Effective Data Governance With BigID

As business continues to create data at a dizzying rate (2,000,000,000,000,000,000 bytes per day, according to ITChronicle) , the risks associated with that data continue to increase. A 2021 SAP blog observed that data could be the new uranium, rather than the new oil – “equal parts toxic liability and super-powerful asset fuel.”

Effective data governance has always been good business practice. Now, with increasing privacy regulation, escalating cyber threats and data’s growing importance as one of the most valuable business assets, data governance has become a key tool in minimizing the risk and maximizing the value of this ‘new uranium’.

Strong data security starts with effective data governance

Chief Information Security Officers (CISOs) often share their two major data security concerns that keep them awake at night – sensitive data on unprotected data shares, and the more fundamental worry of not knowing exactly where all their sensitive data is at any point in time.

These are essentially concerns that can be addressed through improved data governance. Specific data security measures, from role-based access control to firewalls, are important in themselves, but they all rely on a foundation of strong data governance.

The data governance mission grows and becomes more complex as an ever-expanding pool of business data is spread across an ever-wider range of technologies, end-user devices and architectures, and spends more and more time flowing between them.

Detecting when a sensitive data item is moved to a cloud archive, or copied to an open share, becomes an increasing challenge. Data loss prevention (DLP) and other technologies can only help if there is sufficient control over the data to know how and where to deploy them.

Data governance with BigID delivers the foundation for data security

BigID offers capabilities that address the big CISO concerns and provide an essential foundation for effective data security.

Discovery-in-depth automatically identifies and contextualizes all instances of a data item, across all sources and platforms. It can continually monitor and report unprotected instances of sensitive data across the estate, in the data pipeline and at-rest, on an ongoing basis, enabling rapid remediation and breach prevention.

BigID discovery-in-depth gives organizations an informed basis for rationalizing data estates, by identifying duplicated, redundant and dark data for removal, thus minimizing the risk of ransomware by shrinking the attack surface on an enterprise.
Where data is managed across multiple cloud and on-premise platforms, often through automated tools, BigID can highlight instances where sensitive data is being moved to an inappropriate platform.

Effective role-based access is complex to implement at a detailed level, for example where two very similar roles may need different access rights to the same data item. BigID’s context-based discovery, categorization and catalog provides a comprehensive set of metadata. Its open API enables this to be plugged directly into role-based access policy tools, enabling policies to be set against real-time streaming data.

When a data breach occurs, BigID’s breach intelligence capabilities provide a comprehensive report of all the files and data items impacted, delivering the collateral needed for a response rapidly and cost effectively, taking away the need for the labor-intensive activity of searching for records through existing lines of business systems.

These security benefits may be hard to quantify except in terms of data breach cost avoidance, but they are nevertheless real and important. A September 2021 Forrester Case Study on an organization with an established BigID deployment found that

“The protection and privacy applications within BigID helped the organization identify high-risk and vulnerable data. Armed with this information, the organization took actions to fulfill data rights requests, manage access, and protect this data, which reduced the risk of data breaches and the cost of remediation. Although the organization could not quantify this impact, it should be considered with any BigID deployment.”