The term insider threat often associate it with malicious actions carried out by individuals intentionally seeking to harm the organization. While malicious insiders remain a concern, they are not the leading cause of damage for most organizations today. The greater risk of data loss typically comes from accidental insiders.
The most common source of exploitation is a phishing email. Such emails may deliver malicious code, including ransomware, or capture user credentials that allow external attackers to access and compromise organizational data.
The common theme between malicious and accidental threats is that someone is allowed to initiate an action on their own that causes the loss of data. Data loss can come from deletion of data or entities, denial of data protection, or the unauthorized restore of data. To prevent a user from maliciously or accidentally causing data loss, you can enforce standard operating procedures by using an authorization operation to require all or selected clients, groups, or users to have administrator or additional approval for any action that may cause data loss. This “dual authorization” can prevent both honest mistakes by single users and malicious insiders from harming your organization.
A number of authorization operations are deployed to help reduce the risk of data loss. The authorization operations can be used to include an additional approval process on all or selected CommCell entities, such as clients, groups, or users, for actions or requests that may cause a data loss.
The authorization operations intercept the specific action or request as soon as it is initiated. These operations can be configured to include custom approver groups for different data bearing entities and other security operations like updating the storage policy copy or updating any existing approval user group. Key features are as follows:
-
A simple interface to view and configure all operations under Manage > Security.
-
Independent Approver Groups:
- Both MSP and tenant users can appoint their own approver groups for each operation.
- Operation level configuration overrides the Global configuration.
-
Approval Routing for MSP users:
- MSP users can choose how approval requests originating from their tenants are routed and handled.
-
New Member Approval:
- Newly added approver group members must wait 24 hours before they can participate in approvals, preventing immediate misuse of new accounts.
-
Independent Exclusion Lists for granularity:
- A majority of the MPA opertions include dedicated exclusion lists for users and user groups. These exclusions allow specified users or groups to bypass authorization requirements for individual MPA operations.
-
Email notifications for modifying configurations:
- Configuration changes made to an MPA operation require approval. Approvers receive email notifications when a configuration change request is submitted.
-
Cooldown period for newly onboarded Tenants:
- A cooldown period of 7 days is applied to newly onboarded tenants. During this period, Dual Authorization is not enforced, allowing tenants to configure approvers and exclusions as needed.
-
Better context for approval requests:
- Delete server requests include an optional reason field. The provided reason is visible to approvers during review of the deletion request.