Managing access to data stored in files is a growing problem. In the past, sensitive data was relatively protected within structured systems and applications. But as businesses have become more collaborative, users are creating large volumes of PDFs, spreadsheets, documents and presentations — and often storing them in unprotected file shares, collaboration portals like SharePoint, email systems, cloud storage systems like OneDrive and Box, and other repositories. The amount of data stored in files has increased exponentially over the past few years and is projected to grow 800% in the next five years.
What are unstructured data and data access governance solutions?
Unstructured data is a term for user-generated data that resides outside of protected applications or databases. It can include documents, reports, PDFs, presentations and spreadsheets, and is typically stored in individual files.
A data access governance (DAG) solution provides visibility and control over unstructured data only. However, whether data is stored in applications or in files, risks should be managed with a holistic identity governance program. To address today’s data issues, SailPoint has evolved beyond data access governance with a comprehensive identity governance approach, where the right users are given the right access to the right applications and files at the right time.
Protecting Sensitive Data
Sensitive data stored in files exposes organizations to significant security and compliance risk. For example, organizations are very focused on controlling access to sensitive data within their payroll application (structured data), but with a simple “export” button, that information can be migrated into a spreadsheet, which can then be stored in a variety of ungoverned locations such SharePoint or Box. Very quickly, that highly sensitive data finds its way into many unstructured files with virtually no oversight. Without the proper visibility and controls, it is difficult to know where these files reside, what sensitive information they may contain, who has access to them, and what they are doing with the data.
Adding to these security concerns, many enterprises are challenged to maintain compliance with the growing number of data privacy laws as these files proliferate across the organization. The European Union’s General Data Protection Regulation (GDPR) has stringent rules for the protection, management and control of any EU citizenry personally identifiable information (PII). This means organizations need a clear view of what PII or other sensitive information they possess and who has access.
Extend Identity Governance to Data Stored in Files
Data is both ubiquitous and critical to business success, but it also presents significant risk when not properly managed. Gartner estimates at least 80% of enterprise data today is unstructured. And SailPoint’s 2017 Market Pulse Survey found as many as 71% of enterprises are struggling with how to manage and protect data stored in files.
of enterprise data is unstructured
7 in 10
users have access to data they shouldn’t
Data stored in files often contains a trove of intellectual property and sensitive information, from source code and sensitive employee or customer information, to strategic merger and acquisition plans and data on research and development. Enterprises need to identify where sensitive data resides, understand who owns the data and determine who should have access to that data. To help gain control over this growing blind spot, organizations need to establish a comprehensive identity governance program that extends across all users, all applications, and all data stored in files.
DAG Alone is Not Enough
Many organizations have taken a siloed approach to governing access to data utilizing a separate data access governance (DAG) solution. While this approach may provide some entry level governance capabilities, it still leaves enterprises at risk due to the lack of consistent governance controls and visibility across all data found in file folders, applications and databases.
Organizations that run disjointed application-focused and data access governance solutions expose themselves to security risk stemming from duplicated and inconsistent policies, access requests and certifications. This siloed strategy also lacks insightful context to effectively determine whether a user should have access to data, and limits the ability for business users to effectively manage access to the data they know best.
Improve Your Data Security Posture
SailPoint advances governing access to data with comprehensive identity governance. We enable organizations to extend identity governance across a complex and hybrid ecosystem to manage access across all users, applications and data, on-premises and in the cloud, on a single platform.
By extending your current enterprise identity governance efforts to include sensitive data found in files and folders, you can quickly discover where sensitive data resides and apply consistent access controls that align with your organization’s access policies.
Improve enterprise security and ensure compliance with a centralized, consistent set of controls to revoke and grant access to high-risk data, regardless if it resides within applications or files. You can also drive efficiency by taking the burden off the IT team, and empowering users to manage and control the data they know best.
With a unified approach to securing user access to all applications and data, your business is positioned to make sure the right people have the right access to the right information.
Discover how to easily govern your data.
Learn how SailPoint can help.