Separation of duties (SoD) is a key concept of internal controls and is the most difficult and sometimes the costliest one to achieve. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people.
Now the new regulatory mandate, the EU’s General Data Protection Regulation (GDPR) requires the C-Suite to take a hard look at how it’s corporate organization charters support the new regulation and possibly re-think how required SoD will ensure GDPR compliance and pass audit.
In most organizations a high percentage of its data is stored in office documents. And many organizations use Office 365 as an enterprise productivity and collaboration platform to produce and share content in these documents both inside and outside the organization.
Attackers and non-authorized users target privileged accounts to gain access to critical systems and applications that hold sensitive personal data.
CoreView enables organizations to perform live monitoring and provides alerts to quickly identify unauthorized, suspicious and high-risk activity. With CoreView, organizations can control privileged access to Office 365 environments that hold and process personal data, which is essential for your GDPR data protection program.
Organizations are required to limit the risk of unlawful destruction, loss, alteration, unauthorized disclosure of, and most importantly – access – to personal data. CoreView provides a unified access control solution to regulate and monitor the commands internal users, external users and super-users can run based on their roles and the specific tasks they manage.
The CoreView solution limits the use of privileged rights within the organization, enables the segregation of administrator duties and enforces least privilege policies for super-users.
GDPR requires unauthorized access to personal data to be reported within 72 hours of detection. CoreView provides threat detection solutions that will not only detect malicious activity in real-time but can contain the threat at the earliest stage of the attack lifecycle – before the attacker is able to gain access to personal data.
The CoreView solution features an analytics engine that leverages statistical modeling, machine learning, user behavior analytics, and deterministic algorithms to detect attackers and malicious insiders navigating the network. As a result, incident response teams now have the additional time they need to stop the attacker before they get to their end target.
In the event of a breach, each organization and its business partners need to be able to prove that they’ve met their obligations – and in some cases – determine which party is at fault. So, the question then becomes – Who has access and to which systems and applications do they have access to?
CoreView’s Security & Compliance solution helps organizations discover data access for internal users, external users and the privileged users in their Office 365 environment. Furthermore, it provides detailed logs and audit trails that capture account activity for both internal users and external users alike. The log files are stored securely to prevent manipulation. Audit trails are searchable to aid in the event of forensic investigation or litigation from data breaches.
To be effective, organization’s policies must be monitored, managed, communicated and enforced. CoreView provides an easy way to monitor and enforce your Office 365 configuration and usage policies. With CoreView’s service usage metering you can automatically identify anomalous activities and activate a remediation action.
For the money spent to value received, the CoreView product has provided us the biggest ROI for any of our IT management tools by far.
CoreView helped us solve key challenges in managing Office 365 licenses for the different business divisions in our tenant.
“We are looking CoreView to the future enhancements and what comes up next.”