Data Access Governance
Have you seen your data lately? In the typical organization, cloud storage, social media, file-sharing services, SaaS applications, connected devices and more generate terabytes of data and hundreds of thousands of files. Most organizations don’t closely manage data access beyond their core business systems, despite the risks and costly consequences. Burwood Group’s Data Access Governance (DAG) services equip you with the right tools and processes to strengthen protection of valuable information assets.
DAG is a set of controls, tools, and process to help you identify sensitive data and ensure proper control. Sensitive data can include anything from customer records and employee data to trade secrets and business plans—and you might not be aware of where it is stored or whether it is secure. Areas of high risk include unstructured data from file sharing applications and cloud storage, and “shadow IT” SaaS applications.
From program initiation and inventory to governance policy, process and tools, our expertise can guide your DAG program. Our DAG services are based on Varonis, a best-of-breed platform encompassing tools for discovery and management of sensitive data; governance access; monitoring and threat detection and reporting. Through Varonis, we also can provide data-access audit trails for compliance with GDPR, PCI-DSS, HIPAA, GLBA, FERPA, NERC and other requirements.
We help you define owners for your data repositories and establish appropriate controls and permissions. Our governance experts collaborate with you to develop standards for cloud storage and file sharing across your organization, and help train your data owners in secure data management practices. We can help you manage SaaS application risks through a risk assessment process and security strategies. Our best practices include identifying a functional owner for every SaaS application, and creating access controls, such as an automated access request portal that enables users to easily request access to data assets.