Coordinated access provisioning with identity management system
Enhanced reporting and data analytics capabilities
Improved data insight and regulation compliance
Fully automated identity and data management workflows
Scalable and performant solution to cover 20,000 users and billions of unstructured data files

Challenge

Manage billions of unstructured data files held in multiple locations throughout the world to comply with data security regulations.

Details

Incorporating unstructured data in an intelligent identity management framework

The nature of this customer’s business means that it generates huge amounts of data, much of it unstructured and diverse. Data is spread across multiple data centers throughout the world and represents all departments of the company. With nearly 20,000 users as part of a dynamic workforce, the organization sees the importance in automating its data lifecycle, as an IT Director with the organization explains: “We have used NetIQ Identity Manager for a long time to create an identity-driven workflow that includes employees, customers, and partners. However, with escalating reporting requirements, extensive data growth, and the increasing importance of data security, we felt we needed help in inventorying and analyzing our very large unstructured data stores. Our market research led us to NetIQ Data Access Governance (DAG) to support us in automating our manual processes to manage our data and the use of it. DAG’s coordinated access provisioning with Identity Manager was very helpful as all our identity-driven policies run through Active Directory so DAG could leverage this too.”

DAG is designed to gain insight into unstructured data and repositories so that policies can be applied to protect data from unauthorized access. It can provide active protection for repositories storing sensitive and high-value data, as is very relevant for this organization. It can also limit data access to only authorized users, helpful in a scenario with a transient workforce such as this company’s. DAG includes File Dynamics, equipping organizations to extend identity-based security and access management to unstructured data, the largest and often most vulnerable data segment in an organization. File Reporter, also included in DAG, provides comprehensive reporting and analysis of user access to data stored on the network file system.

We chose NetIQ DAG for its scalability and performance, as well as its coordination with our trusted identity management system. This enabled us to extend our identity and access management to include our unstructured data.

資訊科技總監
大型航空航太組織

Introducing automation with DAG to relieve manual efforts

With literally billions of files scattered around the organization, having a clear understanding of what is available and who has access to it was a high priority. The File Reporter component of DAG was implemented to effectively inventory metadata and the available permissions, as well as analyze and report on the findings. This automated process included a comprehensive data aging report so that individual data owners can make informed decisions based on data retention policies, in line with compliance requirements.

Once the data inventory was complete, File Dynamics was then leveraged to automate data lifecycle management, based on retention and privacy policies driven by Identity Manager. The IT Director comments on the undertaking: “Introducing automation with DAG was particularly helpful as manually we just could not stay on top of our ever-increasing data. It also exposed us to security risks and potential non-compliance with industry and data privacy regulations. Our team quickly learned how to create custom reports to help us analyze our data. Because of the specifics of our implementation, we needed some additional DAG functionality, and we were very pleased to work directly with Micro Focus (now OpenText) R&D on this. The new functionality is now available as standard within DAG, benefiting not just ourselves, but other DAG customers as well.”

The organization created an effective identity and data management workflow that starts with Identity Manager based on Active Directory records, and moves to DAG policies and data storage, accessible to individual owners or teams for collaboration. It includes access permissions, and secures and monitors any changes in permissions. Data is treated according to relevant retention policies so it can be archived or deleted when appropriate.

Because of the specifics of our implementation, we needed some additional DAG functionality, and we were very pleased to work directly with Micro Focus (now OpenText) R&D on this. The new functionality is now available as standard within DAG, benefiting not just ourselves, but other DAG customers as well.

資訊科技總監
大型航空航太組織

DAG proves scalable, performant, and flexible to evolving requirements

The next step is to automate the workflow that is activated when staff leave the organization and are given a legal hold notice. This instructs them not to delete electronically stored information or discard paper documents that may be relevant to a new or imminent legal case. Without DAG in place, this process is impossible to enforce effectively. The new DAG workflow in progress will apply data protection policies that notify the appropriate data owner in real time if any data or permission changes are made. This is key in the highly competitive area this company operates in and will provide an extra level of security.

The IT Director concludes: “We chose NetIQ DAG for its scalability and performance, as well as its coordination with our trusted identity management system. This enabled us to extend our identity and access management to include our unstructured data. We’ve been impressed with the service and support we received from Micro Focus (now OpenText), especially around ensuring that DAG meets our specific requirements. We’ve been working with the DAG components for over ten years now and continue to reap the benefits as our data governance policies evolve over time.”