Charting Uncharted Waters: What Identity Governance Leaders Need to Know About Governing Access to Files

As an identity governance leader, you have been handed a tall task. And it’s not the same in every organization. You might be focused on replacing an aging or ineffective provisioning system. Or on the other hand, you might be trying to establish or improve identity governance processes to address regulatory compliance requirements or new security mandates. Regardless of where your current identity program stands today, it’s likely that you have concentrated your time and attention on the structured applications, platforms, and databases in your enterprise. Access to these systems must be secured, but you can’t stop there. At least not any longer.

It’s been just a few short weeks since the SailPoint team returned from our annual trek to Las Vegas and the Gartner Identity and Access Management Summit. I joined the crew again this year and spent several non-stop days talking to customers and partners about a wide range of topics and listening to the latest from Gartner analysts talk about the state of the identity market. After a busy week (and the mandatory recovery period from being in Vegas…), I reflected on two things. First, how much the event has grown over the past decade. I attended my first Gartner IAM Summit in 2007, and that year it had something like 350 attendees. This year, I think the reported attendance was over 1600. Nothing like hard numbers to demonstrate the importance of identity in today’s enterprise. Second, how many organizations are quickly discovering that the totality of what they have to protect is rapidly beginning to extend beyond traditional identity governance boundaries.

I’m finding more and more when I talk to customers that their identity teams are struggling with a hidden enemy in the enterprise – sensitive data stored in files – that often lies outside of their control. Over the past several years, organizations have delivered accelerated value to the business in the form of office productivity tools (think of the Microsoft suite of tools your business users leverage every day) and cloud solutions (in this case we’ll focus on Office365, OneDrive, and Box). While these initiatives deliver significant business value in terms of improved collaboration and reduced IT costs, they come with a downside that many organizations have yet to understand, or more importantly address… how to secure access to sensitive data stored in files.

Data stored in files is generally unstructured in nature. Simply put, this means any form of data that does not easily fit into a relational model or a set of database tables. Unstructured data exists in a variety of forms, including documents, spreadsheets, presentations, and reports, and is typically stored in individual files which reside on file storage systems such as file shares, SharePoint, or even cloud platforms. This makes it more difficult to secure than data stored in a structured application since it can take different formats and be stored in a variety of locations (for example, the same sensitive customer or financial data can show up in Word, Excel, PowerPoint or PDF files stored in different folders on a file share).

Over the next two installments in this series, we will explore the challenges of governing access to unstructured data stored in files and how SailPoint’s comprehensive approach to governing access to all applications and data, across on-premises and cloud-based systems will set your organization up for success in 2018 and beyond. But before I sign-off on this installment, let me leave you with a quote from the recent Gartner IAM summit, “By 2021, organizations with comprehensive identity governance and data access governance capabilities will suffer 60% fewer data breaches.”

Makes you think, doesn’t it?

Read the the next installment here.