Data access monitoring

[ravisuhag]

Guardian can manage access across multiple providers. But it is still hard for data governance managers to monitor the different aspects of data access.

Goal: With data access monitoring in Guardian, we aim to provide answers to the following questions.

• How many users have access to sensitive data?
• How many appeals are pending?
• How many appeals are about to expire?
• What kind of data authorized users are accessing?
• When was a resource accessed, by whom, and for what purpose?
• Answers to these questions are very important to be proactive in managing security and compliance.

Scope: Access monitoring can be tracked across different sections

• Appeals: Analytics about appeals and their status.
• Access Logs: Analytics about what resources are being actually queried and how frequently.
• Users: Analytics about how many users are active, and have access across resources.
• Resources: Analytics about how many resources are available and of what type.

[ravisuhag]

One way to identify the sensitivity of data could be with labels on datasets.

Few more questions, that insights can provide answers to:

1. How many times a resource is accessed
2. How many times sensitive BigQuery tables are getting accessed
3. Identify what operations are done on a resource
4. Identify users with excess access rights
5. Alert for bulk download or high-risk flagging for an event
6. Breach Prediction index - a type of risk modeling as per best practices

[mabdh]

Usage history (access logs) data collection will be discussed in detail in #265