The term insider threat often associate it with malicious actions carried out by individuals intentionally seeking to harm the organization. While malicious insiders remain a concern, they are not the leading cause of damage for most organizations today. The greater risk of data loss typically comes from accidental insiders.
The most common source of exploitation is a phishing email. Such emails may deliver malicious code, including ransomware, or capture user credentials that allow external attackers to access and compromise organizational data.
The common theme between malicious and accidental threats is that someone is allowed to initiate an action on their own that causes the loss of data. Data loss can come from deletion of data or entities, denial of data protection, or the unauthorized restore of data. To prevent a user from maliciously or accidentally causing data loss, you can enforce standard operating procedures by using an authorization operation to require all or selected clients, groups, or users to have administrator or additional approval for any action that may cause data loss. This “dual authorization” can prevent both honest mistakes by single users and malicious insiders from harming your organization.
A number of authorization operations are deployed to help reduce the risk of data loss. The authorization operations can be used to include an additional approval process on all or selected CommCell entities, such as clients, groups, or users, for actions or requests that may cause a data loss.
The authorization operations intercept the specific action or request as soon as it is initiated. These operations can be configured to include custom approver groups for different data bearing entities and other security operations like updating the storage policy copy or updating any existing approval user group. Key features are as follows:
-
A simple interface to view and configure all operations under Manage > Security.
-
Independent Approver Groups:
- Both MSP and tenant users can appoint their own approver groups for each operation.
- Operation level configuration overrides the Global configuration.
-
Approval Routing for MSP users:
- MSP users can choose how approval requests originating from their tenants are routed and handled.
-
New Member Approval:
- Newly added approver group members must wait 24 hours before they can participate in approvals, preventing immediate misuse of new accounts.