Winter Release 2026: reduce data risk faster, streamline audits, and operationalize data security governance

Data security governance for Salesforce and Amazon S3

Salesforce and Amazon S3 rely on powerful, layered permission models. That power creates risk when access gets over-granted and teams cannot quickly answer basic questions: who can reach sensitive CRM records, which S3 objects are exposed, and what is the effective access path that made it possible?

Winter Release 2026 extends Lightbeam governance into Salesforce and Amazon S3 so teams can understand effective access, identify overexposure, and support investigations and audits with an end-to-end trail of evidence.

What’s new

• Effective permissions analysis across Salesforce profiles, permission sets, roles, sharing rules, and external sharing mechanisms
• Access analysis for Amazon S3 that accounts for bucket policies, IAM roles, ACLs, and inheritance
• Bi-directional visibility: start from a user to see what they can access, or start from a record, file, or object to see who can reach it
• Overexposure detection to help reduce blast radius, including broad sharing, cross-account access, and risky external exposure patterns
• Audit-ready reporting to support investigations, cloud security reviews, and compliance evidence

Workflow-driven policies and folder controls

Governance only works when teams can turn intent into action without reinventing the process every quarter. At petabyte scale, humans cannot keep up with one-off decisions and follow-ups across large legacy file shares.

Winter Release 2026 upgrades how teams build and operationalize workflow-driven policies, so governance is repeatable and easier to run day to day. It also adds folder-level controls for SMB (NTFS) shares, helping analysts focus on the highest-exposure folders first and apply consistent actions with approvals where needed, without a long trail of tickets.

What’s new

• Workflow-driven policy creation with optional automation blocks and a fixed execution sequence
• Automated notifications on scan completion, policy execution routing, and report distribution
• Folder-level exposure insights for open, external, excessive, and broken-inheritance access patterns
• Folder action states with re-evaluation, action history, and audit logging
• Folder actions, including revoke open access, revoke external access, restore inheritance, and revoke direct access

Minimization: stale ownership and Purview labels

Retention risk usually does not come from the data everyone knows about. It comes from orphaned and forgotten data that quietly expands exposure and liability. Minimization only works when it is operationalized, not when it lives in a policy document.

Winter Release 2026 helps teams find the highest-impact minimization opportunities, assign accountable ownership, take defensible actions, and align retention execution with Microsoft Purview’s retention enforcement model.

What’s new

• ROT reporting with volume and count breakdowns by file type, date ranges, and ownership
• Stale user and stale file policies to identify inactive, disabled, or deleted accounts tied to ownership or access
• Ownership reassignment workflows with manager and datasource owner fallbacks, plus access revocation for inactive accounts
• Import Microsoft Purview retention labels, enrich them with Lightbeam conditions, and apply labels to SharePoint and OneDrive content via API

Compliance dashboards and continuous control visibility

As data estates expand and evolve, compliance failures rarely come from missing policies. They come from blind spots, drift, and the inability to prove controls are still working as environments change. Teams lose weeks to evidence collection because “audit readiness” depends on snapshots and manual exports.

Winter Release 2026 introduces expanded compliance dashboards designed for continuous governance. Instead of rebuilding evidence during audit season, teams can monitor posture, drill into what is driving exposure, and export audit-ready reports with ownership, review state, and action history.

What’s new

• Expanded compliance dashboards that support PCI DSS, HIPAA, and additional regulatory and internal control frameworks
• Pre-mapped views that align sensitive data types, access conditions, and exposure patterns to common control requirements
• Continuous evaluation of access posture, including open access, external sharing, excessive permissions, and inheritance drift
• Drill-down from high-level posture into affected data stores, folders, users, and actions
• Exportable reports designed for audit evidence, including timestamps, ownership, review state, and action history
• Unified dashboards spanning SaaS, cloud, and file-based data sources to reduce manual evidence aggregation
• Custom dashboard creation that allows for selecting and organizing the metrics that matter most to key stakeholders

Data classification: multilingual PII extraction with unified attributes

Global data estates do not speak one language, and neither do regulators. Traditional classification tools struggle outside English, forcing teams to choose between blind spots and an explosion of per-language rules.

Winter Release 2026 expands PII extraction beyond English with multilingual detection that maps language-specific results back to standard attributes. That keeps policies consistent and manageable while improving coverage across regions.

What’s new

• Multilingual identifiers framework to support language-specific PII recognizers
• Standard attribute mapping so extracted entities roll up into existing Lightbeam attributes, not a separate attribute universe
• Language metadata included in extraction results to support normalization and downstream policy decisions
• Initial coverage for English plus ten additional languages: Dutch, French, German, Italian, Portuguese, Spanish, Russian, Japanese, Korean, and Chinese

Other updates that remove friction

Not every improvement needs a spotlight to matter. Winter Release 2026 includes targeted updates that tighten control and reduce the hidden costs of governance at scale.

Role-based access control (RBAC) enhancements

• More granular RBAC aligned to real operational roles
• Stronger separation of duties and easier least-privilege enforcement inside Lightbeam

Cross-site archival

• Policy-driven identification and archival of inactive data across environments
• Decisions informed by sensitivity, access patterns, and identity context, not just file age or location

Expanded access reviews for Box, Google Drive, and SMB

• Extend User Access Review workflows across Box, Google Drive, and SMB
• Centralized access certification and a consistent reviewer experience across platforms

Audit readiness

• Built-in audit workflows that align controls, evidence, and action continuously
• Reduced audit fatigue and faster response when auditors request proof

Privacy impact assessments (PIA)

• Integrated PIA workflows that link assessments to real data, identities, and access patterns
• More consistent assessments and faster response to regulatory requirements

Cookie consent and Global Privacy Control (GPC)

• Native support for GPC signals to recognize and act on user privacy preferences
• Signal-based, policy-driven consent enforcement that improves regulatory alignment

Additional platform enhancements

• Performance upgrades for responsiveness and reliability at higher scale
• Template workflows for custom business and compliance documents
• Labeling enhancements for more consistent downstream enforcement
• Active Directory entity enrichment to strengthen identity resolution and governance accuracy

See it in action

If you want to see what it looks like when governance runs as an operational system, join the Winter Release webinar. We will walk through workflow-driven policy creation, folder-level exposure controls, stale ownership minimization, customizable compliance dashboards, and multilingual PII extraction that reduces global blind spots.

Webinar registration: https://lightbeam.ai/winter-release-streamlining-governance-at-petabyte-scale