In the first installment of “Charting Uncharted Waters” we discussed the impact unstructured data is having on identity governance program teams as sensitive data quickly escapes from applications and platforms and comes to reside in a wide-range of file storage systems. In this installment, I will dive “under the water” to help chart some of the key challenges to consider as you plot your strategy to calm the seas of governing access to unstructured data stored in files.
Let’s start by outlining the primary reasons that governance of unstructured data access requires a different approach to governing access to traditional applications and platforms:
- Lack of visibility: the old adage “what you don’t know can’t hurt you” doesn’t apply when it comes to cybersecurity and regulatory compliance mandates. In fact, as many organizations turn their attention to GDPR, which comes online in May 2018, the ability to discover and mitigate risks before they turn into breaches becomes even more relevant in face of the significant financial penalties that can be in play. Gaining visibility to where sensitive data hides in file shares, collaboration platforms, and even cloud storage systems is a daunting challenge. It requires systems and processes that can quickly identify files which contain sensitive data (e.g., personally identifiable information or credit card data) and cross reference who (and how) has access to the data. Importantly, this isn’t a one and done activity. Everyday end users are creating and storing new files, which requires ongoing oversight.
- Confusion over ownership: we have all experienced the challenge with unclear lines of responsibility. Everyone in the organization can be aware that a problem exists, but sometimes it can be difficult to get someone to raise their hand to fix it. Governing access to unstructured data tends to be one of these types of problems. Everyone agrees that it’s a risk and should be managed, but few organizations have made the final decision on who owns it. At SailPoint, we see different parts of the IT organization being tasked with activities related to securing unstructured data. Sometimes it’s the storage team, sometimes it’s the data governance team, and sometimes it’s the IAM team. In reality, all of these groups can positively impact the security of sensitive data, but the IAM team should be directly involved in governance access as part of a comprehensive approach. It is in the best position to consistently enforce enterprise access policies, and deliver a seamless set of identity governance services to the business.
- Quantity of data: the growth of unstructured data in the enterprise has reached epic proportions. I consistently see estimates that an overwhelming share of the data used in an enterprise today is unstructured data. The generally accepted estimate is 80%, but I’ve seen estimates as high as 90%. What that really means is that identity governance teams can’t hope to address the problem unless they take a different approach from how they govern access to applications, accounts and entitlements. The granularity of access rights, when combined with the sheer volume of data which must be governed, requires organizations to prioritize governance activities on the most sensitive files and file storage locations. It also requires organizations to engage and empower business ownership of identity governance decision making by identifying the best person to make an access-related decision on who should have access during approval or access certification processes.
Protecting sensitive data stored in files is quickly becoming one of the top priorities for organizations of any size. One of the most effective ways to ensure unstructured data in all of its various forms (e.g., spreadsheets and documents) and all of its dispersed locations (e.g., files shares and cloud storage systems) is only viewed by authorized users is to govern access to it. And that means identity teams must step up and begin to chart a course which includes governing access to file storage systems – whether those systems are on-premises in the data center or in the cloud. By helping your organization to take a comprehensive approach to governing access to applications, platforms, and file storage systems, you will reduce the risk of breach, while helping to accelerate collaboration in the business.
In the next installment of Charting Uncharted Waters, we will come back above the surface and explore some of the innovative approaches being delivered by SailPoint in the area of governing access to files and the unstructured data they contain.
For even more insight into the barriers organizations face in addressing their unstructured data, you can read our recent white paper, “Securing Access to Files with Identity Governance.”