While there's general agreement that there is a much greater need for data governance, there's not much agreement on the best way to go about it. A lot of that disagreement stems from the manual nature of first finding out who has access to what data and then managing that access on an ongoing basis.
Courion says it has solved that problem with the release of Access Assurance Suite 8.0. According to Todd Chambers, Courion chief marketing officer, this release integrates with data loss prevention (DLP) tools, security information event management (SIEM) tools and other sources of access control information to gain an understanding of which users have access to what types of data. It then takes that information and runs it through an analytics engine that Courion developed to identify what data is at risk and who has access to it.
Once an IT organization establishes that information, the Courion system is designed to allow customers to set policies that control which employees are allowed to access to what information once all the pertinent data is discovered.
Data governance is a thorny issue inside most IT organizations because while most IT organizations are nominally responsible for managing the data, they typically don't know which employees should have access to what data, and perhaps most importantly, what data is the most sensitive.
In recent months, we've seen the emergence of a new class of data governance tools that allow IT organizations to manage data, while giving business users responsibility for actually delegating who has the right to access that information. But the missing link for many organizations has simply been finding a way to get started, which appears to be an issue that Courion is now finally addressing.