When people hear the term Insider threat, they immediately think of malicious acts initiated by insiders that are deliberately trying to cause harm to an organization. While the "malicious" insider threat will always be a concern, it isn't the primary source of damage for most organizations today. The main threat for loss of data is the "accidental" insider.
The accidental insider is someone who makes an honest mistake or is manipulated into causing harm to an organization. The most common source of manipulation is a phishing email that either execute malicious code such as Ransomware or obtain the reader’s credentials allowing an external user to gain access to and destroy data. Much can be done to minimize the threat from phishing emails. Avoiding honest mistakes requires training and enforcement of standard operating procedures.
The common theme between malicious and accidental threats is that someone is allowed to initiate an action on their own that causes the loss of data. Data loss can come from deletion of data or entities, denial of data protection, or the unauthorized restore of data. To prevent a user from maliciously or accidentally causing data loss, you can enforce standard operating procedures by using a business logic workflow to require all or selected clients, groups, or users to have administrator or additional approval for any action that may cause data loss. This “dual authorization” can prevent both honest mistakes by single users and malicious insiders from harming your organization.
The Commvault Store provides a number of business logic workflows that can be deployed to help reduce the risk of data loss. You can use business logic workflows to include an additional approval process on all or selected CommCell entities, such as clients, groups, or users, for actions or requests that may cause a data loss.
The workflows are automatically triggered when the specific action or request is initiated. To use the authorization workflows, you can download them from the Commvault Store and then deploy it. The Get and Process authorization and other entity deletion operations are enabled by default.