Compliance and Regulation

Meet compliance and regulatory requirements. It’s simple.

Compliance regulations such as SOX, HIPPA, FISMA and internal audits performed as part of a risk assessment, are a stressful event to any IT organization. When It comes to understanding the relevance of these regulations on business data, it can be boiled down to a simple notion: Proving the IT organization has visibility AND control into the data environment that ensures that only the right people have access into sensitive data.

Gaining this type of visibility requires assessing the IT organization’s capability of answering a few key questions:

Who has access to what?
What is accessible to whom?
How did access rights to sensitive data change at different points in time?

Answer key compliance and regulation questions with Aprigo NINJA

Step 1: Gaining visibility into your data environment: Aprigo NINJA lets you aggregate all the data sources containing sensitive files into a single dashboard.

Step 2: Permission reporting on sensitive folders: Use Aprigo NINJA to aggregate information from Active Directory with ACLs collected from file systems to provide detailed visibility into the actual users that have access to sensitive folders. Security groups are great, but they mean nothing to the business owner or IT auditor that needs to change access controls on those sensitive folders

: File System Audits With Aprigo NINJA

Step 3: Perform user entitlements reviews of users and groups: Use Aprigo NINJA to illustrate all the network folders that a user or group has access to, where they gained this access from, and remediate issues. End-users have ABE (Access Based Enumeration) that provides them with a view of only the resources they have access to. Now, the system administrator can have a similar view for each user and group in the environment.

Step 4: Review data access controls at different point in times: Use Aprigo NINJA to create scheduled scans of areas containing sensitive files to create an audit trail of who had access to what and what was accessible to whom in different points in time. Those snapshots can be loaded into the dashboard at any time.