Our series of articles examines the risks of sharing files through OneDrive or Teams and offers advice on how to ensure information security without limiting collaboration. The second article will analyze the challenges of IT administrators in adjusting or maintaining access rights and propose a potential solution for CISOs through implementing Data Access Governance. This will be demonstrated using a specific example to showcase the ease of implementation without compromising employee collaboration.
TABLE OF CONTENTS |
We recommend reading the first article in case you have missed it.
The issue of oversharing content is prevalent in various organizations. Even though the users have good intentions, they tend to share content with a wider audience, leading to unauthorized access to the content. As hybrid work and external collaboration become critical business themes, the oversharing problem is becoming more significant.
Administrators can restrict access in OneDrive or Teams, so that users are not allowed to share files with people outside the organization. And they can generally limit the options users have to share data within the organization. So, where is the problem? Simply spoken, this leads to over-restricting security measures. These limitation does not work on file or folder level. They don't consider the needs of the users to share files individually on a far more granular way. And as users tend to overcome such general barriers, they will start to collaborate using other processes or tools, which will probably decrease you overall security posture - something you want to prevent at all costs.
One effective approach to preventing this issue is to establish file sharing policies at the level of individual files and folders. And it’s obvious that this leads to a far more complex environment and can't be managed by IT administrators anymore. Not only because of the workload they already have but also because of the lack of knowledge about the context, the data inside these files. It is not within their scope of responsibility to determine the appropriate classification level for data or to understand the rationale behind granting access to specific individuals or groups. The data owner is the only one with the authority to provide accurate information. The person which originally created the document or holds responsibility for the content (for example, the manager of a department).
Data Access Governance (DAG) is considered the most effective approach to ensuring compliance and data security. Data owners must be empowered to share their files with specific individuals and groups as necessary, while still adhering to the security standards of the organization.
The security standards for the company are centrally configured and updated by IT administrators. But it is the group of data owners who recognize if there is a security violation and adjust the sharing permissions, in most of the cases. It is necessary for them to have the ability to document changes in permissions and provide reasons for those changes. With this implementation, collaborating securely on files and folders will become effortless and compliance can be consistently achieved. To ensure policies are secure enough, it's important to involve both IT administrators and data owners in the decision-making process. Relying solely on administrators to monitor compliance can result in overly broad policies and unnecessary burden. A collaborative approach is necessary. Let's explore how this can be accomplished practically.
To ensure that Data Access Governance is implemented in a practical and secure way, there are several key aspects that need to be considered:
Data access governance is essential for ensuring that organizations can protect sensitive data and remain compliant with security policies. By empowering data owners to share files securely, organizations can ensure that their documents are not shared with unauthorized people or groups. An automated process for monitoring and revoking access rights as needed helps organizations stay up to date on who has access to their data and act quickly if something goes wrong.
Protecting important data can be a daunting task for IT administrators, who often find themselves lost in complexity, with too little knowledge of the content they must protect. And while Microsoft 365 provides some assistance in setting limits on sharing content, it does not entirely meet the user's needs for regulating access to individual files and folders.
DriveLock 365 Access Control provides an effective solution for achieving Data Access Governance, ensuring the security of your sensitive data. DriveLock's data owner centric approach simplifies the process for IT administrators compared to other solutions.