sb-eu logo
Story image

SailPoint: Identity’s role in data security and compliance

28 Feb 2019

Article by SailPoint CEO and co-founder Mark McClain

In the wake of GDPR, there’s been increased global interest in regulations that address how sensitive identity information is managed and protected.

Government agencies, especially, have been under the pump, going through reviews and implementing security strategies.

Enterprises have faced similar scrutiny for quite some time as they seek to comply with new regulations and protect their own sensitive data, along with who has access to it and what they’re doing with that access.

This is all the more critical given the target that hackers continue to place on users and their access to important systems and data.

One compromised user account grants a hacker immediate access to the business.

So, there are two issues that enterprises now face – the regulatory environment, and the fact that the way enterprises used to protect themselves is clearly no longer enough.

This is the case because the network perimeter has dissipated, with employees no longer working within the four walls of corporate buildings, applications moving to the cloud and data being stored outside of corporate firewalls.

Therefore, simply putting a perimeter around the network cannot effectively protect all of an enterprise’s users and their access to business applications and data.

Further complicating things, data has exploded within organisations today, and it’s on the move.

The vast majority of this data has gone from being secured and stored in structured applications within data centres to applications in the cloud, where it is largely unprotected.

For example, when an accountant exports financial documents from an internal application and then uploads those files to Dropbox (or another file sharing application) to access while travelling for work, all of a sudden, this sensitive data is living outside of the traditional network perimeter, which exposes it to a would-be hacker.

As compliance regulations continue to grow more commonplace and both the IT and threat landscapes evolve, organisations must also evolve their methods of data protection to keep pace.

Knowing this, how can organisations govern and secure their sensitive data from exposure?

Rather than reinventing the wheel, organisations need only extend their existing identity governance strategies to include how they govern access to data stored in files.

Doing so will provide much-needed visibility into where sensitive data resides, who is accessing it and what they’re doing with that access.

As a result, organisations will not only be able to better secure their sensitive data but also reduce their exposure and thus, improve their security posture overall.

Today’s IT environment is growing more and more complex, particularly as organisations embrace digital transformation.

Now, enterprises have more users, applications and data than ever before, and each part is interconnected.

There are employees, contractors, partners, and now even software bots, accessing cloud and on-premises applications and massive amounts of data.

Each of these new frontiers – users, applications and data – must be addressed with a comprehensive identity governance strategy to truly secure the enterprise and stay in compliance with global regulations.

Ultimately, this will put organisations in a better position to protect sensitive data and comply with regulations and government reviews.

Rather than feeling defeated, organisations should view compliance mandates as an opportunity for them to improve their security stance, provide better service to customers, and strengthen relationships with business partners.

Since broader reviews and new regulations are likely to continue unabated in today’s digital world, organisations need to get ahead of the game when it comes to protecting sensitive data with identity governance.

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Bring Your Own PC security to transform businesses within five years - Gartner
“Prior to the COVID-19 pandemic, there was little interest in BYOPC."More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More