Data Access Governance

Sensitive files are not just those files containing personal identifiable information (PII), they’re also the files that contain sales forecasts, financial numbers, and other strategic content to provide a competitive advantage for the organization. This information is frequently stored in spreadsheets, presentation files, and word processing files that are collectively known as unstructured data. They reside in high-value targets on the network that need to be protected from unauthorized access.

Data Access Governance

Data Access Governance (DAG) is a means of protecting these high-value targets and corresponding sensitive files from unauthorized access. Condrey’s DAG solution first reports on the files and NTFS permissions, then provides the means of cleaning up and moving files and remediating permissions. DAG helps organizations reach security and compliance objectives including the principle of least privilege (PoLP) and zero trust.

Identifying and Protecting High-Value Targets

Sensitive unstructured data such as sales forecasts, HR information, and legal documents need to be protected from unauthorized access. These files must first be identified and if needed, moved to a new folder. These folders or “high-value targets” then need to be secured with the correct access permissions given only to authorized personnel. User access and permissions then need to be strictly enforced.

Data Owner Involvement Needed

Effectively identifying sensitive data, changing access permissions, and securing high-value targets from unauthorized access requires the cooperative efforts of the departments who are familiar with the data and its sensitivity, and the IT department tasked with managing it. In fact, a data owner from each department should be not only consulted about data disposition and access permissions but notified when any access permissions are changed or attempted.

Need for an Integrated, Automated Approach

Locating sensitive documents, moving them to secure locations, remediating access permissions including changing group memberships, and being notified of changes or attempted changes in permissions requires the integration of an enterprise level reporting product coupled with action engines that take corrective action, monitors high-value targets, and notifies you of potential security problems.