The Who? What? Where? and When? of Data Governance

We all know that information is the ultimate asset, as well as being the largest and most challenging area of risk to organizations these days. The data ranges from being proprietary to confidential, encompassing everything from personal files to healthcare details to financial or even government regulatory related documents. Data is constantly generated by internal users, partners, external customers, and even by automated systems. The volume of data is easily in the Terabytes at most organizations, and spans many applications from Messaging and Collaboration (Exchange, Public Folder, and SharePoint) to the largest and most problematic area, the Distributed Shared File System. Organizations are in desperate need of tools that help establish a Data Governance program that satisfies compliance requirements, reduces risk of data exposure, and can quickly be implemented without a long, costly, and complex roll-out to the organization.

1. The first step in initiating a data governance program involves the creation of a governing body. The governing body usually consists of executive leadership, project management, line-of-business managers, and data stewards. The identification of a data steward is essential. He or she will have a large list of responsibilities including, but not limited to, improving data quality and security. The team usually employs some methodology for tracking and improving enterprise data, such as Six Sigma, and tools for data mapping, profiling, cleansing, and monitoring. Data Governance programs are largely dependent on lines of communication with these governing body members.

2. The next step is establishing the target repositories of data that are to be included in the data governance program. Initial implementations may vary in scope as well as origin. Sometimes, an executive mandate will arise to initiate an enterprise-wide effort, while at other times, the mandate will be to create a pilot project or projects, limited in scope and objectives. Usually, reduced scope or mandated programs aim to either resolve existing issues, or to demonstrate achievable results and value. Some examples of these targeted repositories may include Shared File Systems, Active Directory, Mailboxes, Public Folders, and collaborative environments like Share Point. There are many vendors with multiple tools and bundled products that can tap into these applications. For instance, the StealthAUDIT Management Platform (SMP) from STEALTHbits Technologies provides deep visibility into all of these application spaces.

In order to streamline ongoing data governance processes, as well as operational and capital expenditures, content should be assessed to determine what is out there and pruned wherever possible. On average, organizations incur a monthly cost of around $55 to maintain one Gigabyte of data storage. Gartner even estimates that 70% of unstructured data goes untouched as soon as 90 days after initial creation. That quickly translates into large sums of cost and wasted resources due to stale data. Archiving data to lower cost storage tiers can help or slow the capacity demands, but deleting the data will actually free up these valuable storage resources. Tools like SMP empower administrators to quickly find and assess stale and/or unauthorized data. SMP in particular allows you to correlate data to the most probable owners, programmatically interact with thousands of those data custodians with ease through in-product surveys, and ultimately reclaim storage capacity by cleaning up unnecessary content.

3. The next critical task is the proactive review of permissions in conjunction with ownership recertification and entitlement review processes. Basically, knowing who has what level of access to which resource is of the utmost importance. However, permissions are a complex web weaved through any organization. Starting at the domain level within Active Directory, Users and Groups form the foundation of control over what resources can be accessed throughout your infrastructure. Individual systems extend the boundary of where Users and Groups can be created. Local system administrators, ultimately, have access to the resources that reside on those systems. Digging even deeper, users and groups can be granted access directly or via policies to shares, folders, and even to individual files. In order to assess and/or secure your data, all of those points, policies, and inheritance spots must be evaluated and considered in the equation of determining a userÌs effective level of access rights to the data in the Domain. Care must be taken before removing users from any of those permission points, as the removal or deny action could break their access to other valid and business-critical resources across the domain. SMP empowers Domain and System administrators to audit, assess, truly understand, and control which users have access to what resources within their infrastructure, crossing traditional application boundaries with a single tool. Furthermore, SMP goes above and beyond to show all paths to how a user is inheriting access rights to resources. In addition, SMP also features built-in, proven business intelligence that identifies key owners of Shared Systems and Repositories based on multiple evaluation points such as who has access, claims ownership, or posted the most information, while easily filtering out administrative groups or even disabled users.

4. Finally, constant monitoring is required to provide a historical view into how your environment is changing. Knowing who gave out or delegated access, or who is using their rights to interact with resources, is critical, especially when something goes wrong. SMP provides insight into who is creating new users or groups at the domain and system levels, and allows you to see who is connecting to your systems and how, as well as who is interacting with and changing what data.

The StealthAUDIT Management Platform (SMP) is highly effective at mitigating the risk of financial loss resulting from inappropriate access to or storage of privileged data spread across your Microsoft infrastructure. The management platform is a simple, low-cost approach to knowing who might or who did access what data. In addition, StealthAUDIT gives administrators complete visibility into the content from the Domain level to Distributed Systems, right down to the individual data itself. The management platform provides a proven workflow to effect change that ultimately reduces risk and reclaims storage capacity.