Identity management with data governance makes sense, explains Jonathan Sander, director of Quest Software (now owned by Dell) Identity and Access Management Business Development, because it’s all about managing roles. Sander explains to IT Business Edge’s Loraine Lawson why Quest decided to offer a separate solution, the Quest One Identity Manager Data Governance Edition, and how its roots in identity management make it a great governance solution.
Lawson: Why does Quest deal with data governance under its identity management division?
Sander: Governance in general does tend to fall under identity and access management, and I think the key here is that it falls mostly under the access management portion of it. I always like to think of it more like identity management and access management.
Access governance is really focused on applications — what roles does this person have in SAP? What websites may this person access in the portal? Those are questions for what has been traditionally called access governance, whereas data governance has been more about what file shares may this person access.
There are certainly other vendors in the identity and access management space that have access governance, which is the typical structured side. We do feel that we are unique in that we are the only vendor that offers both access and data governance, and in fact, very specifically, the only one who offers it in a single platform.
Data governance does look at the unstructured side of things. Instead of being concerned with roles and applications that are pretty well structured and defined, it’s concerned with a big bunch of Excel files or a whole bunch of PDFs or whatever big dump of files that might be out there.
You can buy the access and data governance edition, which is sort of the big enchilada. In that case, you would have the ability to do both the access governance and the data governance in one view, making both actionable.
I was just out at Gartner’s Catalyst conference talking to different customers. Every single one of them reacted extremely positively to the idea of being able to do both the data governance and the access governance in one platform, because that’s something that they feel that’s been lacking. They’ve approached the data problem and the access problem and essentially they're trying to do the same thing to both areas, but they’ve been forced into using different technologies, or at least looking at.
A lot of people haven’t even really invested in the technologies yet. They were very happy to hear that we were going to offer a unified solution there.
Lawson: So why break out data governance? Why have another edition?
Sander: We tend to like to allow our customers to buy things a la carte. We find that that’s exactly how they approach their problems. Customers don’t tend to take things in one big chunk. Even if they want a burrito with the works, they're not going to eat it in one bite. And if they have the budget to go buy the whole thing right away, a lot of them will. But even in that case, they don’t roll it out in one go. You have to do it in stages. You're just forced to, because there’s just too much business engagement, too many technical details.
Lawson: One of the things that you're doing now is supporting unstructured data with this, correct? Can you talk a bit about that?
Sander: Correct. Unstructured data is all of those files that don’t fit neatly into the rules and rights like you would have in an application. The way to understand unstructured data is to understand what structured data means. Structured data is typically something that you're going to have in an application.
Think about your typical application where you’ve got a menu on the left and some content on the right. You click through the menu and you're filtering the data, and that’s the way things happen.
Unstructured data is a SharePoint site with 500 different files in it — PDFs, Excel files, Word files, you name it — just big dumps of CSV text. The application doesn’t help me understand that. It just shows me a big list of things. It could even be something like a file share, where I’m literally just going in and navigating to a folder.
But here’s the thing. Every one of those files has permissions on it: Who can read it, who can write it, what groups have access, things like that. The problem is that the files themselves don’t make that obvious. And the way that people approach and use the files don’t allow people to really assert their control in the process.
So what we mean when we say we manage unstructured data is that we can bring a series of continual processes to manage the access and the rights associated with all of these things. It’s sort of a bridge, if you will, between the IT role of managing the actual bits and bytes of permissions on files and the business role of “Those are my files” or “I only want these people to see my files.”
When you put the Quest One Data Governance in the middle, the business can assert their ownership over the files. They can do things like use our smart risk management to assign a risk score to the file. They can put policies and rules in the files so that somebody from finance could say, “I want a policy in place that no one from accounting can ever get permissions to view this file. Period. Just can’t happen.”
We have a self-service request portal as well, so we can put in some convenience factors. Part of the problem with security is that often it’s viewed as a “say no” thing. But I like to think of it in terms of a racecar. If you didn’t have your brakes in a racecar, you’d be in trouble. So security is the brake that lets the racecar go faster, because if you can’t brake a little bit around the turns, you're just going to be a disaster on the side.