Strategic Data Access Management

23 Pages Posted: 11 Dec 2022 Last revised: 18 Dec 2022

See all articles by G Charlson

G Charlson

University of Oxford - Department of Economics; University of Cambridge - Cambridge-INET Institute

Ruslan Momot

University of Michigan, Stephen M. Ross School of Business

Marat Salikhov

New Economic School; SKOLKOVO Moscow School of Management

Date Written: December 4, 2022

Abstract

A recent survey showed that 33% of businesses grant their employees access to all company data, with at least another 35% granting accesses to more data than is needed. Such overly permissive data access strategy allows the firms to run more efficiently, but at the same time, such strategies present growing cybersecurity risks. With work-from-home becoming more popular, remote employees are being increasingly exploited by the malicious adversaries to gain access to their organizations' data. To address this issue, we investigate the optimal design of data access architectures -- who should have access to what data. Our economic model captures a firm managing a set of employees and a set of datasets. For each employee the firm chooses which datasets this employee should have access to. An employee may be attacked by a potentially sophisticated adversary whose goal is to steal all their data. Therefore, the firm trades off the efficiency benefit of the more permissive data access architecture with the adversarial risk it incurs. We characterize the firm's optimal data access architecture and investigate how it depends both on the adversarial environment and the firm's technology.

Keywords: cybersecurity strategy, data access management, bipartite graphs

JEL Classification: D21, D85, L23, M11, M12, M15, M21, M54

Suggested Citation

Charlson, G and Momot, Ruslan and Salikhov, Marat, Strategic Data Access Management (December 4, 2022). Available at SSRN: https://ssrn.com/abstract=4293509 or http://dx.doi.org/10.2139/ssrn.4293509

G Charlson

University of Oxford - Department of Economics ( email )

10 Manor Rd
Oxford, OX1 3UQ
United Kingdom

University of Cambridge - Cambridge-INET Institute ( email )

Sidgwick Avenue
Cambridge, CB3 9DD
United Kingdom

Ruslan Momot (Contact Author)

University of Michigan, Stephen M. Ross School of Business ( email )

701 Tappan Street
Ann Arbor, MI MI 48109
United States

HOME PAGE: http://www.ruslanmomot.info

Marat Salikhov

New Economic School ( email )

100A Novaya Street
Moscow, Skolkovo 143026
Russia

HOME PAGE: http://www.nes.ru

SKOLKOVO Moscow School of Management ( email )

1st km of Skolkovo highway
Odintsovsky District
Moscow 115035
Russia

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
41
Abstract Views
186
PlumX Metrics