The data security regulatory environment is changing. The concept of “segregation of duties” has been a historical control mechanism that looks to make sure that appropriate checks and balances are in place to ensure that users, roles and permissions are appropriately set up and managed. The goal being to prevent any given user or role from being too privileged and able to subvert critical business processes.
However, in the current regulatory environment, it’s not just about who can do what. It’s also about who can see what. Regulations such as GDPR, the California Consumer Privacy Act and other impending state mandates are now requiring organizations to be able to report on who has seen any individual’s sensitive data.
Join us and learn more about the “Segregation of Access” controls you should put in place to ensure that only people that need to see sensitive data actually have the ability to do so – and that those access activities are accurately logged and reported.