Every organization depends on information, whether it’s financial data, intellectual property or sales forecasts. Data is everywhere, and it’s essential to the success of any organization to enable collaboration across the business. Not all data is created equal, nor is it managed in the same ways. However one thing is clear – all access to data must be managed and protected.
Managing access to data stored in files is a growing problem. In the past, sensitive data was relatively protected within structured systems and applications. As businesses have become more collaborative users have exported large volumes of data to create new content in the form of PDFs, spreadsheets, documents, and presentations. This user-generated content is then stored in often unprotected file shares, collaboration portals such as SharePoint, cloud storage systems including OneDrive and Box, email systems and other repositories. The amount of data stored in files has increased exponentially over the past few years and is projected to grow 800% in the next five years.
“Unstructured data” is a term for any form of user-generated data outside of protected applications or databases that can include documents, reports, PDFs, presentations and spreadsheets, and is typically stored in individual files.
A “data access governance” (DAG) solution limits visibility and control over unstructured data only. However, whether data is stored in applications or in files, risks should be managed with a holistic identity governance program. To address today’s data issues, SailPoint has evolved beyond data access governance with a comprehensive identity governance approach, where the right users are given the right access to the right applications and files at the right time.
Sensitive data stored in files exposes organizations to significant security and compliance risk. For example, organizations are very focused on controlling access to sensitive data within their payroll application (structured data), but with a simple “export” button, that information can be migrated into a spreadsheet, which can then be stored in a variety of ungoverned locations such SharePoint or Box. Very quickly, that highly sensitive data finds its way into many unstructured files with virtually no oversight. Without the proper visibility and controls, it is difficult to know where these files reside, what sensitive information they may contain, who has access to them, and what they are doing with the data.
Adding to these security concerns, many enterprises are challenged to maintain compliance with the growing number of data privacy laws as these files proliferate across the organization. The European Union’s General Data Protection Regulation (GDPR) has stringent rules for the protection, management and control of any EU citizenry personally identifiable information (PII). This means organizations need a clear view of what PII or other sensitive information they possess and who has access.
Data is both ubiquitous and critical to business success, but it also presents significant risk when not properly managed. Gartner estimates at least 80% of enterprise data today is unstructured. And SailPoint’s 2017 Market Pulse Survey found as many as 71% of enterprises are struggling with how to manage and protect data stored in files.
Data stored in files often contains a trove of intellectual property and sensitive information, from source code and sensitive employee or customer information, to strategic merger and acquisition plans and data on research and development. Enterprises need to identify where sensitive data resides, understand who owns the data and determine who should have access to that data. To help gain control over this growing blind spot, organizations need to establish a comprehensive identity governance program that extends across all users, all applications, and all data stored in files.
Many organizations have taken a siloed approach to governing access to data utilizing a separate data access governance (DAG) solution. While this approach may provide some entry level governance capabilities, it still leaves enterprises at risk due to the lack of consistent governance controls and visibility across all data found in file folders, applications and databases.
Organizations that run disjointed application-focused and data access governance solutions expose themselves to security risk stemming from duplicated and inconsistent policies, access requests and certifications. This siloed strategy also lacks insightful context to effectively determine whether a user should have access to data, and limits the ability for business users to effectively manage access to the data they know best.
SailPoint advances governing access to data with comprehensive identity governance. We enable organizations to extend identity governance across a complex and hybrid ecosystem to manage access across all users, applications and data, on-premises and in the cloud, on a single platform.
SecurityIQ extends your current enterprise identity governance efforts to include sensitive data found in files and folders. Quickly discover where sensitive data resides and apply consistent access controls that align with your organization’s access policies.
SecurityIQ improves enterprise security and ensures compliance with a centralized, consistent set of controls to revoke and grant access to high-risk data, regardless if it resides within applications or files, throughout a user’s lifecycle. It also provides rich identity context that includes user roles, entitlement and more to intelligently govern access. With SecurityIQ, organizations can also support better efficiency by empowering business users to manage and control access to the data they own.
Identity Governance for Files
We’d like to talk about your business challenges and show how our identity platform can address them.