1 Introduction
Over the past decade, solutions for Access Governance or IGA (Identity Governance & Administration) have been implemented in many organizations, particularly in regulated industries. Unfortunately, while IGA helps in setting up and enforcing a cross-system management of identities and their access, it is limited with respect to the insight and control it provides for more complex target systems. These systems include e.g. file servers, mainframes, and business applications. Factually, a very significant portion of critical corporate data resides in what commonly is named “unstructured data stores” – data, that is frequently highly critical and sensitive, such as intellectual property or PII.
Solutions supporting administrators of such environments, e.g. Windows administrators or SharePoint administrators, commonly are too technical and specialized on a single environment. In addition, unstructured data sprawls across a variety of different systems, making it difficult to track and manage. While specialized administrative tools for such environments exist, they do not provide sufficient oversight to how access should be granted and rarely facilitate the ongoing compliance and lifecycle management needs of the business.
Another important consideration is that business users and managers don’t want to use different, non-integrated toolsets for tasks such as requesting access to different IT systems – e.g., one for SAP, one for file shares, and one for Microsoft SharePoint. Managers also don’t want to use distinct tools for approving such requests or reviewing access. While there are specific requirements due to the unique characteristics of each target system environment, the goal should be to insulate the business from the underlying complexity of disparate IT environments. This calls for a comprehensive approach to governing access to all applications and all data (structured and unstructured).
Assuming you have IGA tools and processes in place for your applications, the first step on this journey is identifying and evaluating the concrete risks for unstructured data. This requires identifying where sensitive or critical data is held and understanding what are the risks of leaking or losing that data? Understanding the risks is the first step towards mitigating these risks.
Based on such analysis, adequate tools must be identified. Which capabilities are delivered by the existing toolset? Which additional capabilities are required? How can existing and new tools become integrated in a manner that meets the expectations of business users?
SailPoint has developed a solution which provides a comprehensive approach to governing access to all applications and data, both structured and unstructured. This approach simplifies life for business users, while improving the risk and security posture of the enterprise.