Data Access Governance (DAG) is a system that governs who has access to data within an organization. DAG is a subcategory of the broad field of “data governance,” which is the process of managing the availability, usability, integrity, and security of the data.
Data Access Governance is about controlling how your data is accessed and shared. DAG solutions help improve data security by monitoring enterprise data in real-time to detect improper access and will take automated actions like quarantining files, blocking further access, and alerting security teams.
Data Access Governance helps you enforce data access rules and policies via data discovery, data classification/cleanup, and access analytics. This includes understanding the permissions associated with the data access, with the goal of allowing access based on a least privileged model. The result is effective governance that promotes security, compliance, and operational efficiencies.
Using Data Access Governance best practices organizations create DAG programs that leverage a growing ecosystem of DAG solutions. Practically speaking, data access governance best practices involve a five-step process:
The rapid expansion of the volume of data within organizations presents a multitude of challenges for information security teams. These trends have made data access governance (DAG) of importance in an age of digital transformation. Unstructured data isn’t new, but the locations where companies store data and the ways users share it have changed.
A successful data access governance program must:
The wide availability and popularity of cloud collaboration applications have made it easier for users to share information and improve productivity. The downside for organizations is the increased risk of unmanaged data being inappropriately shared.
There is also the problem of uncovering where sensitive data resides. Proving compliant data stewardship to meet privacy mandates means organizations need to store and maintain documentation over who has access, why they have it, and how they obtained it.
Before cloud migration took over IT strategies, on-prem data access governance included a file server or network storage location where access was controlled by access control lists (ACLs) maintained in an authentication directory, i.e. Microsoft Active Directory. Though these remain in place, digital transformation changed the way that users access data to incorporate new locations and sharing processes.
Organizations now have added cloud collaboration technologies such as Microsoft’s productivity tools like 365, SharePoint, and OneDrive, as well as Box, DropBox, Google Drive, and new platforms, are being added continuously. Each of these cloud applications adds more unstructured data that organizations need to prove governance over. Adding to this complexity are link-sharing features or information copied into emails that make it more challenging to assess risks to data.
Security and compliance teams need granular visibility into data ownership and access patterns to reduce risks of data leakage and better support compliance requirements. DAG tools help automate the risk analysis, access approvals and generate audit trails to better assess risks and compliance. This way the organization can create a risk-based process supported by analytics that performs user access and data risk analysis to support request approval and create an audit trail to meet compliance requirements.
Organizations recognize that a data breach will have a negative impact on customer confidence, and many of them realize that breaches are inevitable in today’s advanced threat landscape. In this ecosystem, companies must be able to prove how customer information is accessed and managed. The problem? Many organizations are subject to a myriad of overlapping guidelines with conflicting guidance – or worse, poorly defined language like put forth your “best effort”.
In order to maintain your company’s reputation, you must be able to prove you are a good data steward. Managing your data means having visibility into where data lives and knowing that people have only the appropriate level of access. Internally, this means knowing where sensitive information is stored, having visibility into who accesses it, ensuring it’s not improperly accessed internally, and making sure that those people aren’t sending it outside of the organization.
Organizations are embracing digital transformation to improve customer engagement. When you transfer your on-prem operations to the cloud, one of the ways to reduce the likelihood of a breach is to have a DAG program in place that makes sure you have access to all cloud application’s information as well as the associated data.
Control how your data is accessed and shared. Discover where data lives and all the ways it can be accessed.
Set up access to achieve Least Privilege principles and stay compliant.
Detect misconfigurations that can be exploited to access sensitive data.
Bring your data repositories like Microsoft Office 365, Box, and Google Drive together under one lens.
DAG solutions can provide visibility into your file-sharing systems — whether cloud or on-prem — including how many files and folders exist and how they are being shared, whether internally or externally.
DAG solutions help set monitoring policies to detect risky access patterns and can be implemented to take preventative actions like quarantining a file, blocking access, and alerting security teams.
DAG solutions can discover data patterns that may indicate the presence of sensitive data, such as personally identifiable information (PII). Then, enable your team to easily drill down into entitlements, remove unnecessary access, and enforce regulatory requirements — such as GDPR, PCI, and principles of least privilege.