Highly publicised data security breaches serve as important reminders that data access governance must be an ongoing corporate imperative.
Too often, however, the process of controlling access to vital information assets is inefficient, ineffective and lacks the agility to adapt easily to dynamic growth and change. According to a Gartner report on security and risk management, data access decisions should be based on an assessment of the risks and benefits of a given level of data sharing, as well as an assessment of the process, people and technology that can securely enable that sharing.
Quest Software uses a six-step process for guiding assessments and improving data access controls:
1. Discover users and resources: the first step involves an infrastructure inventory of important data (or access points to that data), which can and often does reside on multiple platforms, network-attached storage (NAS) devices, SharePoint sites, Active Directory group memberships, mobile computing devices, etc. In particular, it's important to identify the resources of unstructured or orphaned data.
2. Classify data and assign rights: data must be classified in terms of confidentiality, correlation to regulations (eg credit card numbers), overall relevance and archive requirements. Appropriate owners of business data should be reviewed and assessed to ensure they are in accordance with security policies.
3. Assign data owners and approvers: assign appropriate business owners based on roles, locations and other attributes. Separation of duties must be taken into consideration to ensure compliance and security.
4. Audit and report on access: schedule and perform continuous business-level attestation of access to ensure accuracy, compliance and security.
5. Automate access requests and problem remediation: automating access fulfilment workflows based on access rights and the requestor's role in the organisation is ideal for security purposes. Automated responses that remediate deviations can proactively prevent potential threats or breaches.
6. Prevent unauthorised changes: lock down certain data, groups or access rights that should never be altered. All changes should be logged in a secure depository that cannot be manipulated to ensure a high level of forensic analysis.
Automated, multi-platform data access governance can remove the barriers to satisfying compliance requirements, while preventing unauthorised access to sensitive data residing on physical and virtual file servers, NAS devices, SharePoint sites, Windows file servers and more.
Improved access control is a key driver in reducing security threats, as well as preventing them in the first place. Finally comprehensive, 360-degree visibility of company-wide user access gives IT, business managers and data owners the insight needed to enforce policies and comply with regulations without creating an adverse impact on operations.
Nick Nikols is vice-president and general manager of identity, security and Windows management at Quest Software