[MUSIC PLAYING] Hi, I'm Colin Truran, principal technology strategist at Quest. And this is the third and final video in our trio around GDPR. And today, we're going to talk about how do we solve some of these problems? And in particular, we're going to be looking at security.
So we're going to focus on platform management. Of course, Quest has a much broader product portfolio that can handle data protection, information management, identity and access management, and endpoint devices. And these are all things that we need to consider with GDPR. Let's focus down on what we talked about earlier, with regards to security.
To understand security, we need to first understand and know how security is being assigned. How are people giving access, and what are they giving access to? And then, we can start planning around what's right and what's wrong. Now, of course, this requires interviewing people to ask them what systems they have, but also, deploying solutions to be able to monitor their access, to be able to un-pick the integration and the in-depth nesting of groups, for example, and who granted that right.
Then, after that, you need to actually start to see how is that access being used? Because you may have modeled the security within traditional management systems, or identity and access management systems. But that is a model based on what you've been told. It is not how systems are used. So you need to make sure that you focus in and understand exactly what is happening. Have your finger on the pulse.
For example, if you have 20 people in HR department and they are allowed to access an HR SharePoint site that has confidential information on it, that's great. They're part of that department, they should have rights. But if you monitor the actual activity and find that only five of those people ever accessed that HR system, what should you do? Obviously, your model is wrong. So you need to remove those 15 people that never access it. Stop granting access by default. This does not tie in with GDPR, because security should be by design and by default. You need to keep it as small as possible, least privileged access-- even if, in principle, those people should have access.
So, by removing those 15 people, you've reduced your threat by 75%. There's 75% less accounts now that can be compromised that can gain access to sensitive information. So you need to be able to constantly assess what is going on in your environment, and feed that back into your modeling and your security solutions.
Then, once you've decided that there are things that are wrong and need to change, you need to be able to change it in a safe and managed way. You need to be able to delegate access. Make sure that people understand exactly what they're changing. You have a work flow around that change. And then, make sure that when those changes happen, you've got a way of rolling back that change quickly and safely.
And also, if there is an attack, you need to be able to quickly analyze what happened in that attack, see the before and after, compare and restore. And restoration is a key part of GDPR, because, remember-- your security service that you're employing is providing services to your data subjects. It's granting them access to the services and facilities that they expect to have under GDPR.
So if you cannot restore that correctly, you cannot restore that quickly because of the complexity, you're going to be failing them under GDPR. So you need to be able to have a quick way of restoring that information in a safe and consistent manner.
So how does Quest help? Well, we have solutions around knowing and planning what's going on. So I'd like to introduce you to Enterprise Reporter. Enterprise Reporter is a fantastic tool that allows you to actually understand who got access to what, how they got that access. It unpicks all of the nested groups, sees what's going on.
We then have operational compliance. So that's that next piece of keeping your finger on the pulse. Change Auditor is able to monitor what is going on, alert the right people-- not just the IT team, but let's start alerting the people that actually run those systems so they can make an informed decision. And this is where security by design and by default carries in as well. Because if you detect suspicious activity, it is best to block that attempt, instead of actually just permitting it because you don't know and you want to just maintain a system access to someone that may or may not require it.
So default safe. And if you need to, also roll back. Take an intelligent view. If someone starts acting in a way that they're an attacker-- so they're adding themselves to privileged groups in quick succession-- detect that type of activity, prevent it, and roll it back.
And then, finally, we need to be doing things in a safe way. So we need introduce things like Recovery Manager for Active Directory, Forest Edition-- the ability to actually protect your entire environment, group policies and Active Directory accounts, see changes. Group policy objects as well, we have to see the changes, allow and delegate rights within your organization. So that if changes happen, then you can see what happen and roll that back. And in a hybrid environment, this is vitally important.
So being able to do this both in Azure Active Directory and on-premise Active Directory is paramount for organizations, because they're even greater risk. And then, finally, as I said, you need to be able to delegate the rights and roles and responsibilities to make those changes. And active roles gives you that granular ability to really nail down and only give people the scope of change that they need to perform that task. Minimize your risk-- put workflows in place. Change processes. Fix administration loops. Thank you very much for listening, and I hope this has been helpful.