Automated Access Reviews: See Who Has Access — and Why It Matters
Most access reviews are painful, manual, and months behind. Lightbeam changes that by tying every permission back to a real person and their data footprint — giving you clarity, context, and automated remediation.
Automated Access Reviews: See Who Has Access — and Why It Matters
Most access reviews are painful, manual, and months behind.
Lightbeam changes that by tying every permission back to a real person and their data footprint — giving you clarity, context, and automated remediation.
Transcript
So in here, the UI has changed slightly since we built
this demo environment, so ignore it slightly,
but for the most part, everything stays can either go in
and create a new analysis based on a data source,
find a path, give it a name,
hit create those run for a while.
And depending on how much data
is there, it might take a little while.
So we're gonna use one that's already been built
and we're just gonna use this test site one.
So if you think about when this would happen, when we'd need
to do an access review, often it would come on the heels
of a ransomware event or an insider threat scenario.
But it is also required in certain regulations that you go
through and do these either on an annual or quarterly basis.
And it becomes quite tedious.
And I, I know I said this in the opening slides, doing these
of annual reviews in spreadsheets without a lot
of context requires a lot of clicking
around the various systems to find all the data you need.
And we wanna make sure that you get this done as quick
as possible and as accurately as possible.
So you can see here we have all users for this test site
that have access, the groups that have access,
who has direct access.
So their email address has been specifically chosen
to have access rather than them inheriting it by a group.
The number of users that inherited via a group,
we have 55 users that we haven't reviewed yet,
would obviously to get that to zero.
And we currently have zero external users,
but those show up as well, which makes it very easy for us
to, um, ensure that things are, you know, buttoned up.
For example, we're working on a project right now
with a graphic agency.
We've shared a couple folders with them.
Uh, if we were to do an analysis on our own infrastructure,
we would see that and once that project is complete,
we would definitely clean up that
folder and move forward, right?
So it's these types of things that really help make sure
that our customers are able to clean up
and keep their access tight.
So situations like the insider risk scenario
or ransomware don't continue to happen.
So let's dive into all users.
We can see what objects are accessible to them.
So this one's got a fair amount, this one has a little bit,
we got a bunch of test users, Seth Knox, he's busy again.
Uh, so we're gonna pick on him a little bit today again.
And so we can see that, oh,
he is got 568 sensitive objects that he can see.
He's part of the group, everyone, he's in department sales,
he has, so he has access to 568 sensitive pieces of data
and a total of 676 in this, uh, SharePoint site.
So that alone is concerning
and especially since I've already been doing some
investigation on Seth, I know that, hmm,
we should probably look a little further.
So I'm gonna go ahead and flag this for further review,
but just in case, I'm gonna take a look here.
This is the same exact interface that you saw earlier.
You can see the alert here, the attributes.
So if I go over to attributes, he's got access to the,
the same high level attributes that I had,
and we can see in the activity log
what all he is been working on, what he is,
what he is looking at, the files, things like that.
So we clearly have access to tons of information to be able
to make contextual decisions on how to solve this problem.
So if this was in production, I would likely go ahead
and revoke access for stuff by coming up here
and clicking revoke access.
Given that this is a demo
Environment. And given
that, I don't know to
what extent we have it integrated, I am not gonna click
that button and revoke access for my boss from working.
I don't believe that would be the case though.
But instead I've gone ahead
and marked this for further review.
And then once it's, you know, gone through
by whoever's gonna perform that for review, they can mark it
as reviewed and export the CSV.
But let's talk about users
that really like they should have access.
It isn't a problem. And let's just assume test
10 is one of those users.
I'm gonna go ahead and check the box,
make sure I uncheck south's box.
So I'm checking the box for test 10, and I'm gonna go ahead
and mark that as reviewed.
Can see down here that test 10 has been reviewed at this
time by my user,
and that will show up in that exported CSV as well.
So as we loop through
and we go through these, we can know very quickly
who has been reviewed, who hasn't.
We can filter it, we can filter by flag
or not flagged users review status reviewed or not reviewed,
or even employment type.
Are they contractors, are they employees?
And go ahead and work within that.
So then once you get your access review completed,
then it's very simple to export that and move on.
Uh, the good news is if, if you end up having
to do these annually, quarterly,
you can just rerun the same access review cycle.
You don't have to build it again.
It'll pull the current analysis.
And in theory,
it should be a lot faster the more often these get run to go
through and determine who should or should not have access.
And then you can move on with your life.
So while they're, uh,
while access reviews are very manual process,
traditionally we've made the process extremely simple
and painless while remaining familiar to analysts
because sadly, most of this is usually done in spreadsheets.
So we've tried to mimic that feel to keep it familiar.
And then once again, if you've got an auditor in
that in-house or you know,
knocking on your door, you can say, here we go.
Here's our audited data.
Go ahead and, and use that for analysis.
this demo environment, so ignore it slightly,
but for the most part, everything stays can either go in
and create a new analysis based on a data source,
find a path, give it a name,
hit create those run for a while.
And depending on how much data
is there, it might take a little while.
So we're gonna use one that's already been built
and we're just gonna use this test site one.
So if you think about when this would happen, when we'd need
to do an access review, often it would come on the heels
of a ransomware event or an insider threat scenario.
But it is also required in certain regulations that you go
through and do these either on an annual or quarterly basis.
And it becomes quite tedious.
And I, I know I said this in the opening slides, doing these
of annual reviews in spreadsheets without a lot
of context requires a lot of clicking
around the various systems to find all the data you need.
And we wanna make sure that you get this done as quick
as possible and as accurately as possible.
So you can see here we have all users for this test site
that have access, the groups that have access,
who has direct access.
So their email address has been specifically chosen
to have access rather than them inheriting it by a group.
The number of users that inherited via a group,
we have 55 users that we haven't reviewed yet,
would obviously to get that to zero.
And we currently have zero external users,
but those show up as well, which makes it very easy for us
to, um, ensure that things are, you know, buttoned up.
For example, we're working on a project right now
with a graphic agency.
We've shared a couple folders with them.
Uh, if we were to do an analysis on our own infrastructure,
we would see that and once that project is complete,
we would definitely clean up that
folder and move forward, right?
So it's these types of things that really help make sure
that our customers are able to clean up
and keep their access tight.
So situations like the insider risk scenario
or ransomware don't continue to happen.
So let's dive into all users.
We can see what objects are accessible to them.
So this one's got a fair amount, this one has a little bit,
we got a bunch of test users, Seth Knox, he's busy again.
Uh, so we're gonna pick on him a little bit today again.
And so we can see that, oh,
he is got 568 sensitive objects that he can see.
He's part of the group, everyone, he's in department sales,
he has, so he has access to 568 sensitive pieces of data
and a total of 676 in this, uh, SharePoint site.
So that alone is concerning
and especially since I've already been doing some
investigation on Seth, I know that, hmm,
we should probably look a little further.
So I'm gonna go ahead and flag this for further review,
but just in case, I'm gonna take a look here.
This is the same exact interface that you saw earlier.
You can see the alert here, the attributes.
So if I go over to attributes, he's got access to the,
the same high level attributes that I had,
and we can see in the activity log
what all he is been working on, what he is,
what he is looking at, the files, things like that.
So we clearly have access to tons of information to be able
to make contextual decisions on how to solve this problem.
So if this was in production, I would likely go ahead
and revoke access for stuff by coming up here
and clicking revoke access.
Given that this is a demo
Environment. And given
that, I don't know to
what extent we have it integrated, I am not gonna click
that button and revoke access for my boss from working.
I don't believe that would be the case though.
But instead I've gone ahead
and marked this for further review.
And then once it's, you know, gone through
by whoever's gonna perform that for review, they can mark it
as reviewed and export the CSV.
But let's talk about users
that really like they should have access.
It isn't a problem. And let's just assume test
10 is one of those users.
I'm gonna go ahead and check the box,
make sure I uncheck south's box.
So I'm checking the box for test 10, and I'm gonna go ahead
and mark that as reviewed.
Can see down here that test 10 has been reviewed at this
time by my user,
and that will show up in that exported CSV as well.
So as we loop through
and we go through these, we can know very quickly
who has been reviewed, who hasn't.
We can filter it, we can filter by flag
or not flagged users review status reviewed or not reviewed,
or even employment type.
Are they contractors, are they employees?
And go ahead and work within that.
So then once you get your access review completed,
then it's very simple to export that and move on.
Uh, the good news is if, if you end up having
to do these annually, quarterly,
you can just rerun the same access review cycle.
You don't have to build it again.
It'll pull the current analysis.
And in theory,
it should be a lot faster the more often these get run to go
through and determine who should or should not have access.
And then you can move on with your life.
So while they're, uh,
while access reviews are very manual process,
traditionally we've made the process extremely simple
and painless while remaining familiar to analysts
because sadly, most of this is usually done in spreadsheets.
So we've tried to mimic that feel to keep it familiar.
And then once again, if you've got an auditor in
that in-house or you know,
knocking on your door, you can say, here we go.
Here's our audited data.
Go ahead and, and use that for analysis.
Related Posts
Simplifying Data Security: Insights from Lightbeam’s CEO Himanshu Shukla
Simplifying Data Security: Insights from Lightbeam’s CEO Himanshu Shukla
Learn More
Lightbeam Basics: Data Security Posture Management (DSPM) Dashboard Overview
Lightbeam Basics: Data Security Posture Management (DSPM) Dashboard Overview
Learn More
Lightbeam Basics: Identifying Identities at Risk for Enhanced Data Security