Today’s business world is driven by data, enabling employees, contractors, partners and vendors to communicate. But if this data is not protected, an organization’s reputation and finances can be damaged. Some of this data – like financials and personally identifiable information (PII) – is priceless and requires special handling to mitigate the risk of data breaches.
In the digital age, protecting sensitive organizational data can’t be achieved with physical security alone. Smart organizations leverage well-known processes and tools such as identity and data access governance solutions to help manage who has access to the sensitive information stored in structured applications like mainframes and databases come into play.
Unfortunately, structured systems are not the only place where sensitive data is stored. Unstructured data, or data stored in files outside of structured applications and databases, is a growing problem for organizations. In many cases, unstructured data started out as structured data in an application, but was then moved by an end user into a more convenient format. For example: an employee on the finance team is reviewing financial data pulled from an internal database and, to make it easier to share with his fellow team members, he exports it to Excel and uploads the file to a corporate Dropbox account. Using this example, it’s easy to see how quickly data can move from secure, controlled environments to unsecured locations.
So how can organizations protect sensitive data no matter where it resides? By taking an integrated approach to governing access – across all applications and file storage systems, organizations can keep structured or unstructured data safe. There are three steps to this integrated approach:
- Find sensitive data. In addition to the obvious applications and databases that store sensitive data, organizations must identify where unstructured data is stored both inside the data center and in the cloud. Because of the proliferation of unstructured data, the only realistic way to find and keep track of it is to leverage an automated solution to scan all systems and move sensitive data to secure storage environments.
- Design preventive controls for real-time governance. Once sensitive data has been located and stored appropriately, organizations must put preventive controls in place to ensure the right people have access to it. Identity governance tools can help by collecting and analyzing permissions to answer the question: “Who has access to what.” Identity governance can ensure that user access conforms to policy and job roles as access changes throughout a user’s lifecycle.
- Implement detective controls. It’s not enough to define access controls and forget about them. Organizations also need detective controls to review and monitor ongoing user access and activity for anomalies. Steps like periodic access reviews and user activity monitoring can flag potentially dangerous situations and help prevent a data breach.
While protecting sensitive data can feel overwhelming, identity governance can give organizations the solutions they need to address sensitive data in the enterprise, while making sure to balance security with convenience.
For more information about when identity meets data, visit the link below: