One of the dirty little secrets of data governance is that most data governance tools can't readily be applied to unstructured data in files. So while most tools offer protection for structured data, all that unstructured data remains largely unprotected unless, of course, some data loss prevention tool happens to find it.
Courion, a provider of governance, risk management and compliance (GRC) tools, claims to be one of the first vendors to deliver a GRC tool that allows IT organizations to identify files that have a high level of risk associated with them based on not only words, but also other key indicators associated with that file.
According to Chris Sullivan, Courion vice president of customer solutions, when it comes to unstructured files, most IT organizations are ignoring GRC issues because there previously was no easy way to determine which files out of thousands present the most risk.
But with the advent of Compliance Manager for File Shares and Courion's existing RiskAppraisor technology, Sullivan says IT organizations can identify and automate the process of locking down high-risk files. In addition, said Sullivan, Compliance Manager for File Shares makes it easier to identify who within the organization owns each file, which helps IT organizations determine if that person should even have access to it. In contrast, most IT organizations rely on cumbersome access-controls lists to manually manage access, usually based on random, ill-defined criteria.
As much as companies like to complain about the cost of GRC and having these tools forced upon them by regulators, GRC tools are the only effective way to protect a company's strategic assets from both internal and external threats. The issue is not whether GRC tools will be required, but how to implement them as painlessly as possible and effectively protect corporate assets.