For the past several years, organisations have recognised that simply securing their perimeters is not enough, with the focus instead shifting to securing identities. However, as data associated with intellectual property, or private information governed by regulations like the Protection of Personal Information Act (POPIA), becomes increasingly targeted by hackers, the relationship between data and identities has evolved into the key security area to address.
The ability to discover data, analyse its contents, identify the compliance risks and then remediate access is not only vital today, but needs to be achieved from a single solution approach in order to obtain the single pane of glass view required to mitigate organisational risk.
Christiaan Swanepoel, CyberRes Sales Specialist at Micro Focus, points out that the next big challenge for IT is the unstructured data problem. It is estimated that more than 80% of organisational data today falls within this unstructured data category, and with identity and access management solutions in the past generally having focused on addressing structured data access – such as that found in databases – unstructured data has been left alone, leaving it open to compliance issues or possible data breaches if not addressed.
“Unstructured data is that which we use daily – e-mail, attachments, PDF files, scans, PowerPoint presentations and more – and as businesses have increasingly adopted remote working, so unstructured data has built up exponentially. More crucially, these data sets collected by businesses usually contain personal or private information (PPI) within this unstructured data,” he says.
“Typically, this data goes into some form of storage system, but the issue is that organisations can’t say who has access to what type of data. They know they have data, that they own it, they possibly know what it contains, but ultimately can’t prove that they are compliant and actually protecting that data.”
He adds that in order to prove compliance, you need a holistic solution that addresses it from a data access perspective. Therefore, you should be asking who has access, why do they have access and can we prove they had access to it?
“Applying an effective data access governance solution should assist in decreasing the amount of risk, helping you to go from where you are now to the point of learning what data you have, and enabling you to create policies around access to that information.
“Everyone outside of these policies must be removed and you must be able to prove this access was removed. The right solution will also enable you to prove that PPI data that individuals must not have access to was removed before access was granted. And you need a solution that can help you revoke access to everyone who previously had access that no longer requires it.”
It must be understood, continues Swanepoel, that with a data access governance solution, you need both the tools and the relevant expertise, as there is no simple plug-and-play approach. Unstructured data, he explains, is cumbersome, unknown and large. Therefore, you need to find not only the right solution, but the right partner – one that will take your organisation through the steps they need to progress to the point of having a proper data access governance process operating within the business.
“If you think about the size of unstructured data, not only is it taking up your storage, it’s also not being governed by data privacy or access governance frameworks. You need to find out where that data is, what kind of data it is and use governance solution sets to create attestation campaigns and send it to the relevant manager to see if the individual needs access to that data,” he says.
“While the size of the unstructured data is a challenge, the biggest issue is that dealing with it is all about the unknown – and it shouldn’t have to be. You need to start protecting users as well as data. In today’s digital world, challenges are rife: an increasing number of employees are working remotely, cyber threats are growing exponentially and compliance legislation like POPIA needs to be adhered to. In such a challenging environment, the question shouldn’t be: should I implement a data access governance solution, but rather: how soon can I implement it?”
Download a white paper on applying governance to unstructured data or request a free demonstration here.
Share