It is essential to ensure that business information is accessible only to those who have a “business” reason to do so

Data Governance is one of the most important initiatives in today’s IT, as it involves people, processes, and procedures, in its aim to provide a comprehensive overview of unstructured data residing on company systems that will:

– Give access only to those who need the data to perform their business duties;
– Reduce the risk of inappropriate file access;
– Increase the security of the data.

Data Governance and its reason for existing is clear:
To ensure that information residing on IT systems (such as File Systems, Document Management Systems, etc.) is accessible only to those who have a “business” reason to do so, and is in line with their role in the organization. It automatically provides assurance that “the right information will be accessible to the right people”. Thanks to Data Governance, it will be easier to be compliant to many of today’s laws and regulations.


    Introducing a data access management system in an organization depends heavily on how you intend to justify it. There is usually a big difference between the type of access that is normally required, and the actual access.
    Why is this happening?
    Who is responsible for this?
    There is no real culprit. Over the years, the focus in the development of many IT tools has always been over their functionality, that is, how they manage data, and not on how to govern access to the data they manage.
    Most software is not developed with the intent to provide a clear view of whom has the appropriate access. The attention of software manufacturers has been focused on, and limited to, “providing” access rather than developing control functions over accessed data.
    In the first decade of the 2000s, many Identity & Access Management solutions were developed. Their main aim was to simplify the provisioning and de-provisioning of accounts on systems and applications. IAM solutions automated the task of system administrators, responsible for manually creating and/or removing accounts, by enabling or disabling accounts simultaneously on a variety of IT systems.
    The main problem with IAM systems is that they are limited to managing access to data, not governing access to it; whomever manages the accounts (system administrator) is not the one who decides on the criteria needed for managing them. This is the responsibility of business. In other words, it is a department head that knows what type of access an employee needs in order to perform his task, not the system administrator.
    Around 2010, Access Governance tools began to spread, which, in contrast to Identity Management tools, gave business a comprehensive and detailed view of all entitlements by assigning “business friendly” names to them, and making requesting/revoking entitlements very comprehensible to business.
    Access Governance, however, is designed to retrieve and analyze account data from “structured applications,” such as ERPs or most common applications, which provide Access Governance software detailed information on the attributes of profiles, such as entitlements, rights, and constraints. Access Governance software is useful for transferring ownership of “the right to access” from IT to business. Furthermore, it is “agentless”, that is, profile data is collected directly from target systems without further processing, because already structured through structured applications.
    This is not applicable to certain software where the “user-data” relationship is not so structured and defined, such as File Servers or Document Management Systems. In this case, we need to resort to specific “agents” that are installed on the systems whose access and data we need to govern. These agents scout and collect data locally, and pass the information to a Data Governance software, where unstructured data is analyzed and can be governed.


    *** DA TRADURRE *** Virtualmente, tutti i tentativi di affrontare il governo dei dati di un File Server hanno avuto successi parziali o nulli dal momento che le soluzioni proposte erano fondamentalmente statiche, mentre il problema cambiava continuamente.

    Tuttalpiù alcuni risultati discreti si basavano su “fotografie istantanee” ma erano informazioni destinate ad essere modificate l’istante successivo.
    Una soluzione reale richiede quindi un metodo dinamico per:

    • Esaminare i permessi degli utenti e dei gruppi verso i dati
    • Determinare accuratamente, tramite tracciatura, come tali permessi sono stati dati
    • Visualizzare i permessi di utenti e gruppi alle cartelle
    • Rivedere le attività sui dati eseguite da utenti e gruppi
    • Suggerire cambiamenti di abilitazioni
    • Determinare l’impatto sul business che i cambiamenti potrebbero arrecare prima di eseguirli realmente

    Oggi, le soluzioni di DATA GOVERNANCE offrono un modo nuovo di realizzare le funzionalità appena elencate. Le organizzazioni possono quindi vedere istantaneamente i permessi di utenti e gruppi sulle cartelle o viceversa quali cartelle sono accedibili da chi, agevolare analisi da parte dell’IT o dell’helpdesk sui permessi attuali o sulle richieste di ottenerne di nuovi, identificare l’attuale proprietario del dato ed aiutare in modo insostituibile le persone incaricate di fronteggiare gli auditor.

Download Data Governance Paperwhite

Net Studio - Data Governance (343.4 KiB)