Implementing Detective Controls to Cover All Your Bases
Organizations also need detective controls to review and monitor user access and activity for anomalies that need investigation. In other words, it’s not enough to simply define access controls and forget about them. Too many factors in the environment are constantly changing (users, applications, directories, etc.), and sometimes policies and procedures are not followed to the letter. Detective controls allow organizations to identify and rectify problems before they lead to a catastrophic breach. Examples of detective controls include periodic review of access by supervisors and data owners and monitoring of user activity affecting sensitive data. Every organization will benefit from detection of dangerous situations such as a fired employee who still has access to cloud storage or a user who has downloaded large volumes of sensitive data on multiple occasions.
Similar to preventive controls, a consistent, uniform approach to implementing detective controls is an important aspect of an effective identity governance program – especially one that is designed to govern access to sensitive data stored in applications, databases and files.
