The rapid expansion of the volume of data within organizations presents a multitude of challenges for information security teams. These trends have made data access governance (DAG) of importance in an age of digital transformation. Unstructured data isn’t new, but the locations where companies store data and the ways users share it have changed.
A successful data access governance program must:
- Discover the existence of sensitive data
- Gain insight into where the data resides
- Ensure the proper access rights and data stewardship is defined
- Monitor for anomalies and prevent improper access and sharing
- Have the security and compliance policies extended to include data
Challenges with Cloud Data Access Governances
The wide availability and popularity of cloud collaboration applications have made it easier for users to share information and improve productivity. The downside for organizations is the increased risk of unmanaged data being inappropriately shared.
There is also the problem of uncovering where sensitive data resides. Proving compliant data stewardship to meet privacy mandates means organizations need to store and maintain documentation over who has access, why they have it, and how they obtained it.
Before cloud migration took over IT strategies, on-prem data access governance included a file server or network storage location where access was controlled by access control lists (ACLs) maintained in an authentication directory, i.e. Microsoft Active Directory. Though these remain in place, digital transformation changed the way that users access data to incorporate new locations and sharing processes.
Organizations now have added cloud collaboration technologies such as Microsoft’s productivity tools like 365, SharePoint, and OneDrive, as well as Box, DropBox, Google Drive, and new platforms, are being added continuously. Each of these cloud applications adds more unstructured data that organizations need to prove governance over. Adding to this complexity are link-sharing features or information copied into emails that make it more challenging to assess risks to data.
Security and compliance teams need granular visibility into data ownership and access patterns to reduce risks of data leakage and better support compliance requirements. DAG tools help automate the risk analysis, access approvals and generate audit trails to better assess risks and compliance. This way the organization can create a risk-based process supported by analytics that performs user access and data risk analysis to support request approval and create an audit trail to meet compliance requirements.