SPHEREboard 3.4 - Introducing Workers
The way to get started is to quit talking and begin doing. - Walt Disney
The evolution of SPHEREboard has followed an interesting path. From the initial concept to the launch several years ago, the product has changed dramatically. Features we thought were the most important aspects turned out to be not as important for our customers. Features we thought were just cool turned out to be the most powerful we developed. That’s how things typically go with software development.
We had this simple idea: what if SPHEREboard did more? What if besides all the deep analytics, correlation, and analysis it actually fixed issues? A simple idea, but with it comes a paradigm shift and the genesis of a whole new concept of what our product is and what it can be. Over the course of the next few months this paradigm shift will come to full fruition and my future blog posts will explain why and, more importantly, how we’re going in this direction. But I’m getting ahead of myself. Let’s start with what we’re introducing today.
Today I’m proud to introduce the concept of Workers. When SPHERE was a services company we always said we didn’t just report on risk, we remediated that risk too. That’s what separated us from the typical audit / security company. What if SPHEREboard could that too? Well today it can. In SPHEREboard 3.2, we introduced the ability to initiate action on assets, such as email the owner, open a ticket and start an ARM workflow. Today with SPHEREboard 3.4 we’ve extended that functionality with Workers by being able to fix the security issues and remediate unstructured data.
SPHEREboard 3.4 includes a Remediation Mode switch that will change our details page to show data most relevant to fixing issues.
Turning on Remediation mode reveals info on cleanup actions and activity, such as, the ability to initiate a certification email to the owner, the number of emails that have gone out to those owners, as well as, the Remediation Wrench – our mechanism for initiating Workers. The wrench means the data owner has told us who should or should not have access, so the asset is ready for the worker to take action!
Click the wrench to get the Worker… well, working:
Here we see the responses from the owner for who should have modify, read-only or no permissions. We can then execute the worker to do the typical remediation activities:
- Create RO Group (if it doesn’t exist)
- Create the RW Group (if it doesn’t exist)
- Remove the Open Group
- Remove Direct users
- Remove Non-Standard Users
- Permission Groups
Once the Workers have been mobilized to complete these actions, they report back to SPHEREboard that the target share has been remediated successfully. More importantly, the target unstructured data collection has been cleaned up, standardized and as a result, overall risk to the organization has decreased. Action, not just reporting.
It’s an exciting time here at SPHERE as our product has now become our centralized focus. With that responsibility, it’s becoming more powerful, feature-rich and intelligent. I’m excited to be part of this process and look forward to sharing the coming new enhancements.
Director of Product