Business Issues Channels Enterprise Services SME Technology
Module Header
Craig WentworthMWD Advisors
Craig Wentworth
16th April - Egnyte the blue touchpaper...
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - Managed Print Services: Are SMBs Ready?
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - The Managed Print Services (MPS) Opportunity for SMBs
Simon HollowayThe Holloway Angle
Simon Holloway
11th April - Intellinote - capture anything!
David NorfolkThe Norfolk Punt
David Norfolk
11th April - On the road to Morocco


The Keys to the Kingdom
Andy Hayler By: Andy Hayler, CEO, The Information Difference
Published: 23rd December 2010
Copyright The Information Difference © 2010
Logo for The Information Difference

Data governance is a broad area, and is getting a lot of attention at present due to its importance in master data management, where business ownership of data is key. However, a data governance program usually extends beyond master data to cover the policies around access to data, as well as the rules for archiving data. This is perhaps not the sexiest of areas, but nonetheless one which requires significant effort, and attention on it is gaining a higher profile in the light of government compliance legislation enacted in the last few years that companies have to address. 

While a lot of attention is paid to structured data, a high proportion (80% according to Gartner) of the data that is managed in an organization these days in unstructured, and yet this data can contain sensitive information. The use of file sharing tools like SharePoint is widespread, quite apart from the vast number of files created by applications such as Excel, yet security and control permissions for this type of unstructured data is frequently not well addressed. For example, some folders and sites have global access (e.g. the “everyone group”) as their default settings, so it is commonplace for surprisingly large numbers of people to have access to documents that in fact contain sensitive data.

One company that is tackling this issue is Varonis, who provide software that enables companies to take better control of the situation. Their software draws on user group information from sources such as Active Directory and LDAP, enables the discovery of access permissions (on file systems, SharePoint, NAS Devices and Exchange) and activity, and then the control of it. Administrators can decide which data in their organisation is sensitive, and Varonis can then point out which datasets contain this information and who has access to it. The software prioritises for the customer which areas to tackle first based on their own assessment of data sensitivity, rather than just producing massive audit logs. 

In a late 2010 survey on data governance by The Information Difference just 20% of 134 participant companies claimed to be confident about who can update their critical business data, which is a troubling figure. Consequently it is not hard to see that Varonis are tackling a market with some real issues. They now have approaching 1,000 customers, including well-known names such as Juniper Networks and Conde Nast. In one example Baillie Gifford, an Edinburgh-based fund manager, used the software to improve the access management to their 250 servers and 30 Tb of data. They had a team of ten people managing access and permissions, but with their data doubling in size every year they needed something more than audit logs, and after a successful implementation are now confident that their key data is under control, and has significantly improved their confidence in their risk management, a major issues in a regulated industry such as investment management.

Solutions such as Varonis would appear to have a bright future as more companies begin to realise the need to improve their data governance. Access permissions are but one aspect of data governance, but I expect to see many more examples of products coming to market that address the need for companies to establish and manage data governance policies.


Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761