Govern Access to Data Stored in Files

Every organization depends on information, whether it’s financial data, intellectual property or sales forecasts. Data is everywhere, and it’s essential to the success of any organization to enable collaboration across the business. Not all data is created equal, nor is it managed in the same ways. However one thing is clear – all access to data must be managed and protected.

Managing access to data stored in files is a growing problem. In the past, sensitive data was relatively protected within structured systems and applications. As businesses have become more collaborative users have exported large volumes of data to create new content in the form of PDFs, spreadsheets, documents, and presentations. This user-generated content is then stored in often unprotected file shares, collaboration portals such as SharePoint, cloud storage systems including OneDrive and Box, email systems and other repositories. The amount of data stored in files has increased exponentially over the past few years and is projected to grow 800% in the next five years.

When Identity
Meets Data

data breach target

Three Reasons Why
You May Be the Next
Data Breach Target


Unstructured Data and Data Access Governance

“Unstructured data” is a term for any form of user-generated data outside of protected applications or databases that can include documents, reports, PDFs, presentations and spreadsheets, and is typically stored in individual files.

A “data access governance” (DAG) solution limits visibility and control over unstructured data only. However, whether data is stored in applications or in files, risks should be managed with a holistic identity governance program. To address today’s data issues, SailPoint has evolved beyond data access governance with a comprehensive identity governance approach, where the right users are given the right access to the right applications and files at the right time.

Mitigating Data Breaches with Identity Governance for Files


The Challenges of Governing Access to Unstructured Data


Protecting Sensitive Data

Sensitive data stored in files exposes organizations to significant security and compliance risk. For example, organizations are very focused on controlling access to sensitive data within their payroll application (structured data), but with a simple “export” button, that information can be migrated into a spreadsheet, which can then be stored in a variety of ungoverned locations such SharePoint or Box. Very quickly, that highly sensitive data finds its way into many unstructured files with virtually no oversight. Without the proper visibility and controls, it is difficult to know where these files reside, what sensitive information they may contain, who has access to them, and what they are doing with the data.

Adding to these security concerns, many enterprises are challenged to maintain compliance with the growing number of data privacy laws as these files proliferate across the organization. The European Union’s General Data Protection Regulation (GDPR) has stringent rules for the protection, management and control of any EU citizenry personally identifiable information (PII). This means organizations need a clear view of what PII or other sensitive information they possess and who has access.

Step-by-Step Guide: GDPR Compliance with Identity Governance

Securing Unstructured Data icon

Securing Unstructured Data Through Identity Governance


Extend Identity Governance to Data Stored in Files

Data is both ubiquitous and critical to business success, but it also presents significant risk when not properly managed. Gartner estimates at least 80% of enterprise data today is unstructured. And SailPoint’s 2017 Market Pulse Survey found as many as 71% of enterprises are struggling with how to manage and protect data stored in files.


of enterprise data is unstructured

7 in 10

users have access to data they shouldn’t

Data stored in files often contains a trove of intellectual property and sensitive information, from source code and sensitive employee or customer information, to strategic merger and acquisition plans and data on research and development. Enterprises need to identify where sensitive data resides, understand who owns the data and determine who should have access to that data. To help gain control over this growing blind spot, organizations need to establish a comprehensive identity governance program that extends across all users, all applications, and all data stored in files.

Securing Access to Files with Identity Governance


Getting Compliant with Identity Governance for Files


DAG Alone is Not Enough

Many organizations have taken a siloed approach to governing access to data utilizing a separate data access governance (DAG) solution. While this approach may provide some entry level governance capabilities, it still leaves enterprises at risk due to the lack of consistent governance controls and visibility across all data found in file folders, applications and databases.

Organizations that run disjointed application-focused and data access governance solutions expose themselves to security risk stemming from duplicated and inconsistent policies, access requests and certifications. This siloed strategy also lacks insightful context to effectively determine whether a user should have access to data, and limits the ability for business users to effectively manage access to the data they know best.

Improve Your Data Security Posture

SailPoint advances governing access to data with comprehensive identity governance. We enable organizations to extend identity governance across a complex and hybrid ecosystem to manage access across all users, applications and data, on-premises and in the cloud, on a single platform.

By extending your current enterprise identity governance efforts to include sensitive data found in files and folders, you can quickly discover where sensitive data resides and apply consistent access controls that align with your organization’s access policies.

Improve enterprise security and ensure compliance with a centralized, consistent set of controls to revoke and grant access to high-risk data, regardless if it resides within applications or files. You can also drive efficiency by taking the burden off the IT team, and empowering users to manage and control the data they know best.

With a unified approach to securing user access to all applications and data, your business is positioned to make sure the right people have the right access to the right information.

How does our open cloud identity governance platform help your business?

We make it possible for you to see and control access to all apps and data for all users, including non-human ones like bots.

Contact SailPoint

See How SailPoint Can Help

We’d like to talk about your business challenges and show how our identity platform can address them.