Data Access Governance: Explained
Like many of us, you may have heard of Data Access Governance (DAG for short), but maybe you aren’t 100% clear on how it’s different from Information Governance (IG). The easiest way to define DAG is to read it in reverse: it is, quite simply, the governance of access to data. Pretty cool, right?
Now, because definitions matter, what is governance? The Oxford Dictionary defines it as “The action or manner of governing a state, organization, etc”.
Dealing with Unstructured Data
In our case, we’re talking about governing data. Unstructured data, to be precise. The gazillions of files and folders stored across a network, as well as all the emails. And there’s lots of that to deal with! According to IDG, unstructured data is growing at a rate of 62% a year and will make up about 93% of all data by 2022. The manner in which this data is being governed is what Data Access Governance is all about.
It is essentially a bottomless pit of potential problems, risk, and compliance conundrums for organizations, and there are scary monsters hiding in the closet with names like “GDPR”, “PCI”, and “HIPAA”, just waiting to jump out and go “Boo!”
Data Access Governance - Who’s Got Access to What?
Keeping people out of your data is one obvious key aspect of IG. But dealing with who has access to what data within the organization is just as important. Organizations have massive numbers of files and folders on their networks and, consequently, are most likely dealing with a correspondingly large number of permissions across these file systems. Since most customers I’ve spoken to over the years openly admit they’ve lost proper control of what’s in their file systems, we can safely assume that includes permissions, as well.
Getting Back the Upper Hand on Access
Losing control of file access and permissions is a monumental problem, especially for organizations in highly-regulated industries; think healthcare, finance, engineering, etc. It‘s an axiom of IT management that not all employees should have access to all data. There’s no reason that Arnold down in shipping should have access to the HR folder and be able to view all employee data, right? IT has done its best to control access to files and folders, but again: most will admit that over the years, with ad-hoc requests for users to access files, they can no longer posit that everything is under strict control. The proper governance of access to data is no longer ensured.
Simple to Understand. Not so Simple to Optimize.
Understanding what Data Access Governance means is not complicated; how to go about it is a whole other matter and is subject to the human proclivity to complicate any undertaking. In subsequent articles, I hope to shed some light on why organizations need to tackle this issue, including use cases and best practices.