Data Access Governance: Explained

May 30, 2019

 

data access

 

Like many of us, you may have heard of Data Access Governance (DAG for short), but maybe you aren’t 100% clear on how it’s different from Information Governance (IG). The easiest way to define DAG is to read it in reverse: it is, quite simply, the governance of access to data. Pretty cool, right?

 

Now, because definitions matter, what is governance? The Oxford Dictionary defines it as “The action or manner of governing a state, organization, etc”.

 

Dealing with Unstructured Data

In our case, we’re talking about governing data. Unstructured data, to be precise. The gazillions of files and folders stored across a network, as well as all the emails. And there’s lots of that to deal with! According to IDG, unstructured data is growing at a rate of 62% a year and will make up about 93% of all data by 2022. The manner in which this data is being governed is what Data Access Governance is all about.

 

It is essentially a bottomless pit of potential problems, risk, and compliance conundrums for organizations, and there are scary monsters hiding in the closet with names like “GDPR”, “PCI”, and “HIPAA”, just waiting to jump out and go “Boo!”

 

(Want to learn about mitigating insider breaches and cyberattacks with sensitive data identification and DAG? Download our playbook)

 

Data Access Governance - Who’s Got Access to What?

Keeping people out of your data is one obvious key aspect of IG. But dealing with who has access to what data within the organization is just as important. Organizations have massive numbers of files and folders on their networks and, consequently, are most likely dealing with a correspondingly large number of permissions across these file systems. Since most customers I’ve spoken to over the years openly admit they’ve lost proper control of what’s in their file systems, we can safely assume that includes permissions, as well.

 

Getting Back the Upper Hand on Access

Losing control of file access and permissions is a monumental problem, especially for organizations in highly-regulated industries; think healthcare, finance, engineering, etc. It‘s an axiom of IT management that not all employees should have access to all data. There’s no reason that Arnold down in shipping should have access to the HR folder and be able to view all employee data, right? IT has done its best to control access to files and folders, but again: most will admit that over the years, with ad-hoc requests for users to access files, they can no longer posit that everything is under strict control. The proper governance of access to data is no longer ensured.

 

Simple to Understand. Not so Simple to Optimize.

Understanding what Data Access Governance means is not complicated; how to go about it is a whole other matter and is subject to the human proclivity to complicate any undertaking. In subsequent articles, I hope to shed some light on why organizations need to tackle this issue, including use cases and best practices.


Download the playbook mitigating insider breaches


More on that topic >>