AllH2FY20 Six steps to achieving data access governance
H2FY20 Six steps to achieving data access governance
inventorying what’s available on
SharePoint. And that inefficiency
keeps administrators from
working on other projects.
Ineffectiveness
Fortunately, there
is a civilized
process that you
can use to address
the challenges
of data access
governance. By
implementing a
comprehensive
data access
governance
strategy, you can
regain control of
your data.
3
Here’s a big issue that most
organizations never address: Can
your IT department even answer
whether or not you should have
the access you have? Unless you
are in a very small company, the
answer is no. IT can’t possibly
know whether your role should
be permitted to access certain
files or folders; that’s a business
decision, not a technical choice.
But most organizations do place
IT in the role of gatekeeper
to monitor and secure access
to data, which leads to users
having access that the business
would say they shouldn’t have.
Additionally, you will inevitably
be left with unstructured and
orphaned data—no one knows
who it belongs to, whether it’s still
valid, and so on.
Lack of agility
Today’s environment is
reactionary – problems arise and
you react to them. Of course,
there’s always going to be a need
for solutions that can help you
react to problems, but if all you
do is fix things at this moment
in time, with no thought of what
happens down the road for the
future, then you can’t be very
agile. For example, you might be
able to assign an owner to each
piece of data you have today, but
what happens tomorrow when an
employee resigns, new people are
hired, and your company acquires
another smaller company? You
need a process in place to
centralize access requests and
put an end to the ambiguity of
who has access to the data, and,
more important, who should have
access to the data.
Solutions exist to address some of
these problems, such as discovery,
control and automation. However
only one vendor offers a holistic
approach that can deliver endto-end data access governance
that is poised to take you into
the future.
The new frontier: data
access governance
Step out of the Wild West and into
the new frontier! Often people
feel that the only viable approach
to data security is to go to an
extreme and lock everything
down as if it were Fort Knox, but
that approach can cripple your
employees, who have legitimate
needs for data access.
Fortunately, there is a civilized
process that you can use to
address the challenges of
data access governance. By
implementing a comprehensive
data access governance strategy,
you can regain control of your
data. The figure below shows
the six steps in this strategy;
you can insert yourself at any
step depending on where your
organization is with respect to
tackling these challenges.
The six steps
1. Discover users
and resources
If you’re just starting down the
path, the first step involves
taking an inventory of your
infrastructure. Who are your
users, what resources (such as
file shares) do you have in your
environment? You’ll also need to
discover and document the extent
of SharePoint, and identify any
unstructured or orphaned data.
This will give you a full picture of
what you are dealing with.
2. Classify data and
access rights
Once you have a sense of what is
in your environment, you need to
classify it to identify whether it’s
confidential, whether it is affected
by any regulations (for example,
credit card numbers need to be
handled in accordance with PCI),
and whether it is still relevant or
should be archived.
Controlling data
today can seem
like the Wild West.
Determine who the business
owners of data should be, and
assess your identity and access
management policies. You are
working towards establishing
an access model that is based
on established and consistent
policy and on existing identity
infrastructure.
3. Assign data owners
and approvers
Here the rubber starts to hit the
road: You’re now assigning the
appropriate business owners
of data based on their roles,
locations or other attributes.
Going forward, the business
owner will be the one to grant
access, not IT. During this phase,
it’s important to perform the
necessary checks for compliance
to ensure separation of duties
(e.g., the requestor can’t also
be the approver). The final part
of this step is to establish an
automated work-flow process for
future requests so you won’t have
to go back to the drawing board
when changes are requested
down the road.
4. Audit and report on access
Since data in your environment is
constantly evolving, it’s crucial to
schedule regular business-level
attestation of access to ensure
accuracy and security. You can
then generate detailed reports
for auditors to prove adherence
to regulations.
Discover
users and
resources
Prevent
unauthorized
change
Classify
data and
access
rights
Automate
access
requests +
automatically
remediate
problems
Assign data
owners and
approvers
Audit and
report on
access
Figure 1. The six steps in an effective data access governance strategy
4
Please complete the form to gain access to this content
