Who Has Access To Your Files? - Get Control
TORSION delivers Secure Data Access Control, invisibly integrated with your business and IT. It helps businesses get control of ‘who has access to what’, among collections of files, folders and sites. By improving data security and simplifying compliance, TORSION is a practical, innovative solution for modern Data Access Governance, across Microsoft 365, SharePoint and Windows File Shares. Insentra are the exclusive representative for Torsion in Australia and New Zealand and partner with Torsion in North America and EMEA.
‘Who Needs Access to What’ is a Moving Target
You have millions of files, multiple systems, and many staff. The business never stands still. What someone needs access to today, may be different to what they need tomorrow. Users are granting access everywhere. External sharing. File-level permissions. Ad-hoc collaboration. Manual processes and IT tools struggle to keep up. Access to information quickly gets out of control.
How Does Torsion Work?
Torsion is a Practical Solution for Modern Data Access Governance
Improve data security
Cloud-first, and supports on-premises
Focused on users – not an IT tool
Minimal dependence on IT admins
Enabled by machine learning
See Who Has Access to Anything and Why
For any file, folder, library or site, see exactly who has access to it. Torsion captures reasons as you go, so wherever anyone has access to anything, you can also see the business reason why they have it.
Identify Vulnerable Data
Using Machine Learning, Torsion constantly analyses the sharing and security of all your information. As it finds problems or concerns, they’re raised with the data owners, along with the tools to resolve them.
Periodic Security Reviews and Certifications
Good data governance includes security reviews for sensitive info. Some tools force data owners to spend hours with
tedious lists of names and details. Data owners can quickly review, address problems, certify and move on.
Access Based On Why Not Who
Instead of lists of people’s names, Torsion lets you control access based on why people need access.
Intelligent Vulnerability Detection
Finding access to info that someone shouldn’t have, can be like looking for a needle in a haystack. Torsion’s Machine Learning constantly examines every access configuration, to pinpoint inappropriate access.
Classification-Driven Data Security Policies
Torsion lets you define Security Classifications, for data owners to apply to their sites, libraries and folders. Security Classifications can drive who gets access.
For Business Users
Torsion is Focused on Users, so they can Securely Work With Data
Torsion is focused on users and data. It is designed for business users, not just techies. It engages business users in security for their own information.
It's Essentially Invisible
We take your users’ time very seriously. Most of what Torsion does is in the background. It only pops up if something doesn’t look right, or it detects a vulnerability.
Torsion isn’t a separate tool, sitting outside your existing information systems. Torsion seamlessly integrates in the user experience of your Microsoft 365, SharePoint and Windows file shares.
Cloud Based Affordability
Born in the Cloud and Support On-Premises
Torsion was born in the cloud, and also supports on-premises. So, all your expectations for how easy cloud-based software should be to deploy, or how cheap it should be: Torsion meets them all.
Identity and Governance Tools are Expensive. Torsion Isn't.
At Torsion, we started from scratch. With a cloud-first attitude, we built just what modern businesses need to securely control access to their data. Without it costing the earth.
Easy to Deploy
The technical part of most Torsion deployments literally takes just a couple of hours. Including planning and internal comms, the whole project can be done in as little as a few weeks.
Get to Know Torsion
Arrange a Demo
Get in touch today for a demonstration, or learn more about how Torsion and Insentra can benefit your business.
How do you rollout the solution to an existing environment that has security all over the place and gaps in classifications, role definitions etc?
Torsion is very effective in being connected to a brownfield site, with a pre-existing legacy of files, permissions, groups and users which may or may not be in a bit of a mess! It will build its index against the current state of play and begin creating value straight away (who has access to what, reporting, issue detection, information estate, etc). Then you can further consider your requirements and governance model (classifications, owners, rules, etc).
The more you configure Torsion, the more value it will add as you go – but it doesn’t all need to be planned and configured up front.
How does the solution deal with removing someone’s access to a folder/ file? Does it remove them from the AD Group which is providing them with that access? If so, what if that Group provides them with access to other legitimate locations?
When access is being provided by a SharePoint group, the AD group which is 1-1 tied to a Microsoft Team/ Microsoft 365 Group, or an AD group which Torsion created and manages, then Torsion will remove them from the group automatically. When access is being provided by an AD group that Torsion doesn’t manage (i.e. one created and administered outside of Torsion), then Torsion will create a task for the administrator to update the AD group membership manually. This is to allow the administrator to consider the broader implications of an AD group change, where that scenario is applicable.
How does the solution work with network file shares? I assume a client is installed on the workstation.
Connecting Torsion to File Shares is near-term roadmap however, there will be two architectural options on the server, and a single approach for the client.
On the server, you will be able to use Torsion in the cloud (SaaS solution), with an on-premises agent on a server to allow the Torsion cloud to connect to the on-premises servers (File Shares, on-prem SharePoint). Alternatively, Torsion can be installed on your own servers and not touch Torsion in the cloud at all.
On the client, there will be an MSI which contains the desktop application (invoked through Windows File Explorer), and the MSI would be pushed out via group policy or similar.
Where do you see this product sitting against other file governance solutions?
Other solutions tend to be from broad Information Access Management vendors, all of whom are “IT-centric tools”. Typically, they are legacy on-premises solutions, which have attempted to retro-fit support for the cloud but are not highly agile ‘born in the cloud’ SaaS solutions.
Torsion is focused on Data Access Governance challenges, particularly around highly dynamic collaboration spaces and File Shares and moves the control to the file owner and away from IT – much in the same way access to modules in ERP systems is governed by the owner of those modules and not IT.
How has your solution dealt with Microsoft updates, has this interrupted the Torsion service in the past?
Updates from Microsoft happen frequently, particularly with Microsoft 365 – they add and change functionality all the time.
Torsion has built an internal monitoring system, which detects these changes in real-time, and determines whether the change has the potential to break Torsion functionality. It is connected to a range of Office 365 tenants and when a potential breaking change is detected, Torsion has the internal business processes to raise the alarm, assess the change, develop a fix, test it, and deploy it to all customers very quickly.
What industry awards has Torsion achieved acknowledging the improved security compliance and governance?
- Best Emerging Cyber Security Solutions Provider (UK) - Cyber Security Awards (2019)
- UK's Most Innovative Cyber Security Company (Shortlisted) (2016)
- 'Rising Star in Cyber Security' - Tech City News (2016)
- Cohort Graduate - CyLon (Cyber London) (2016)
What do auditors think about the way data owners are appointed (system asking a user if they accept the appointment, versus a manager approving/appointing them)?
While the system is designed to be self-sufficient in this area, automatically detecting and maintaining ownership – there is also always the option for centralised oversight and control. The Torsion Admin Console provides visibility and reporting across who owns what, changes to ownership, etc. Previous auditors have been satisfied that this approach is satisfactory when the controls are in place to ensure the tools oversight capabilities are being used properly.
What is their assessment of the timeliness test for reviewing appropriate access? While the system “nudges” them to look at potential issues, does it have mechanisms to ensure they have reviewed access on a defined periodic basis? AND What was their assessment around the completeness of reviews? I imagine some people in the business will use the tool consistently whereas others will ignore all “nudges”, prompts and notifications.
The frequency and due dates of Torsion’s Security Certifications are entirely configurable by IT/ InfoSec teams, using the Torsion Admin Console. Auditors attention goes to the appropriate configuration of those frequencies, but there has never been a concern over Torsion’s ability to support this. Notifications around Security Certifications get dynamically more assertive, the closer an outstanding certification gets to its due date.
Similarly, notifications around Security Issues get dynamically more assertive, the more severe/ urgent/ impactful the issue is. Escalation of incomplete certifications and outstanding issues as well as reporting on which users are engaging with their responsibilities or not, etc. will be released shortly.
What was their assessment on the “decay” of access rather than immediately revoking access?
This is configurable – whether access is immediately revoked, decayed gradually, and the speed of decay, can all be configured according to the governance policy the organisation is comfortable implementing. Auditors attention goes to the appropriate configuration of those capabilities.