Story image

SailPoint: Identity’s role in data security and compliance

28 Feb 2019

Article by SailPoint CEO and co-founder Mark McClain

In the wake of GDPR, there’s been increased global interest in regulations that address how sensitive identity information is managed and protected.

Government agencies, especially, have been under the pump, going through reviews and implementing security strategies.

Enterprises have faced similar scrutiny for quite some time as they seek to comply with new regulations and protect their own sensitive data, along with who has access to it and what they’re doing with that access.

This is all the more critical given the target that hackers continue to place on users and their access to important systems and data.

One compromised user account grants a hacker immediate access to the business.

So, there are two issues that enterprises now face – the regulatory environment, and the fact that the way enterprises used to protect themselves is clearly no longer enough.

This is the case because the network perimeter has dissipated, with employees no longer working within the four walls of corporate buildings, applications moving to the cloud and data being stored outside of corporate firewalls.

Therefore, simply putting a perimeter around the network cannot effectively protect all of an enterprise’s users and their access to business applications and data.

Further complicating things, data has exploded within organisations today, and it’s on the move.

The vast majority of this data has gone from being secured and stored in structured applications within data centres to applications in the cloud, where it is largely unprotected.

For example, when an accountant exports financial documents from an internal application and then uploads those files to Dropbox (or another file sharing application) to access while travelling for work, all of a sudden, this sensitive data is living outside of the traditional network perimeter, which exposes it to a would-be hacker.

As compliance regulations continue to grow more commonplace and both the IT and threat landscapes evolve, organisations must also evolve their methods of data protection to keep pace.

Knowing this, how can organisations govern and secure their sensitive data from exposure?

Rather than reinventing the wheel, organisations need only extend their existing identity governance strategies to include how they govern access to data stored in files.

Doing so will provide much-needed visibility into where sensitive data resides, who is accessing it and what they’re doing with that access.

As a result, organisations will not only be able to better secure their sensitive data but also reduce their exposure and thus, improve their security posture overall.

Today’s IT environment is growing more and more complex, particularly as organisations embrace digital transformation.

Now, enterprises have more users, applications and data than ever before, and each part is interconnected.

There are employees, contractors, partners, and now even software bots, accessing cloud and on-premises applications and massive amounts of data.

Each of these new frontiers – users, applications and data – must be addressed with a comprehensive identity governance strategy to truly secure the enterprise and stay in compliance with global regulations.

Ultimately, this will put organisations in a better position to protect sensitive data and comply with regulations and government reviews.

Rather than feeling defeated, organisations should view compliance mandates as an opportunity for them to improve their security stance, provide better service to customers, and strengthen relationships with business partners.

Since broader reviews and new regulations are likely to continue unabated in today’s digital world, organisations need to get ahead of the game when it comes to protecting sensitive data with identity governance.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.