Download This PaperStrategic Data Access Management
23 Pages Posted: 11 Dec 2022 Last revised: 18 Dec 2022
Date Written: December 4, 2022
Abstract
A recent survey showed that 33% of businesses grant their employees access to all company data, with at least another 35% granting accesses to more data than is needed. Such overly permissive data access strategy allows the firms to run more efficiently, but at the same time, such strategies present growing cybersecurity risks. With work-from-home becoming more popular, remote employees are being increasingly exploited by the malicious adversaries to gain access to their organizations' data. To address this issue, we investigate the optimal design of data access architectures -- who should have access to what data. Our economic model captures a firm managing a set of employees and a set of datasets. For each employee the firm chooses which datasets this employee should have access to. An employee may be attacked by a potentially sophisticated adversary whose goal is to steal all their data. Therefore, the firm trades off the efficiency benefit of the more permissive data access architecture with the adversarial risk it incurs. We characterize the firm's optimal data access architecture and investigate how it depends both on the adversarial environment and the firm's technology.
Keywords: cybersecurity strategy, data access management, bipartite graphs
JEL Classification: D21, D85, L23, M11, M12, M15, M21, M54
Suggested Citation: Suggested Citation
Ruslan Momot (Contact Author)
University of Michigan, Stephen M. Ross School of Business ( email )
701 Tappan Street
Ann Arbor, MI MI 48109
United States
HOME PAGE: http://www.ruslanmomot.info