I recently had the opportunity to visit one of our customers who expressed great concern about an upcoming project that involved migrating current file stores to cloud repositories as part of their Microsoft Office365 initiative. As this IT Director peeled back the covers of the project, he realized how little visibility he had when it came to what was stored in the petabytes of files that had accumulated over the years. Were all these documents still relevant? Do they contain sensitive information? Who should have access to these files and folders?
As he continued, he likened this to a simple analogy. “Let’s say I, as the IT department, own a parking lot. All the users in this organization choose to park their cars in my parking lot. Over time, I may want or need to clean and maintain my parking lot to ensure it is kept in proper condition. However, if I happen to move, dispose or rummage through their cars, they certainly would not be happy and I still would not know if the car should stay or go.” This is also the situation with the data found on his network; the IT department does not have the context nor the knowledge of what files should be classified as sensitive, who should have access to what, and if any of the files are stale.
Unfortunately, this is not uncommon. When you couple that challenge with the fact that most files and folders are often over-permissioned due to users being granted access by way of being part of an Active Group or simply calling the helpdesk and asking, it can become a messy situation.
In fact, the amount of data that is produced by business productivity users is expected to grow by 800% over the next 5 years and many of the documents that are created include sensitive information acquired from various sources including customer records, financial reports, M&A plans, intellectual property details, and strategic initiatives to name a few; all of which point to the next wave of data breach targets. In addition, studies show 77% of privilege abuse breaches that occur are due to inside actors. What are organizations to do?
The good news is that incorporating a data access governance program will enable organizations to bring order to their growing unstructured data situation and reduce the IT burden our customer was experiencing.
SailPoint IdentityIQ File Access Manager allows organizations to address their unstructured data in three simple ways:
- Using data classification and user activity behavior, quickly scan on-premises and cloud based file stores to find files containing sensitive information such as PCI, PII, PHI related data.
- Clean up Active Directory permission path headaches by leveraging visual maps of the various ways users have been granted access and may be accessing sensitive files and folders and streamlining their access to one main permission path.
- Manage files stored across your hybrid environment by ensuring connectivity and access to Microsoft Windows Servers, Hitachi, EMC, and NetApp devices as well as Microsoft Exchange, SharePoint, OneDrive, Google Drive, DropBox, and Box.
- Stop malicious behavior in its tracks using real-time monitoring of user activity. Policy violation alerts can then be sent to data owners, IT, as well as SIEM security analysts to ensure rapid remediation takes place.
- Mature and extend your identity governance efforts to now include all your unstructured data via integrations between IdentityIQ File Access Manager and IdentityIQ.
- Get clear insight with a click of a button using over 100 ready-made reports that show details regarding data access activity, policy changes, permissions and more; appreciated by IT departments for the system health information and embraced by Compliance teams who need an easy and automated way to prove compliance.
- Take the data ownership off IT and on to the business owners that matter by quickly identifying your relevant data owners using a proven crowd-sourcing approach.
- Make it easy for business data owners to understand how secure the information they oversee is, using intuitive and actionable dashboards to manage access to resources using data security KPIs and real-time risk scoring.
- Reduce helpdesk requests by empowering and enabling business data owners to determine and respond to user access requests; from their laptop or tablet, keeping productivity flowing.
Our customer is now well prepared and underway addressing their unstructured data situation, and is quickly engaging the business owners as part of their overall data security initiatives so their Microsoft Office 365 initiative can move forward in an efficient and secure manner.