hamburger icon close icon

Who Gets to See the Data in Your Storage Environment?: Gaining Control with Role-Based Access

August 4, 2021

Topics: Cloud Data Sense

Data governance and data privacy have both become a central subject in today's discussions about enterprise IT. Tons of sensitive information is held in storage servers, and the organizations who control that data need to implement measures not only to protect that data, but to govern it.

With so much data at stake, it can be difficult to decide within an organization who gets to have access to this information. And even if there is an easy way to tell who is responsible to see the data and who isn’t, there may not be an easy way to enable that kind of role-based access.

In this blog we’ll take a closer look at the challenges of role-based access and show you how NetApp Cloud Data Sense’s new role-based access controls can help you define custom roles for using and viewing data at your organization.

Read on below as we cover:

What Are Role-Based Access Controls?

Role-based access control (RBAC) is a method for restricting access to network resources based on the role a specific user. Based on this role, the user can access only information or resources in a network related to their participation in the organization.

For example, a network user could be granted the Admin role which would let the user perform configurations on all or specific network resources, such as a CRM system or a server. On the other hand, another user could be granted the end-user role, which would only allow use of all or certain resources but would not allow configuration changes to be performed by that user.

Why Are Role-Based Access Controls Important?

Implementing RBAC provides companies with a number of important benefits:

  • Increased security: By definition RBAC increases security in a network but assigning roles to users decreases the probability of errors when inserting those users into the network.This strengthens security.
  • Varied user bases: There are all different types of users within every organization. Some are internal employees with different ranks within the organization, others are external partners who need access to certain parts of the network. And among this variety of users, behavior is dynamic. Users can change positions within the organization and require deeper (or fewer) levels of access to resources. RBAC allows efficiency in the management of this wide variety of users in a dynamic context.
  • Lowering costs: Restricting access to users to only certain resources reduces overall cost because network bandwidth, storage and memory usage are more efficiently distributed.

How RBAC Works in Cloud Data Sense

NetApp Cloud Data Sense is a powerful tool designed to give you insight into the data you store across all your storage environments, whether they’re in the cloud or the data center. As a data governance management and monitoring tool, access levels are imperative in Cloud Data Sense.

As different personnel need different access levels to the data in your organization, Cloud Data Sense’s new role-based access controls give you a way to define specific roles that have access to different resource types within the platform.

The role-based access controls in Cloud Data Sense are basically inherited from the access level structure already used by Cloud Manager. Remember that Cloud Manager is the SaaS-based single management pane from where you can manage all your ONTAP based storage, either on-prem or cloud-based. From Cloud Manager you can also consume a list of NetApp services, such as Cloud Tiering and Cloud Insights.

When a user signs up for Cloud Central, an account admin in Cloud Manager will associate that user to the account and give the user any of the roles below:

  • Account Admin: An account admin can perform all of the actions available in Cloud Manager. This could be, for example, deleting working environments, managing credentials, managing Cloud Central accounts, or modifying Cloud Manager settings. Account Admins are like super users, with access to everything. In terms of Cloud Data Sense, this Account Admin user is going to be able to access and change compliance settings and view compliance information across all working environments.
  • Workspace Admin: Workspace Admins can manage all the resources from an assigned workspace. Account Admins assign users with the Workspace Admin role to one or more workspaces. This allows Workspace Admins to manage working environments, enable services on them (such as Cloud Tiering), view the timeline, and view data replication status for any system in that workspace. In terms of Cloud Data Sense, this user can manage compliance settings and view compliance information only for systems they have permission to access. If a Workspace Admin tries to view any compliance information for an unauthorized system. the Compliance tab won't display any information.
  • Compliance Viewer: Someone with access as a Compliance Viewer can only view data details and produce reports for the systems that they have been granted access. Aside from the ability to view scan results and generate reports, they can't make any configuration within Cloud Data Sense. Compliance Viewer users can not enable nor disable scanning on volumes, buckets, or databases. This is the most restricted user level, which basically only allows viewing actions within Cloud Data Sense

The Benefits of Role-Based Access for Cloud Data Sense

We just went over the different user levels in Cloud Manager and the rights they have when manipulating Cloud Data Sense. With the Compliance Viewer role, the new RBAC feature has introduced a powerful tool for admins to govern who has access to data in their organization.

There are a number of benefits to RBAC coming to Cloud Data Sense:

  • Limit Data Access

With the data privacy laws in effect around the world today, the question of who gains access to sensitive data is critically important. Role-based access becomes essential in order to control who gains access to what. RBAC is an efficient way to enhance security in a network,especially in large ones.

  • More Governance Controls

Many organizations have different divisions that, for various reasons, need access to sensitive data for different reasons. Human resources, legal departments, or security team members may all need to access different parts or sections of this sensitive pool of data. But that doesn’t mean all of it should be accessible.

With the new RBAC feature, the Compliance Viewer role grants users access only to the data they need to review, without exposing data that isn't relevant to their research. This narrows down the focus each user has in accordance to their needs and leaves the rest of the information hands-off. This added granularity contributes to governing the proper use of data and to the effectiveness in granting access to different levels of the organization without increasing risk.

  • Optimized Costs

By limiting the access users have to data, you can control how that data is used, limiting the amount of storage and network is consumed through usage.

Conclusion

In a modern context, where privacy laws and acts require companies to be diligent when it comes to using and protecting personal data, compliance and data privacy management are key objectives. NetApp Cloud Data Sense can help you meet them.

The newly added RBAC feature adapts even further to the dynamic access requirements that an organization might encounter across its different divisions or departments. This makes life easier for the compliance team since the different persona types can access the data they need without exposing other data that is irrelevant to their intention.

This more granular level of access increases access efficiency and allows security chiefs or IT admins to determine who sees what when multiple users need to access specific data.

No matter where you store your data—on-prem, in the cloud, or in a SQL or NoSQL database—you can get a better understanding of your data and gain a higher level of data governance over it with Cloud Data Sense.

Try out Cloud Data Sense today, free for up to 1 TB of data.

Senior Marketing and Strategy Manager