File Governance Evolves as Markets Expand and Converge

When it comes to securing and managing data, it’s time to Level Up! While this is surely a true statement for most organisations, it is also a truth for the markets that are evolving as well as vendors that are working to provide the solutions to make it possible. I am a long-time occupant of two worlds, the world of Identity and Access Management (IAM) and the world of unstructured data, so this evolution has been engaging.

Micro Focus (through Novell) is a founding father of IAM with DirXML and that leadership continues today with the Identity Management and Identity Governance products in the expanding market of Identity Governance and Administration (IGA).

Over most of that time, Micro Focus File Governance products such as File Dynamics have led the market in extending IAM processes to include policy-driven lifecycle management of unstructured data. As other vendors in the IAM market neglected to include data in their purview, for many organisations, the management of data, including the security of it, was relegated to the Data Center or general IT services teams, which had little knowledge of identity concepts such as role and entitlement management.

Not very long ago, analyst firms such as Gartner identified the need for a formal market for File Analysis after recognising that unstructured data represents the vast majority of the storage landscape for most organisations, in the neighbourhood of 80% in fact. Gartner’s market definition involves 4 pillars:

  • Efficiency and Optimisation
  • Governance/Policy Management
  • Risk Mitigation
  • Analytics

The initial drive for File Analysis was due in no small part to the burden of data growth, but due also to the number of high-profile data breaches making their way into the news. It was an aha moment, where people seemed to wake up to the fact that they better start concerning themselves with this data. Governments started getting into the game as well with regulations such as GDPR and CCPA, just to name two. There was a rush to be able to index the data and look for things that might be problematic such as PII, PCI, or PHI lurking out there in the files. The focus was almost exclusively on data content. But that is just part of the story.

The unstructured data being created and maintained in an organisation every day does not always involve the “PII”-type things that involve compliance concerns, such as personnel, patient, or customer data. It involves the things that are critical to the business such as current litigation, research, M&A information, revenue forecasts, strategy, business proposals, competitive intelligence, product design, or intellectual property information. This type of information is truly the lifeblood of an organisation and is the main “stuff” of unstructured data; the stuff you should care about greatly.

Getting It Right

As we think about that, a basic truth emerges. The right people having the right access to the right data in the right place at the right time is critical to the success of an organisation. Get all that right and you have an organisation equipped for accomplishment. Get one of those wrong and you have fertile ground for a data breach, shadow IT becoming entrenched, and audit/compliance failures; not to mention inefficiencies which can be a death knell for organisations in competitive markets.

I’ll say it again: The right people having the right access to the right data in the right place at the right time is critical. Cue the second aha moment. That sounds much like what the IAM/IGA market has been saying about systems and applications for almost two decades. Guess what? As it turns out it all comes back to people! In other words, identity, role assignments, and entitlements. Managing all of that effectively to achieve security and risk goals. History, inevitably, repeats itself.

As a result, Data Access Governance (DAG) was born, which:

  • Provides visibility and mapping for how data, location, access structure, roles, and users are related.
  • Allows Data Owners in the line-of-business to better understand how their data is being accessed and protected.
  • Monitors and applies role-based policies to govern access control to high-value data at rest.
  • Reduces the problem scope of compliance and gives higher confidence for appropriate data access.
  • Streamlines efficiencies for the organisation.

It should come as no surprise that the IAM/IGA market is expanding to include DAG since today’s transformed business includes unified management of people, applications, and data. It should not be unexpected that the File Analysis market has expanded beyond content analysis to include security of the data, and that includes DAG.

Micro Focus File Governance

Finally, it should come as no surprise to those that know Micro Focus to recognise that it is not only engaged in this convergence but is at the forefront of it. The File Governance products have long been at the crossroads of Identity and Unstructured Data, long before File Analysis was a thing or DAG was recognised.

The latest versions of File Reporter and File Dynamics work in concert with Identity Manager and Identity Governance to create DAG and continue their longstanding mission of data governance. In fact, this unification is just part of the real-world use cases driving the evolution of File Governance. Example use case titles include:

  • Understanding Your Data and the Security of It
  • Reducing Data Footprint…and Exposure
  • Implementing Data Access Governance
  • Applying Active Data Governance Directly to Data
  • Engaging Line-of-Business Data Owners in Data Management
  • Enabling Large Scale Data Operations
  • Extending IAM with Lifecycle Automation

Forthcoming versions of these products as well as their contributions to other offerings from Micro Focus will build upon this foundation to enable the journey to organisational security and risk transformation.

The drive for customers to have their own aha moment and Level-Up is clear as today’s successful organisations are acting with the recognition that:

  • Successful data stewardship is no longer a nice-to-have. It is critical.
  • Control of data growth is critical not only to CapEx expenditures but to risk mitigation and compliance.
  • Effective Identity Governance and Administration includes both applications and data.
  • Providing a framework to involve Line-of-Business is key.

We look forward to making that journey with you.

Leave a Reply