sb-au logo
Story image

SailPoint: Identity’s role in data security and compliance

28 Feb 2019

Article by SailPoint CEO and co-founder Mark McClain

In the wake of GDPR, there’s been increased global interest in regulations that address how sensitive identity information is managed and protected.

Government agencies, especially, have been under the pump, going through reviews and implementing security strategies.

Enterprises have faced similar scrutiny for quite some time as they seek to comply with new regulations and protect their own sensitive data, along with who has access to it and what they’re doing with that access.

This is all the more critical given the target that hackers continue to place on users and their access to important systems and data.

One compromised user account grants a hacker immediate access to the business.

So, there are two issues that enterprises now face – the regulatory environment, and the fact that the way enterprises used to protect themselves is clearly no longer enough.

This is the case because the network perimeter has dissipated, with employees no longer working within the four walls of corporate buildings, applications moving to the cloud and data being stored outside of corporate firewalls.

Therefore, simply putting a perimeter around the network cannot effectively protect all of an enterprise’s users and their access to business applications and data.

Further complicating things, data has exploded within organisations today, and it’s on the move.

The vast majority of this data has gone from being secured and stored in structured applications within data centres to applications in the cloud, where it is largely unprotected.

For example, when an accountant exports financial documents from an internal application and then uploads those files to Dropbox (or another file sharing application) to access while travelling for work, all of a sudden, this sensitive data is living outside of the traditional network perimeter, which exposes it to a would-be hacker.

As compliance regulations continue to grow more commonplace and both the IT and threat landscapes evolve, organisations must also evolve their methods of data protection to keep pace.

Knowing this, how can organisations govern and secure their sensitive data from exposure?

Rather than reinventing the wheel, organisations need only extend their existing identity governance strategies to include how they govern access to data stored in files.

Doing so will provide much-needed visibility into where sensitive data resides, who is accessing it and what they’re doing with that access.

As a result, organisations will not only be able to better secure their sensitive data but also reduce their exposure and thus, improve their security posture overall.

Today’s IT environment is growing more and more complex, particularly as organisations embrace digital transformation.

Now, enterprises have more users, applications and data than ever before, and each part is interconnected.

There are employees, contractors, partners, and now even software bots, accessing cloud and on-premises applications and massive amounts of data.

Each of these new frontiers – users, applications and data – must be addressed with a comprehensive identity governance strategy to truly secure the enterprise and stay in compliance with global regulations.

Ultimately, this will put organisations in a better position to protect sensitive data and comply with regulations and government reviews.

Rather than feeling defeated, organisations should view compliance mandates as an opportunity for them to improve their security stance, provide better service to customers, and strengthen relationships with business partners.

Since broader reviews and new regulations are likely to continue unabated in today’s digital world, organisations need to get ahead of the game when it comes to protecting sensitive data with identity governance.

Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More
Story image
emt Distribution brings Netsparker security solutions to A/NZ and APAC market
emt Distribution has announced it will bring enterprise-level Netsparker dynamic application security testing solution to Australia, New Zealand and APAC businesses.More
Story image
Acronis accelerates growth plans with CyberLynx acquisition
"Acquiring these capabilities will advance Acronis' mission to deliver world-class cyber protection to organisations around the world."More
Story image
40% of free VPN apps found to leak data
81.4 million users who downloaded free VPNs could be putting themselves at risk.More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
Video: 10 Minute IT Jams - Bitglass director on all things SASE
This is our second IT Jam with both Bitglass and Jonathan Andresen, who is the company's senior director of marketing. In this video, Jonathan discusses all things related to Secure Access Service Edge (SASE): its advantages over traditional security tech, what enterprises should look for, and how SASE relates to cloud-delivered secure web gateways.More