Blogs & Resources

Data Access Governance - Principles of least privilege

Supreeth Rao

Theom enables enterprises to understand access and comply with principles of least privilege, enabling Cloud infrastructure entitlement management (CIEM) workflows. 

Theom harmonizes data access across multiple access configurations, and cloud access controls and presents to the end user:

  • Who is accessing the cloud data assets? Specifically, which user (human and machine) and role are accessing critical data assets.
  • Of the accesses possible for a data asset, users and roles which have accessed data over the last 15 days, 30 days, 6 months, 1 year, and
  • 1.5 years.
  • Workflows to implement “user permission shrink wrapping.” Continuously shrink unused permissions with a complete understanding of the impact.

With Theom, enterprises can asses risks due to over-provisioned access and continuously reduce the attack surface. Theom integrates with the customer’s SOAR to push these rules back as a cloud-native control. 

With Theom’s rule engine, customers can also define security rules and policies based on access governance. Access rules can be defined based on the contents of the data irrespective of the underlying store or the technology that powers the data store. Theom also discovers new data created in cloud environments, enabling access policies based on data entities to be applied as data is copied, transformed, and shared. Thereby delivering Controls that follow data. 

Suggested further reading: Verizon 2022 Data Breach Investigations Report (DBIR): Growth in front-door data exfiltration attacks