right DCAP system and how to test it
When choosing an appropriate software it is indispensable to test different systems, namely, check them for load on the IT infrastructure and hardware requirements. It is also important to pay attention to the quality assistance of technical support, as well as the vendor's willingness to negotiate improvements, etc.
But the main recommendation is to do load testing on as many machines as possible (Don’t forget that the trial is free!). Installing the software on several PCs will not show the real infrastructure load. In addition, only full testing enables the company to assess the product functionality and its reliability. This is the tip that you can use when deploying any software product to the test.
As for DCAP functional testing, it makes sense to set real operational tasks. For example, find all the computers where password files are stored, bypassing security policies. Or simulate the situation to track how quickly a document with "confidential" information and limited access rights will be distributed across the team.
Blocking result
DCAP system is relatively new product for IT and Information Security Departments, however, in financial and commercial spheres the solution used to be implemented widely. For April 2021, the DCAP gains momentum across other industries - companies put high value on data storage and protection since they understand that it is the most valuable asset for the business. It costs businesses too much to get sensitive information into the wrong hands.
See How-to Document to learn more about DCAP systems and why is it important to classify and sort out confidential data.
