Combating Data Governance Challenges at 100K+ Employee Healthcare Organization
Data Access Governance Programs
There are dozens of top-notch data access governance tools on the market. Vendors like Varonis, StealthBits and SailPoint are leading the channel with highly capable solutions.
With all these tools available, how is it that many organizations struggle to grow their data governance programs?
We will review the challenges of one 100K+ employee healthcare organization. This organization was using StealthBits as their data access governance tool. They had performed the scans across various key systems in their network and the volume of sensitive data permissions to get a handle on was immense. It included millions of file shares.
Key Challenge #1: How to Get Started
When the magnitude of data access to review is in the millions, knowing where to start is a true challenge. The technical capabilities are there, but how do the administrations of the tool know where to get started?
At the healthcare organization, a physician took some patient image data and sent it to his google account so he could review it at home. This act was most definitely without malicious intent, but technically this is breaking a cardinal data access governance policy; don’t take sensitive data out of the network.
When working with physicians, there is a high risk of removing data that they need. Doing so could impact patient care. In other verticals this same issue applies, where enforcement of a data access governance policy could impede productivity.
Key Challenge #2: How to Enforce Data Access Governance Policies Without Impacting Productivity
If organizations can solve these challenges, they will have a highly successful data access governance program that significantly improves their organization’s security posture. So how do you address these issues as an IT leader?
In the scenario above, the CIO of the organization made the decision that they can’t enforce their data governance policies on physicians at the risk of impacting patient care. The technology is there (and in a couple of configurations this sensitive data could be removed) but creating efficient governance policies include accounting for other aspects of business. There must be a balance.
The best method of balancing your policy is best summarized by “the journey of a thousand miles begins with one step.”
The reality of the situation is the mountain of data needs to be systematically worked through. Policies need to be enforced but they also need to come with excellent communication. Resources need to be available to train teams and assist when priority issues arise. Once a culture of data access governance has been created, it will become self-reinforcing.
GCA’s data access governance team is here to help organizations like yours walk through the creation of your governance program, one step at a time. Schedule a workshop call with us today to spend 15-minutes learning how we can help.