Six Steps to Achieving Data Access Governance. Written By Quest Software



Similar documents
An Introduction to Toad Extension for Visual Studio. Written By Thomas Klughardt Systems Consultant Quest Software, Inc.

10.2. Auditing Cisco PIX Firewall with Quest InTrust

Eight Best Practices for Identity and Access Management

Go Beyond Basic Up/Down Monitoring

Direct Migration from SharePoint 2003 to SharePoint 2010

Secure and Efficient Log Management with Quest OnDemand

Migrating Your Applications to the Cloud

Key Methods for Managing Complex Database Environments

Taking Unix Identity and Access Management to the Next Level

Quest ChangeAuditor 5.0. For Windows File Servers. Events Reference

Using Stat with Custom Applications

Proactive Performance Management for Enterprise Databases

Quest Management Agent for Forefront Identity Manager

Foglight for SQL Server

Toad for Oracle Compatibility with Windows 7 Revealed

Quest One Privileged Account Appliance

An Innovative Approach to SOAP Monitoring. Written By Quest Software

The Case for Quest One Identity Manager

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

6.0. Planning for Capacity in Virtual Environments Reference Guide

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Top Seven Tips and Tricks for Group Policy in Windows 7

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Quest Application Performance Monitoring Implementation Methodology

Are You Spending More than You Realize on Active Directory Management?

Enterprise Single Sign-On 8.0.3

The Active Directory Recycle Bin: The End of Third-Party Recovery Tools?

Enterprise Single Sign-On Installation and Configuration Guide

Protecting and Auditing Active Directory with Quest Solutions

Achieving ISO/IEC Compliance with Quest One Solutions for Privileged Access. Written By Quest Software, Inc.

6.5. Web Interface. User Guide

The Quest Cloud Automation Platform

Top Five Reasons to Choose Toad Over SQL Developer

2009 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Disclaimer

Best Practices for SharePoint Development and Customization

Quest Support: vworkspace Troubleshooting Guide. Version 1.0

Exchange 2010 and Your Audit Strategy

Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard

Foglight Foglight Experience Viewer (FxV) Upgrade Field Guide

Migrating Lotus Notes Applications to Microsoft Office 365 and SharePoint Online

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

formerly Help Desk Authority Quest Free Network Tools User Manual

Controlling & Managing Super User Access

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Data Center Consolidation Strategies for the Federal CIO

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Unified and Intelligent Identity and Access Management

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Choosing the Right Active Directory Bridge Solution

Quest Solutions for PCI Compliance

Benchmark Factory for Databases 6.5. User Guide

Quest ActiveRoles Server

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Authentication Services 4.1. Authentication Services Single Sign-on for SAP Integration Guide

Top 10 Most Popular Reports in Enterprise Reporter

4.0. Offline Folder Wizard. User Guide

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

for Oracle User Guide

FOR WINDOWS FILE SERVERS

Quest One Password Manager

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Quest InTrust for Active Directory. Product Overview Version 2.5

Spotlight on SQL Server 7.0. Reporting and Trending Guide

Foglight. Dashboard Support Guide

Extending Native Active Directory Capabilities to Unix and Linux

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

System Requirements and Platform Support Guide

Quest vworkspace Virtual Desktop Extensions for Linux

Quest ChangeAuditor 4.8

Top 10 Tips for Optimizing SQL Server Performance

Go beyond basic up/down monitoring

DATA GOVERNANCE EDITION

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

Organized, Hybridized Network Monitoring

Transcription:

Six Steps to Achieving Data Access Governance Written By Quest Software

Contents Abstract... 2 It s the Wild West Out There... 3 The Problems with Current Practices... 4 Inefficiency... 4 Ineffectiveness... 4 Lack of Agility... 4 The New Frontier: Data Access Governance... 5 The Six Steps... 6 1. Discover Users and Resources... 6 2. Classify Data and Access Rights... 6 3. Assign Data Owners and Approvers... 6 4. Audit and Report on Access... 6 5. Automate Access Requests and Automatically Remediate Problems... 6 6. Prevent Unauthorized Change... 6 Conclusion... 7 1

Abstract Data is an organization s most valuable asset, consisting of anything from intellectual property to customer information. Often, this data is found on a number of platforms: Windows file servers, NAS devices, SharePoint sites and more. Unfortunately, many organizations cannot adequately control access to that data, or even reliably assess who currently has access. Nevertheless, organizations need to satisfy compliance requirements and be able to quickly address security threats or, ideally, prevent them from arising at all. They need to centralize the access request process and put an end to ambiguity about who has access to what. They need automated, multi-platform data access governance. This white paper outlines six steps to achieving that data access governance. 2

Introduction Organizations know that controlling access to data is vital: security breaches, mistakes and leaks of sensitive enterprise data can lead to loss of intellectual property (IP), system downtime, frustrated users, lost productivity, fines for failing to comply with external regulations, and organizational embarrassment. But the processes at many organizations today to achieve that control are tedious, time-consuming and error-prone. Administrators try to monitor group changes in Active Directory; data loss on file servers and NAS devices; and SharePoint activity, but all too often these approaches simply address current symptoms but fail to permanently fix the root cause of problems. Moreover, all that manual work and reporting distracts administrators from working on other projects It s the Wild West Out There A warm wind blows the dust up on a deserted main street as a tumbleweed blows silently past two men about to face one another in a draw: it s the Wild West a great analogy for the state of data in most organizations today. You ve got your disputes over who owns what, your band of outlaws trying to steal what s yours, and usually very minimal law enforcement who are doing their best to keep the peace. Also remember that the Wild West was a time of growth (mostly uncontrolled growth), with new towns popping up and population increasing very much like the data in your environment. You have new data being created and saved on platforms from Windows file servers to NAS devices, and you even have SharePoint sites popping up. More than likely, your employees are constantly using new devices, such as ipads, to access, create, and alter data as well. Your IT department is acting as sheriff, doing its best to keep up and keep the peace, but today s outlaws are no longer the obvious tall dark stranger in the black trench coat who elicits a frightened gasp as he walks into the saloon. You face myriad threats to your data, and you have multiple compliance regulations and internal policies to adhere to. You need automated, multi-platform data access governance. 3

The Problems with Current Practices What exactly are the problems with current data access control methods? Inefficiency, ineffectiveness, and a lack of agility. Inefficiency Securing and controlling access to data in your infrastructures is a tedious, repetitive, time-consuming process. In your environment today, how long would it take your IT team to discover what you have access to, and how you gained that access? How would they go about doing it across all the platforms in your entire organization? The bottom line: current practices are inefficient, whether you are manually assessing all of the unstructured data across your widely diverse environment, uncovering data loss on file servers and NAS devices, or inventorying what s available on SharePoint. And that inefficiency keeps administrators from working on other projects. Ineffectiveness Here s a big issue that most organizations never address: can your IT department even answer whether or not you should have the access you have? Unless you are in a very small company, the answer is no. IT can t possibly know whether your role should be permitted to access certain files or folders; that s a business decision, not a technical choice. But most organizations do place IT in the role of gatekeeper to monitor and secure access to data, which leads to users having access that the business would say they shouldn t have. Additionally, you will inevitably be left with unstructured and orphaned data no one knows who it belongs to, whether it s still valid, and so on. Lack of Agility Today s environment is reactionary problems arise and you react to them. Of course, there s always going to be a need for solutions that can help you react to problems, but if all you do is fix things at this moment in time, with no thought of what happens down the road for the future, then you can t be very agile. For example, you might be able to assign an owner to each piece of data you have today, but what happens tomorrow when an employee resigns, new people are hired, and your company acquires another smaller company? You need a process in place to centralize access requests and put an end to the ambiguity of who has access to the data, and, more important, who should have access to the data. Solutions exist to address some of these problems, such as discovery, control, and automation. However only one vendor offers a holistic approach that can deliver end-to-end data access governance that is poised to take you into the future. 4

The New Frontier: Data Access Governance Step out of the Wild West and into the new frontier! Often people feel that the only viable approach to data security is to go to an extreme and lock everything down as if it were Fort Knox, but that approach can cripple your employees, who have legitimate needs for data access. Fortunately, there is a civilized process that you can use to address the challenges of data access governance. By implementing a comprehensive data access governance strategy, you can regain control of your data. The figure below shows the six steps in this strategy; you can insert yourself at any step depending on where your organization is with respect to tackling these challenges. Discover Users and Resources Prevent Unauthorized Change Classify Data and Access Rights Automate Access Requests + Automatically Remediate Problems Assign Data Owners and Approvers Audit and Report on Access Figure 1. The six steps in an effective data access governance strategy 5

The Six Steps 1. Discover Users and Resources If you re just starting down the path, the first step involves taking an inventory of your infrastructure. Who are your users, what resources (such as file shares) do you have in your environment? You ll also need to discover and document the extent of SharePoint, and identify any unstructured or orphaned data. This will give you a full picture of what you are dealing with. 2. Classify Data and Access Rights Once you have a sense of what is in your environment, you need to classify it to identify whether it s confidential, whether it is affected by any regulations (for example, credit card numbers need to be handled in accordance with PCI), and whether it is still relevant or should be archived. Determine who the business owners of data should be, and assess your identity and access management policies. You are working towards establishing an access model that is based on established and consistent policy and on existing identity infrastructure. 3. Assign Data Owners and Approvers Here the rubber starts to hit the road: you re now assigning the appropriate business owners of data based on their roles, locations, or other attributes. Going forward, the business owner will be the one to grant access, not IT. During this phase, it s important to perform the necessary checks for compliance to ensure segregation of duties (e.g., the requestor can t also be the approver). The final part of this step is to establish automated workflow process for future requests so you won t have to go back to the drawing board when changes are requested down the road. 4. Audit and Report on Access Since data in your environment is constantly evolving, it s crucial to schedule regular business-level attestation of access to ensure accuracy and security. You can then generate detailed reports for auditors to prove adherence to regulations. The attestation process must be efficient and take into account that it is the business owners who have the knowledge to do the attestation. You want to replace current inefficient processes in which reports are gathered by IT, passed to the business, interpreted, and handed back to IT to implement changes. Enabling the business to do it all themselves improves data access governance. 5. Automate Access Requests and Automatically Remediate Problems For security, your process must grant access only based on the requester s role within the organization. One approach is to use an access request portal: users can request access resources and appropriate personnel can review the access to validate that the process is working as intended. It s also important to implement automated responses that remediate any deviations from the rules that you have worked so hard to establish. 6. Prevent Unauthorized Change There are always going to be certain data, groups or access rights that you ll want to secure from ever being altered. So lock those down and set up a real-time alert to notify you if a change attempt is made. It is also best practice to log all changes in a secure depository that can t be altered, separate from standard event logs, for any forensic analysis later. But simply knowing a change was made isn t going to tell you much down the road, so it s equally important that your logs record and show you what change was made, with the before and after values. 6

Conclusion Controlling data today can seem like the Wild West: you must deal with constant threats, declining enforcement budgets, rapid growth, and constant change. But while addressing the challenges of data access governance is neither quick nor easy, it doesn t need to be insanely complex, either. Using the holistic approach outlined in this paper, you can get your environment in order now and address the root of the problem so that it continues to stay in order in the future. Quest Software can help you establish complete 360-degree visibility into user access in your organization, including extending the security you already have through Active Directory to your non-windows systems, applications, and data. Quest s data access governance solutions enable organizations to discover, assess and assign ownership with scheduled attestation for maintenance across a multi-platform environment. Quest tools also deliver change monitoring and compliance reporting to close the loop on the governance process for ongoing security. This approach ensures efficiency, effectiveness and agility for the future. To learn more, please visit: www.quest.com/data-access-governance 7

2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the written permission of Quest Software, Inc. ( Quest ). The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com email: legal@quest.com Refer to our Web site for regional and international office information. Trademarks Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, ChangeManager, Defender, DeployDirector, Desktop Authority, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, itoken, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, MultSess, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point,Click,Done!, PowerGUI, Quest Central, Quest vtoolkit, Quest vworkspace, ReportADmin, RestoreADmin, ScriptLogic, Security Lifecycle Map, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vautomator, vcontrol, vconverter, vfoglight, voptimizer, vranger, Vintela, Virtual DBA, VizionCore, Vizioncore vautomation Suite, Vizioncore vbackup, Vizioncore vessentials, Vizioncore vmigrator, Vizioncore vreplicator, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners. Updated September, 2011 8

About Quest Software, Inc. Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest solutions for application management, database management, Windows management, virtualization management and IT management, go to www.quest.com. Contacting Quest Software PHONE 800.306.9329 (United States and Canada) If you are located outside North America, you can find your local office information on our Web site. EMAIL MAIL sales@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around-the-clock coverage with SupportLink, our Web self-service. Visit SupportLink at https://support.quest.com. SupportLink gives users of Quest Software products the ability to: Search Quest s online Knowledgebase Download the latest releases, documentation and patches for Quest products Log support cases Manage existing support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information and policies and procedures. WP_AccessGovernance_US_VG 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information