DatAdvantage has a built-in report to find and eliminate global access, a major cause of data breaches. This report should be run on a regular basis to track progress and spot the rise of unauthorized global groups (recommended: weekly/last 30 days; monthly/last 180 days).
There are two configuration options to consider that provide different types of information:
Option 1: Number of folders with global access (excludes inheriting subfolders)
This filter configuration will display only the number of protected, or non-inheriting folders with global access.
This report shows overall progress in remediating global group exposures or spotting anomalies in the number of distinct folders that are permissioned with global groups.
From the list on the left, find “No. of folders with global access,” click on it to highlight the selection, and click the “>” arrow to move it to the selection field.
Optional: select the color of the chart using the drop-down menu.
Option 2: Number of folders with global access (including inherited subfolders)
This report is most effective for showing how many total individual folders have been remediated, including all subfolders that previously inherited all permissions from their parent directory.
For example, if there is 1 top-level folder with a global group, but that folder contains 1000 subfolders, all inheriting, the change at the top would net a result of all 1000 subfolders.
The higher, but more dramatic drop may be useful for showing overall risk reduction.
This report is also important to trend the growth of known global group folders, to identify whether users create a lot of new folders open to everyone – an increase in potential risk.
Tips for interpreting this report
During a remediation process, you should see a line sloping downward from left to right, indicating top-level/protected folders having global groups removed.
Once the remediation is complete, the line should stabilize (ideally at 0), and remain that way over time. Any spikes indicate creation of new folders accessible via global groups that should be investigated and potentially remediated, as they pose an increase in potential risk.
Spikes in the graph rising from left to right may indicate the addition of a global group at a high-level folder, and the propagation to subfolders, showing potential increased risk (see below.)