Data Governance Moves up the Agenda

Michael Vizard

From the perspective of an IT manager, end users are always in a state of rebellion. But with the advent of Web 2.0 applications and the rise of employee-owned devices in the enterprise, the rebels are winning.

Of course, IT managers will naturally want to ramp up compliance and security to try to keep everybody in line. But as we all know, productivity usually trumps those issues, so the question is where can IT find another line of defense to at least secure the data that people access on all kinds of applications and devices?

Raphael Reich, senior director of marketing for Varonis Systems, a provider of data governance software, thinks these trends are going to force companies to get more serious about protecting data. That means, he says, on the one hand identifying and protecting sensitive data, and then making sure business users know it's their responsibility to determine who should have access to it.

After all, Reich notes, it's unreasonable to expect IT organizations to know which data is important to the business. Most IT people will never be able to identify sensitive corporate information largely because there is just too much information floating around the system. The best IT can do, says Reich, is identify who owns that data and advise them about how to secure it.

Of course, the people who own the data are the same people that want to access it using any application and device they please. So the real challenge for 2010 will be finding a middle ground when it comes to securely accessing data that everybody can live with.

Add Comment      Leave a comment on this blog post
Jan 7, 2010 12:34 PM Rob Marano Rob Marano  says:


Your blog post is right on target, and Mr. Reich of Varonis has portrayed one very important part of document assurance appropriately, and that is classification and end-user responsibility to the assurance equation!

I'd like to introduce to you the "InDorse approach" which we have worked to pioneer since 2006: the convergence of document inventory, usage, policy, and enforcement - this all done automatically, transparently, and unobtrusively.  An approach such as this ensures that company data, especially the sensitive one whose definition changes with time, are used in an appropriate manner while end-users leverage the productivity advantages of Web/Enterprise 2.0.  Our customers have used our solutions to assure not only documents, spreadsheets, presentation, but also multimedia, and CAD drawings - with no end-user retraining or extra-hoops to remember through which to jump.

What is key for the majority of today's companies is to not retrain their knowledge workers and those of their partners.  As more of their IT moves towards Web/Enterprise 2.0 using SharePoint, for example, more and more sensitive documents become scattered about multiple endpoints and unauthorized users, thus introducing risks of data loss - either accidental or malicious. The more "traditional" DLP solutions require users to "do" or install something extra or be stopped from using certain Web 2.0 tools to complete their work.  Users are fairly predictable and creative - put in extra, non-functional steps to completing their tasks, and a rewarding bet would be they would find ways around it, thus defeating the assurance measures in the first place.

A balance needs to be struck, and that would be to give the organization the ability to provide more and more Web/Enterprise 2.0 facilities to complete work on sensitive data while not requiring users to "remember" to do something to ensure the security assurance.  I term this as "tuning security to convenience to governance."

We at InDorse with our customers have titrated those basic facilities into our signature calling card: real-time file inventory across all file repositories; classification on usage, content, context, and location; real-time policy determination; real-time policy enforcement coordinated with the right DRM engine; embed both visible and invisible company tags into the file; and real-time monitoring of file usage no matter where the file travels sans endpoint software installation.  Once the files are used, the organization knows the "411" on tagged files in a manner like Google Analytics reports on web site usage.  Some "InDorsed" files have "911" capabilities, that is, "pull" entitlements when the context would not allow it.  This is the InDorse "context assurance advantage," and boils down to enabling users to get their job done while assuring security and risk mitigation for their companies.  With company boundaries moving beyond the traditional four walls or VPN perimeter, "context assurance advantage" enables Internet technologies to remain ever-increasing productivity tools while assuring company policies are met - anywhere and anytime "on the Internet."

I believe 2010 will be the year of context-oriented document assurance as the next wave of DLP, as portrayed by Forrester, The 451 Group, The Burton Group, and EMA.

Happy New Year, and I look forward to more of your blog posts.

Kind regards,



Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.