Friday, November 11

Identity Solutions and Unstructured Data

Being in the space for so long, I'm always looking for ways to provide new, interesting functionality. To date, identity (IAM) solutions have no insight into the usage of unstructured data. And it would be really cool if they did.

IAM vendors have only recently begun thinking about unstructured data at all. Some have the ability to look across file system permissions and perhaps include rights information in reports along with basic user and group data. I don't think any do a great job of including a view across file system, Sharepoint, SQL Server, and Exchange Public Folders. But regardless of platform, the capability seems to stop at reporting on rights as they exist at some point in time.

The next logical step would be to watch user activity and be able to provide recommendations and reporting on usage along with permissions. Then, you could make better decisions. Think about this: IAM gives department managers the ability to manage security groups. Maybe they know what the group should access. And maybe they have some idea of what users should be in the group. But, there's no easy way to see which members of the group have exercised those rights and actually accessed the resources in question. Or even whether those resources are actually still relevant. (Have they been accessed? By who? How does that affect the concept of 'least privilege'?)

I'd love to hear your thoughts.

BTW, this isn't purely rhetorical. But, you'll have to be patient if you want more details. ;)


Matt Pollicove said...

Interesting thoughts and certainly an important thought as we need to consider more on the security / compliance side of things.

It would seem that the metadata concept of Identity is continuing to envolve. It's not only personal identifiers that the organization needs but it is also about descriptors and data that one accesses.

The problem remains one of context. The Identity and related data that I need to share for work is not what I need to log onto my favorite Social Networking site, eCommerice site, or eBill paying. In all of these scenarios the unstructured (and structured) data is different and from the provider and consumer side. BTW, what happens in B2B or P2P transactions?

To wind this up it all depends on what unstructured data in what circumstance and for what need.

I fear another framework coming on...

Paul White said...

Dear Matt,

An interesting point about an important element of IAM, which as it happens there are solutions for.

Courion provides Compliance Manager for Fileshares and SharePoint, two mature and accomplished solutions that can be employed by non-technical business users (Information Asset Owners) to audit and manage user access rights assignments to unstructured data.

The solutions work very well with Courion's Access Assurance and Provisioning technologies and can additionally be integrated with Data Loss Prevention (DLP) and Sensitive Data Management technologies to provide pro-active data risk management solution.

Matt Flynn said...

Paul, I read the Courion case study on UAM which included DLP integration ( But, there's a distinction to be made. Courion's solution doesn't seem to monitor USAGE. It can look at access rights (who has access to what) but doesn't have visibility into use (who is doing what). (correct me if I'm wrong about that)

There is a lot of value in understanding who has access, how they got it, and enabling access certification. And a number of vendors have begun offering those capabilities over the past year or so.

But, my point above is specifically that we also need to monitor user activity on unstructured data. There's a ton of additional value in understanding how people are using files and information across unstructured systems.

I'm not saying it's easy - Sharepoint, File Systems, Public Folders, etc. Unstructured data can be a beast. But, it's also extremely important. Those unmanaged systems are overflowing with sensitive information.

Paul White said...

Hi Matt,

UAM also integrates Security Incident and Event Management (SIEM) data.

There is a question in regards to how much monitoring you would actually want (would be practical) to do in regards to unstructured data?

But using SIEM with UAM would I venture, provide for pretty much all requirements anybody might have.

Charles Poulsen said...

Only a couple of weeks ago I have had a customer request this exact functionality you describe... definitely a missing piece of the puzzle.