Blogs

Combining Data Access Governance And Identity Access Management

Corporate Challenge: Combining Data Access Governance And Identity Access Management

Big data is the foundation of corporate decision-making. From verifying current market strategy to predicting new investment opportunities and evaluating performance goals, this rapidly growing resource makes it possible for companies to streamline operations and get ahead of the competition.

The challenge: Reports suggest that 80 percent of all enterprise data is unstructured — data that consists of images, videos, emails, text messages and documents — and 80 percent of companies aren’t sure how to manage this data. Corporate survey data, meanwhile, report that 90 percent of businesses “feel vulnerable to insider attacks,” in part thanks to excessive access privileges — 53 percent confirm insider attacks against their organization over the last 12 months.

The solution? Identity and access management combined with data access governance tools.

The Need for Effective IAM

Identity and access management (IAM) is the cornerstone of data protection. Why? Because massive upticks in data volume make it difficult for companies to manually regulate user permissions and access. As big data becomes big business, staff often find themselves with access to information they don’t need to complete assigned tasks while executives want data oversight that isn’t required for effective decision-making.

Attempting to individually manage permissions can quickly overwhelm even large IT departments because data needs are constantly changing as new staff arrive, projects are completed and corporate strategy shifts. IAM tools allow IT to easily manage user passwords (and request regular updates), granularly assign data access permissions and create company-wide policies that help protect all users and all data.

The Data Governance Advantage

Data access governance (DAG) tools, meanwhile, provide the foundation for effective IAM. Given the sheer volume of information now handled by enterprises day-to-day, IT teams face the dual challenges of categorization and classification. What type of data is stored on corporate networks? How sensitive is it? Who should have access to it? What protections should be in place?

Data governance solutions help companies identify and categorize both structured and unstructured data to empower IAM strategies. In addition, these tools can collect and analyze permissions data to determine where potential weak spots exist in current access management policies, and ensure compliance with local, federal and international legislation related to data handling and storage.

Common Challenges

Data governance tools are largely descriptive: They help identify data that require protection and describe the current state of user access and permissions. IAM solutions, meanwhile, are prescriptive — they give IT teams the control and capabilities needed to manage current access concerns and ensure users have the permissions they need, when they need them.

The result? Common challenges often arise when attempting to combine these solutions, including:

  • Existing deployment conflict: Many companies already use IAM solutions to help manage passwords and permissions and are now adopting DAG offerings to more effectively handle large volumes of unstructured data. The challenge is system conflict. What new DAG may deem risky, existing IAM may consider safe. Deployment conflict lowers the efficacy of both solutions.
  • Evolving file systems: File systems and storage methods are constantly evolving. Legacy IAM tools designed to work with existing file structures may prove problematic for new DAG tools. Best case? Minor conflicts that require IT time and resources to resolve. Worst case? Critical data permissions that go unnoticed because DAG and IAM aren’t seeing the same thing.
  • Admin-level management: IAM and DAG can both struggle with admin-level management — who holds the keys to your data castle, and what happens if they leave the company? For example, if DAG tool scan only data entitlements but miss larger system permissions, IAM tools can’t be effectively deployed to limit admin access where required.

Bridging the Gap

How do you bridge the gap between IAM and DAG functions to ensure control, compliance and consistency?

Start by defining their ideal location: For some companies, on-premises solutions are the best fit to ensure maximum security and control, while others opt for cloud-based identity-as-a-service (IDaaS) to empower agility and adaptability. Hybrid offerings provide a middle ground: Legacy or specialty apps remain on-premises while cloud technologies enable flexibility.

Your best bet? Find expert help from a provider capable of handling on-prem, cloud or hybrid deployments and supporting your company’s ongoing digital transition. Local IT teams already have their hands full; asking them to deploy DAG on top of IAM without conflict is both resource- and time-intensive. Providers can help bridge the gap without breaking your budget.

The user interface is another way to “bridge the gap between IAM and DAG”. Most traditional IAM and DAG technologies have antiquated user interfaces geared for IAM or DAG solutions as point products. These products are also constructed for technical users as opposed to business users. Since IAM and DAG tools are becoming more connected in an organization’s information security work streams, IAM and DAG manufacturers are providing solutions with easy integrations to IAM and DAG tools alike, whether cloud-based, on-premise, or hybrid platforms. Leading IAM and DAG solutions are also developing user interfaces for business users as well as technical users. This allows a more robust experience for all users not just technical users like it has been historically.

IAM guards against insider threats; DAG manages the growing depth of unstructured data. Address key challenges and combine these solutions for maximum impact.

© Copyright 2018 Column Information Security

Terms & Conditions and Privacy Policy