In this 6th and final post of our “Moving from Checkbox Compliance to True Data Security” blog series, we’re going to see how all the work we’ve done in discovering where our data lives, collecting and analyzing relevant information about our data, monitoring activity, and restructuring access rights will pay off in a major way.
As you’ve likely gathered already, “Governance” is a pretty important component of a Data Access Governance program. It’s in the name, for crying out loud! But the best thing is that Governance is actually the easy part. Governance is the enforcement and maintenance of the work you’ve already done.
When you restructured your access rights, you aligned your access model to one where you can surgically control who gets access to each resource and at the permission levels they need. This model also gives you the confidence that adding and removing users from any particular resource won’t inadvertently add or remove their access to anything else. Now you just have to keep it that way.
As you enter the Governance phase of your Data Access Governance program, you’re going to find there are three critical components that are required to make it all work.
First, you’re going to need to identify your data owners. Data owners (aka Data Custodians) serve a pivotal role in the Governance process that no one else can do as well as they can, which is determine who does and who doesn’t get access to THEIR data.
Using the data gathered during the Collect & Analyze and Monitor phases of the program, calculating and assigning data owners is a breeze compared to traditional methods (e.g. guessing, begging, or picking names out of a hat).
With data owners assigned to each resource, you’re now ready to verify that the entitlements you’ve granted are indeed what is required. Because of the new security model you’ve applied during the restructure phase, data owners can easily toggle user access rights between Read and Modify, always ensuring only the right people have the right level of access.
Most organizations choose to run their entitlement review campaigns quarterly, but you can really run them on whatever interval works best for you.
What about new users that want access to the data? This is where the third critical component comes into play. Again, because we’ve got the right people making decisions about who gets access to their data, we can route access requests directly to the data owners for approval or denial. IT maintains oversight throughout the whole process, but by enabling self-service access request capabilities, helpdesks and IT staff are relieved of the unfair or otherwise cumbersome task of determining if someone should get access and even how.
See? The Govern phase is actually the easiest and most fun, as you finally get to enjoy the fruits of your labor. With Data Owners assigned and governance workflows like Entitlement Reviews and Self-Service Access Requests in place, you’re able to satisfy security, compliance, and operational requirements around data access all at once.
We sincerely hope you’ve enjoyed this blog and webinar series as much as we’ve enjoyed documenting the journey from simply passing an audit to significantly reducing the risk of data breach.
Register for the companion webinar, Restructure Access to Implement and Maintain a Least Privilege Access, that I will be presenting, on October 3rd.
For more information, you can contact us here.
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Adopting a Data Access Governance strategy will help any organization achieve stronger security and control over their unstructured data. Use this free guide to help choose the best available solution available today!Read more
Start a Free Stealthbits Trial!
No risk. No obligation.