Data Access Governance
I remember once a customer asked me to audit a large file system with lots of folders and files. He wanted to know who had access to each file, when files were created and when they were changed for the last time, as well as, he wanted to know the categorization of each file, what kind of files (text, image, video, etc) were in NAS systems and how much space these files were using in the file system. We installed Data Access Governance (DAG) tools for that project and it was really successful. Today, DAG tools are increasingly deployed and it seems they will be quite useful for most companies in the near future.
Data Access Governance solutions help companies understand and secure their Structured and Unstructured Data. On the one hand, structured data is stored in databases and business applications and user access is usually provisioned to these systems by an Indentity and Access Management (IAM) platform. On the other hand, unstructured data are documents, spreadsheets, presentations and other files created by end users. These files are tipically contained in shared folders, network filers and cloud repositories such as DropBox and Amazon S3. As a result, Data Access Governance solutions help you to implement controls of your data.
There are lots of use cases where Data Access Governance solutions are useful for organizations. One use case is to identify open access locations where permissions are granted to “Everyone” or “Authenticated Users” and close them down to put them under control. Another use case is to control privileged access to business applications and file systems as well as gaining visibility into what these users are doing with those permissions. One of the use case I really like is gaining visibility into Active Directory groups to know how these groups are used to grant the properly access to data. However, there are many other use cases.
How this kind of solutions are deployed? Data Access Governance projects are mainly five steps. The first step is to discover where data lives to obtain a complete view of the data footprint. We have to know if data are stored in shared folders, network filers, such as NetApp or EMC, SharePoint or cloud repositories. The second step is to collect and analyze relevant data points to answer critical questions like sensitivity, access, ownership, age, etc, as well as, obtain categorization and statistics of data used.. The third step is to monitor activity to understand user interactions with data. The fourth step is to restructure access to achive least privilege principles and position for effective governance. We are going to improve security policies and modify permissions in this fourth step. Finally, the fifth and last step is to govern access ongoing to ensure security, compliance, and operational standards are met.
If you are interested in Data Access Governance, you may also be interested in Active Directory Security solutions to protect critical objects from unauthorized change or access, Data Privacy solutions to mitigate, prevent, detect and respond to advanced threats to credentials and sensitive data in real-time, and Privileged Access Management solutions to remove the user’s access completely and clean the system to match desired state.
Have a nice day!! Do you govern your data?