Here’s a situation every CISO dreads: The CEO calls (often late at night) in a panic because someone has somehow gained access to sensitive information they shouldn’t have. Maybe it’s a rumor about potential M&A. It might be an employee asking about a confidential new product in development. Sometimes, it’s someone external to the company — a customer calling with questions, a reporter calling for comment, or (worst case scenario) an already-published news story on confidential information.

As a CISO, I got this call more than a few times. In most cases, the executive already knew where that information might have come from a document or presentation they thought was protected by limited, exclusive access permissions.

What they wanted to know from me was simple: Who has access to this file? Where did they get it? And what have they done with that access?

This was always uncomfortable, because the executive thought they were asking straightforward questions with immediately knowable answers. But I knew that it was likely going to take me and our incident response team at least long hours if not a few days to get those answers. And that was with as much of a state-of-the-art security tech stack and highly mature security posture as any organization.

That call was always followed by a very tense several days — not just because I was under pressure to give the CEO answers. Because until I figured out who had access that shouldn’t or who shared information they shouldn’t, I couldn’t begin the process of containing the situation.

And I know that most of my CISO colleagues have felt the same pain because I can see it in their eyes when we share stories.

Unraveling the access control web

The problem here was three-fold. First, we had to figure out where that file lived. It might exist on multiple systems and applications, in multiple locations within an app, and in multiple versions.

Second, we had to figure out who had access to each of those instances or locations of the file. That meant wading through different access control frameworks for each system or application to understand the different access paths - usually multiple - a particular user might be able to take to get to that file.

Finally, we had to determine what those with access to the file had actually done with that access. Who recently accessed the file? Who shared the file? Who copied it, downloaded it, moved it, etc.?

A heavy burden on Cyber Security Incident Response Teams (CSIRT) 

Answering these questions almost always required our incident response team to manually pore over piles of access logs. They had to find the needle in the haystack. Then, translate the log-speak into human-readable language. And then piece together the story of what happened.

It took a lot of time - when time is of the essence. These are tasks that have a high mental strain in any circumstance. But it’s especially stressful given the urgent, high-profile situation of protecting business-critical information.

This is not a situation where you clock out at 5 and pick it back up in the morning. We had some long days — and sometimes long nights — that were no fun for anyone. Even when handled well, these are tense situations and emotions are high..

I also saw these events happening more frequently. The digital acceleration of the business world means organizations are generating more files and more data every month, every week, every day. The decentralization of IT infrastructure and shift to cloud-based collaboration apps means files are being created, moved and shared constantly.

Legacy identity and access management systems coupled with onerous manual workflows create a situation where it’s impossible for access control policies to keep up. So, they’re often adapted (or ignored) to strongly favor speed and agility in productivity and collaboration rather than balancing them with business risk.

Oleria gives you critical answers in seconds not days

Oleria changes all of that. Because Oleria was built by security operators who know the stress and impacts of leak investigation, we created a solution that gives you critical answers in seconds: where a sensitive or confidential file lives, who has access to it, and what they did with that access.

Oleria gives you one centralized, composite view across your identity stack, SaaS platforms and applications. You can search for the file in question and instantly pull up a visualized access graph that shows you which users have access permissions, where they got them, and how they used them.

Fine-grained access visibility

With Oleria’s fine-grained visibility, we can tell you each and every transaction — every read and every write — that happened on that document during the time period in question.

So, you can give the CEO answers almost instantly. And perhaps more importantly, you can start your remediation immediately to minimize the business risk.

No, it won’t take all the dread out of that CEO call about the file leak. But it will reduce the amount of time that CISOs and their teams have to live in that high-stress circumstance.

We’d love to show you how we are delivering modern identity security — schedule a demo today.