Jack of all Trades, Master of Data & Access Governance

Jack of all Trades, Master of Data & Access Governance

You’ve heard it before – that nagging phrase that makes you feel like you’re underachieving or stretching yourself too thin: Jack of all trades, Master of none. Yet, in today’s world of click-happy multi-tasking, that phrase is ringing less and less true. To be effective, the demand within organizations now seems to be for Jacks of all trades, people who can wear multiple hats in order to obtain a complete picture.

Perhaps nowhere is this more obvious than within the IT Governance space. While there are certainly distinctions among and separations between administrative teams within IT (and for good reason!), the team responsible for an organization’s governance and security program needs to be able to access and leverage all of those individual teams and their technologies to truly determine security and compliance levels, and curb potential threats.

While it makes perfect sense to have, for instance, an Exchange team managing Mailboxes or a Collaboration team managing SharePoint from a functional and administrative perspective, security management often requires a “grey area” to ensure governance at the intersection of these teams’ endeavors. For instance, if a company is undergoing a Public Folder retirement campaign in preparation for a migration to SharePoint, the Governance team plays a crucial role in answering questions like:

  1. Are any of the PF’s open to security threats (excessive permissions, sensitive data with improper access assignments, etc.)?
  2. Are those threats the result of effective access?
  3. Who owns the PF, and are they aware of the people it’s available to?
  4. Are the folders being migrated to SharePoint locked down as tight as possible, even when considering effective access?

And that’s just one scenario. With IT departments often composed of dozens of teams – one or more for each critical area of the enterprise – it’s no wonder that Data & Access Governance and Security folks have a tough time gaining the kind of cross-disciplinary insight needed to say with confidence: “Yes, my environment is compliant and secure.”

The ability to have insight into security at all levels and across all resources – from Exchange to SharePoint, Active Directory, the file system, SQL, NetApp Storage Controllers, Windows Servers, and even into mobility applications like BES—is critical for anyone brave enough to wear the Security and Compliance Hat. The thing to remember, though, is that IT Governance Teams are still evolving and expanding to address security issues as folders move from Exchange to SharePoint (as above), and usually require the individual Exchange or SharePoint administrators to take on a governance role.

So, to all the Jacks of all Governance trades out there, remember the original (and long-forgotten) addendum to the “Jack of all Trades” phrase:

“Jack of all trades, master of none, Though oftentimes better than master of one.”

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.