Tech topics

What is Data Access Governance?

Overview

Data Access Governance (frequently referred to as DAG) is a market segment that focuses on identifying and addressing the malicious and non-malicious threats that can come from unauthorized access to sensitive and valuable unstructured data. 

Organizations look to Data Access Governance to: 

  • Determine if sensitive and valuable files are being stored in secure locations
  • Identify who has access to these files
  • Correct and enforce access permissions

KuppingerCole reviews components of CyberRes Data Access Governance

CyberRes Data Access Governance includes the File Reporter and File Dynamics products – each reviewed by KuppingerCole in a Market Compass Report. Read why the analyst firm concludes that “… together as a suite these products form a robust way to organize unstructured data from an identity point of view.” For a limited time, we’re making the report available for free download.

Download the report

Data Access Governance

Why is Data Access Governance important?

Network repositories storing unstructured data are oftentimes poorly managed. The extension of unstructured data storage to cloud and collaboration platforms have made management even more challenging. Securing this data against cyberthreats and to meet privacy regulations add further complications.

Data Access Governance provides the ability to identify what unstructured data is being stored, who has access to it, and the data’s relevance. Data Access Governance can also provide active protection for repositories storing sensitive and high-value data, as well as attestation through access reviews certifying that only authorized users have access to this data.

Which industries are deploying Data Access Governance today?

Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.


With many terabytes or even petabytes of stored data, will implementing Data Access Governance be a monumental task?

Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.


Which industries are deploying Data Access Governance today?

Congruent with Gartner’s Data Security Governance Framework, we recommend that you start with a business risk mindset, rather than a technology mindset, and do so in a phased approach. In other words, prioritizing first on identifying and protecting network folders storing your most sensitive or high-value data. In consultation with line-of-business data owners who know the importance of the data, use Data Access Governance reporting to identify if the right users have the right access to the right data. Then establish policies that remediate access permissions and protect repositories from unauthorized access. After securing your most sensitive or high-value repositories, repeat these steps for other locations.


Can Data Access Governance protect organizations from ransomware?

As the title of a paper we published in 2021 states, “Ransomware Relies on Poor Data Governance.” Organizations tend to grant excessive access to users, enabling them to pass along ransomware and other types of malware to areas of the network storing critical data. Data Access Governance lets you perform an analysis of access permissions and then remediate them using the principle of least privilege – restricting access to minimum levels to perform job functions.


What exactly is unstructured data and why is unauthorized access to it so concerning?

Unstructured data is file-based data that is not structured as records in an application database. It includes word processing, spreadsheet, presentation, media, virtual images, and countless other file types. Unstructured data makes up about 80 percent of an organization's stored data.

While PIIPCIPHI, and other regulated structured data is protected through Identity and Access Management systems and privacy regulations, sensitive and high-value data – including mission-critical data stored in network repositories and in the cloud – is perhaps the most vulnerable to data breaches. This is because it is normally secured by network administrators via NTFS and Active Directory access permissions normally without the involvement of line-of-business data owners who are familiar with the data.


What are some examples of sensitive and high-value unstructured data that could be better secured through Data Access Governance?

Personal information copied from an application’s database and stored on the network is an obvious example. But there are also the “crown jewels” of the organizations that if they were to be breached, could have catastrophic results. Examples might include legal documents, product development plans, yet-to-be-released quarterly sales results, upcoming marketing promotions, business acquisition meeting minutes, and more.


How can Data Access Governance streamline efficiencies for the organization?

Objectives of Data Access Governance include not only identifying risks, but providing the means of remediating them. For example, sending an automated message to data owners that access permissions to a folder storing high-value data have changed. Continuing with that example, automatically restoring the access permissions back to the original settings. Additionally, Data Access Governance software could provide the means of automatically moving sensitive and high-value data to more secure locations on the network.


Does Data Access Governance require an Identity and Access Management (IAM) system?

No, but Data Access Governance solutions are closely tied to IAM approaches and support an identity-centric security approach to data access. In other words, just as IAM systems grant or restrict access to applications and structured data based on identity and role, forward-thinking Data Access Governance developers grant or restrict access to repositories storing sensitive and high-value unstructured based on identity and role.


What is the role of a line-of-business data owner in a Data Access Governance implementation?

A line-of-business data owner is someone designated in a department who knows the relevancy, sensitivity, and value of department files and consequently, works with the network administrator in advising where files should be located, who should have access to files, and which files should be archived or deleted. With some Data Access Governance software, the line-of-business data owner receives security notifications and is even empowered to perform certain data management tasks. For example, enabling and disabling policies that govern user access.


What other benefits are there for deploying Data Access Governance in an organization?

One additional benefit is the ability of Data Access Governance to ensure that users have access to the data that they need to do their jobs. For example, a member of the accounting department over accounts payable who has been mistakenly not given access to network repositories storing invoices, is unable to fulfill her work responsibilities. Data Access Governance can assure access according to user role.


Why choose CyberRes Data Access Governance?

CyberRes Data Access Governance is uniquely engineered to leverage identity elements of Directory Services including IDs, attributes, access permissions, group memberships, and other types of HR data. Consequently, CyberRes Data Access Governance not only addresses the requirements of Data Access Governance , but provides additional unique capabilities including:

  • Expansive insight on stored data and associated permissions
  • Automated responsiveness based on Active Directory events
  • Security and protection of high-value targets that is strictly enforced
  • Lifecycle data management for user and group storage

Footnotes