Data Access Governance (frequently referred to as DAG) is a market segment that focuses on identifying and addressing the malicious and non-malicious threats that can come from unauthorized access to sensitive and valuable unstructured data.
Organizations look to Data Access Governance to:
Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.
Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.
We recommend that you start with a business risk mindset, rather than a technology mindset, and do so in a phased approach. In other words, prioritizing first on identifying and protecting network folders storing your most sensitive or high-value data. In consultation with line-of-business data owners who know the importance of the data, use Data Access Governance reporting to identify if the right users have the right access to the right data. Then establish policies that remediate access permissions and protect repositories from unauthorized access. After securing your most sensitive or high-value repositories, repeat these steps for other locations.
As the title of a paper we published in 2021 states, “Ransomware Relies on Poor Data Governance.” Organizations tend to grant excessive access to users, enabling them to pass along ransomware and other types of malware to areas of the network storing critical data. Data Access Governance lets you perform an analysis of access permissions and then remediate them using the principle of least privilege – restricting access to minimum levels to perform job functions.
Unstructured data is file-based data that is not structured as records in an application database. It includes word processing, spreadsheet, presentation, media, virtual images, and countless other file types. Unstructured data makes up about 80 percent of an organization's stored data.
While PII, PCI, PHI, and other regulated structured data is protected through Identity and Access Management systems and privacy regulations, sensitive and high-value data – including mission-critical data stored in network repositories and in the cloud – is perhaps the most vulnerable to data breaches. This is because it is normally secured by network administrators via NTFS and Active Directory access permissions normally without the involvement of line-of-business data owners who are familiar with the data.
Personal information copied from an application’s database and stored on the network is an obvious example. But there are also the “crown jewels” of the organizations that if they were to be breached, could have catastrophic results. Examples might include legal documents, product development plans, yet-to-be-released quarterly sales results, upcoming marketing promotions, business acquisition meeting minutes, and more.
Objectives of Data Access Governance include not only identifying risks, but providing the means of remediating them. For example, sending an automated message to data owners that access permissions to a folder storing high-value data have changed. Continuing with that example, automatically restoring the access permissions back to the original settings. Additionally, Data Access Governance software could provide the means of automatically moving sensitive and high-value data to more secure locations on the network.
No, but Data Access Governance solutions are closely tied to IAM approaches and support an identity-centric security approach to data access. In other words, just as IAM systems grant or restrict access to applications and structured data based on identity and role, forward-thinking Data Access Governance developers grant or restrict access to repositories storing sensitive and high-value unstructured based on identity and role.
A line-of-business data owner is someone designated in a department who knows the relevancy, sensitivity, and value of department files and consequently, works with the network administrator in advising where files should be located, who should have access to files, and which files should be archived or deleted. With some Data Access Governance software, the line-of-business data owner receives security notifications and is even empowered to perform certain data management tasks. For example, enabling and disabling policies that govern user access.
One additional benefit is the ability of Data Access Governance to ensure that users have access to the data that they need to do their jobs. For example, a member of the accounting department over accounts payable who has been mistakenly not given access to network repositories storing invoices, is unable to fulfill her work responsibilities. Data Access Governance can assure access according to user role.
CyberRes Data Access Governance is uniquely engineered to leverage identity elements of Directory Services including IDs, attributes, access permissions, group memberships, and other types of HR data. Consequently, CyberRes Data Access Governance not only addresses the requirements of Data Access Governance , but provides additional unique capabilities including:
Gain insight into your unstructured data and repositories. Then put policies in place to protect it from unauthorized access.
Secure unstructured data and prevent unauthorized access