In listening to Adam Rosen’s recent webinar, I learned that nearly 60 percent of security breaches involve the theft of unstructured data.[i] And, only 12 percent of organizations are confident they can detect a breach involving unstructured data.[ii]
Given that 80% of an organization’s data is unstructured,[iii] is it any wonder a hacker was able to steal login credentials and personal information from Sony, including Sylvester Stallone’s social security number? Going Rambo won’t protect you. What will is a successful Data Access Governance (DAG) program.
Some organizations shy away from Data Access Governance because they just don’t know where to start. In this webcast, 5 Steps to Building a Successful Data Access Governance Program, Adam Rosen, VP of DAG Solutions at STEALTHbits, helps you jumpstart your success by making these steps easy to understand and put into practice.
Start by scanning your file shares, servers, and systems to find out:
Scan across your entire organization so you know all the data that’s out there. This approach will help you better prioritize initiatives over time.
Think of it like cleaning out a dresser drawer in your house. You’d want to take an inventory of all the items in the dresser’s drawers so you can best plan how to organize them.
Even though you want to know what’s in each drawer, you’d still start with the drawer that’s most important. In security, that drawer is often Sensitive Data Discovery so you can protect your most valuable assets like intellectual property (IP), protected health information (PHI), and financial or customer data.
Sensitive Data Discovery can be addressed by itself, or in tandem with two other focus areas:
Protecting sensitive data by limiting access is like locking jewelry in your dresser drawer and giving the combination to only your immediate family.
That drawer, let alone the whole dresser, will never be organized and secure if you don’t get your family members onboard.
In data governance, that translates into your needing to win the support of business users who utilize the data and have an interest in protecting it, e.g., cross-functional teams, legal, and HR.
Their knowledge is invaluable to determining why the data exists, as well as:
These business users will not only help you gain executive support, they’ll also assume responsibilities as data owners to assist you in your DAG efforts.
Here’s where your hard work pays off. You’re now ready to use the findings from your initial scan to take action:
You can’t clean out your drawer once and expect it to stay neat forever. Your family members will put new items in or take items out, and you’ll need to keep track while maintaining the drawer’s tidiness. You also can’t expect to clean one drawer and have the whole dresser, room, or house become neat.
It’s the same with Data Access Governance. DAG is a “rinse and repeat” cycle where you start with your first priority, then move onto your second, your third, and so on. Ultimately, you want to establish a secure, repeatable process that you can expand across data sets within your organization.
You wouldn’t wait until after your jewelry drawer was robbed to protect it. So why wait to implement a Data Access Governance program until after a security breach or failed audit?
Get going by combining your DAG program with a related initiative like Identify and Access Management (IAM), Data Loss Prevention (DLP), and Privileged Identify Management (PIM). Start preparing by taking advantage of STEALTHbits’ free assessment tools to begin surveying and analyzing your data.
To watch the full webcast, 5 Steps to Building a Successful Data Access Governance Program, please click here.
[i] Survey on the Governance of Unstructured Data, Ponemon Institute
[ii] The State of Data Centric Security, Ponemon Institute
[iii] Big Content: The Unstructured Side of Big Data, Gartner
Start a Free Stealthbits Trial!
No risk. No obligation.