“At the same Gartner event last year, we polled attendees on their readiness to comply with GDPR,” said Kevin Cunningham, Chief Strategy Officer and Co-founder for SailPoint. “As part of that discussion, we informally asked attendees about governing access to files and found that about 40 percent viewed that as part of their identity governance strategy, so this year’s increase to 65 percent is significant. It’s great to see that we’re trending upwards as more organizations understand the importance of governing access to all applications and all data, no matter where that data lives in their infrastructure. Especially in Europe, as these same organizations spent the last year developing a strategy for GDPR compliance, I think they quickly realized that governing access to files was critical to their identity strategy.”
The risks associated with data stored in files like documents, spreadsheets, presentations and PDFs are significant. The vast majority of this data is created, extracted or downloaded by individual employees and is stored and shared from a variety of locations, often outside the purview of the IT department. Failure to secure this sensitive data stored in files not only increases the number of exposure points in the event of a data breach, but it also increases regulatory risk.
New privacy regulations, including GDPR that goes into effect in May 2018, have introduced stringent requirements for handling personal data and established harsh penalties for failure to adequately secure it. For example, if an employee downloads a document containing customers’ personally identifiable information (PII) from a sales tool and emails that document to a colleague, that PII now exists outside of a protected structured system – a system that usually lives behind the corporate firewall with strong security and identity controls in place –exposing the enterprise to risk and violating regulations like GDPR.
“At SailPoint, we work with mid-market and large enterprises, and protecting sensitive data stored in files is a top priority for our customers. The most effective way to protect this data is to govern access to it,” said Paul Trulove, Senior Vice President of SecurityIQ. “Identity teams have quickly realized that doing so improves security and ensures compliance with regulations like GDPR. Enterprises need to govern all digital identities, across all applications and data., and they cannot afford to leave data out of their identity programs. This week’s survey confirms that IT leaders realize that.”
