Tech topics

What is Data Access Governance?

Illustration of IT items with focus on a lightbulb

Overview

Data Access Governance (frequently referred to as DAG) is a market segment that focuses on identifying and addressing the malicious and non-malicious threats that can come from unauthorized access to sensitive and valuable unstructured data.

Organizations look to Data Access Governance to:

Determine if sensitive and valuable files are being stored in secure locations
Identify who has access to these files
Correct and enforce access permissions

Data Access Governance

Why is Data Access Governance important?

Network repositories storing unstructured data are oftentimes poorly managed. The extension of unstructured data storage to cloud and collaboration platforms have made management even more challenging. Securing this data against cyberthreats and to meet privacy regulations add further complications.

Data Access Governance provides the ability to identify what unstructured data is being stored, who has access to it, and the data’s relevance. Data Access Governance can also provide active protection for repositories storing sensitive and high-value data, as well as attestation through access reviews certifying that only authorized users have access to this data.

Which industries are deploying Data Access Governance today?

Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.

With many terabytes or even petabytes of stored data, will implementing Data Access Governance be a monumental task?

Today Data Access Governance is being deployed by all types of organizations storing mission-critical data that must be protected from unauthorized access. With its ability to address data security and privacy regulations, industries such as healthcare, insurance, banking and financial services, retail, manufacturing, energy, pharmaceuticals, government and defense were early adopters of Data Access Governance.

Which industries are deploying Data Access Governance today?

We recommend that you start with a business risk mindset, rather than a technology mindset, and do so in a phased approach. In other words, prioritizing first on identifying and protecting network folders storing your most sensitive or high-value data. In consultation with line-of-business data owners who know the importance of the data, use Data Access Governance reporting to identify if the right users have the right access to the right data. Then establish policies that remediate access permissions and protect repositories from unauthorized access. After securing your most sensitive or high-value repositories, repeat these steps for other locations.

Can Data Access Governance protect organizations from ransomware?

As the title of a paper we published in 2021 states, “Ransomware Relies on Poor Data Governance.” Organizations tend to grant excessive access to users, enabling them to pass along ransomware and other types of malware to areas of the network storing critical data. Data Access Governance lets you perform an analysis of access permissions and then remediate them using the principle of least privilege – restricting access to minimum levels to perform job functions.

What exactly is unstructured data and why is unauthorized access to it so concerning?

Unstructured data is file-based data that is not structured as records in an application database. It includes word processing, spreadsheet, presentation, media, virtual images, and countless other file types. Unstructured data makes up about 80 percent of an organization's stored data.

While PII, PCI, PHI, and other regulated structured data is protected through Identity and Access Management systems and privacy regulations, sensitive and high-value data – including mission-critical data stored in network repositories and in the cloud – is perhaps the most vulnerable to data breaches. This is because it is normally secured by network administrators via NTFS and Active Directory access permissions normally without the involvement of line-of-business data owners who are familiar with the data.

What are some examples of sensitive and high-value unstructured data that could be better secured through Data Access Governance?

Personal information copied from an application’s database and stored on the network is an obvious example. But there are also the “crown jewels” of the organizations that if they were to be breached, could have catastrophic results. Examples might include legal documents, product development plans, yet-to-be-released quarterly sales results, upcoming marketing promotions, business acquisition meeting minutes, and more.

How can Data Access Governance streamline efficiencies for the organization?

Objectives of Data Access Governance include not only identifying risks, but providing the means of remediating them. For example, sending an automated message to data owners that access permissions to a folder storing high-value data have changed. Continuing with that example, automatically restoring the access permissions back to the original settings. Additionally, Data Access Governance software could provide the means of automatically moving sensitive and high-value data to more secure locations on the network.

Does Data Access Governance require an Identity and Access Management (IAM) system?

No, but Data Access Governance solutions are closely tied to IAM approaches and support an identity-centric security approach to data access. In other words, just as IAM systems grant or restrict access to applications and structured data based on identity and role, forward-thinking Data Access Governance developers grant or restrict access to repositories storing sensitive and high-value unstructured based on identity and role.

What is the role of a line-of-business data owner in a Data Access Governance implementation?

A line-of-business data owner is someone designated in a department who knows the relevancy, sensitivity, and value of department files and consequently, works with the network administrator in advising where files should be located, who should have access to files, and which files should be archived or deleted. With some Data Access Governance software, the line-of-business data owner receives security notifications and is even empowered to perform certain data management tasks. For example, enabling and disabling policies that govern user access.

What other benefits are there for deploying Data Access Governance in an organization?

One additional benefit is the ability of Data Access Governance to ensure that users have access to the data that they need to do their jobs. For example, a member of the accounting department over accounts payable who has been mistakenly not given access to network repositories storing invoices, is unable to fulfill her work responsibilities. Data Access Governance can assure access according to user role.

Why choose CyberRes Data Access Governance?

CyberRes Data Access Governance is uniquely engineered to leverage identity elements of Directory Services including IDs, attributes, access permissions, group memberships, and other types of HR data. Consequently, CyberRes Data Access Governance not only addresses the requirements of Data Access Governance , but provides additional unique capabilities including:

Expansive insight on stored data and associated permissions
Automated responsiveness based on Active Directory events
Security and protection of high-value targets that is strictly enforced
Lifecycle data management for user and group storage

Resources

What is the Principle of Least Privilege?

What is Identity and Access Management?

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

Cloud MigrationCloud Migration

NextGen ServicesNextGen Services

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Resource libraryResource library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

Cloud Migration

NextGen Services

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Resource library

Blogs

Events

Communities

Customer stories

OpenText Navigator

Marketplace