What do the crown jewels, the Tower of London and your data assets have in common?
Imagine walking into a bank. Security cameras meticulously record every movement in the customer service area, employee offices, entrances and exits, and even the custodial supplies storage area. Access to these areas is carefully monitored and controlled via security badges and other means. But there’s not a single camera in the vault where the crown jewels and cash reserves are, and access to the vault is not monitored or restricted in any meaningful way.
This scenario is, of course, absurd. Or is it?
Digital identities and Identity and Access Management (IAM) have risen in visibility within the corporate hierarchy now that they underpin customer-facing services. IAM has evolved from a technology which improves security to an initiative which has the attention of the CEO and board. While digital identity and digital transformation are central to many organisations’ growth and survival plans, we must not take our eyes off strong security and governance, even for a nanosecond.
Today, most enterprises methodically secure pathways to their data via applications, often deploying IAM solutions to do so. But what about the data itself? About 80 percent of an organisation’s data assets are totally unstructured, randomly residing on file shares – things like Word documents, Excel spreadsheets, PowerPoint presentations, videos and pictures.
There’s why the above bank analogy is ridiculous, because in a physical world, you wouldn’t just secure pathways to the valuable assets, you’d secure the assets themselves, right? In the digital world, the most valuable – or at least the most sensitive – enterprise information can reside in unstructured form in file shares. Even in organisations with robust IAM deployments, visibility into the world of unstructured data is very limited.
IAM does have a blind spot but thankfully there’s a cure.
The reason for this blind spot is complicated. Not the reason itself but the challenge of incorporating unstructured data coverage into an IAM solution. For an IAM solution to work, it has to know who has access to what, and who should and shouldn’t have access to what. And, perhaps most importantly, who should decide who has access to what.
Take a Customer Relationship Management (CRM) application, for example. Determining ownership is likely to be far more straightforward than it might be for the ‘Acme Account Proposal’ file share. Who’s responsible for that file share? The account manager? Who’s the Acme account manager? Or perhaps it’s the sales support person that manages proposal development? Or maybe the national sales manager who has final pricing authority? Or in this case, maybe it was a smaller account and a regional sales manager was in control of pricing? If so, which regional sales manager? Where is Acme headquartered?
You get the idea.
The problem is that when it comes to unstructured data in all the thousands of corporate file shares, or even SharePoint servers, the IAM connectors have nothing (or very little) to connect to. To complicate matters, the file share environment is anything but static. New files are created and existing files are updated thousands of times a day, and then (although much less often) they get deleted. Creating a hook for the IAM connectors to connect to is a daunting challenge.
Unstructured data needs robust governance integrated with the appropriate technology that correlates access and permissions to build a complete picture of effective access and finally, determine file share ownership. This data is then fed into the IAM solution giving IAM visibility and control over the enterprise’s unstructured data.
Think of it as installing a camera in the bank vault and a lock on the door because losing your IP could be just as costly as the Tower of London misplacing the crown jewels.
Feature image:Copyright: / 123RF Stock Photo
Tags Cyber security