Paul Trulove, CPO at SailPoint discusses the need for special handling of particularly sensitive data
Today’s business world is driven by data, enabling employees, contractors, partners and vendors to communicate. But if this data is not protected, an organisation’s reputation and finances can be damaged. Some of this data – like financials and personally identifiable information (PII) – is priceless and requires special handling to mitigate the risk of data breaches
In the digital age, protecting sensitive organisational data can’t be achieved with physical security alone. Smart organisations leverage well-known processes and tools such as identity and data access governance solutions to help manage who has access to the sensitive information stored in structured applications like mainframes and databases come into play.
Unfortunately, structured systems are not the only place where sensitive data is stored. Unstructured data, or data stored in files outside of structured applications and databases, is a growing problem for organisations. In many cases, unstructured data started out as structured data in an application, but was then moved by an end user into a more convenient format. For example: an employee on the finance team is reviewing financial data pulled from an internal database and, to make it easier to share with his fellow team members, he exports it to Excel and uploads the file to a corporate Dropbox account. Using this example, it’s easy to see how quickly data can move from secure, controlled environments to unsecured locations.
So how can organisations protect sensitive data no matter where it resides? By taking an integrated approach to governing access – across all applications and file storage systems, organisations can keep structured or unstructured data safe. There are three steps to this integrated approach:
Find sensitive data
In addition to the obvious applications and databases that store sensitive data, organisations must identify where unstructured data is stored both inside the data centre and in the cloud. Because of the proliferation of unstructured data, the only realistic way to find and keep track of it is to leverage an automated solution to scan all systems and move sensitive data to secure storage environments.
Design preventive controls for real-time governance
Once sensitive data has been located and stored appropriately, organisations must put preventive controls in place to ensure the right people have access to it. Identity governance tools can help by collecting and analysing permissions to answer the question: “Who has access to what.” Identity governance can ensure that user access conforms to policy and job roles as access changes throughout a user’s lifecycle.
Implement detective controls
It’s not enough to define access controls and forget about them. Organisations also need detective controls to review and monitor ongoing user access and activity for anomalies. Steps like periodic access reviews and user activity monitoring can flag potentially dangerous situations and help prevent a data breach.
While protecting sensitive data can feel overwhelming, identity governance can give organisations the solutions they need to address sensitive data in the enterprise, while making sure to balance security with convenience.