The Data Governance Gap

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

More Resources:

Slide Show
RESEARCH: 2010 Access Governance Trends Survey

Check out the results from a recent survey by the Ponemon Institute

Slide Show
DOWNLOAD: Information Governance Policy

DOWNLOAD: Protecting Aggregated Data


When it comes to security breaches, everyone likes to bemoan the state of IT security. But most breaches occur because some employee either accidentally or on purpose divulged some information that he or she shouldn't have. And in most cases, the employee should never have had access to that information in the first place.

In a new survey from The Ponemon Institute that was funded by Aveksa, a provider of data governance software, 56 percent of the 728 IT managers surveyed said end users often or very often have access to more information than their jobs require.

The survey also shows that the majority of IT organizations are overwhelmed when it comes to managing requests for access, depend too much on manual systems to manage the process, and don't really know who in the organization should have access to what type of information. More are adopting data governance tools than the last time this study was conducted two years ago, but it's not at all clear that the adoption of those tools is keeping pace with the sheer volume of information that now has to be managed under one compliance mandate or another.

Larry Ponemon, chaiman of the Ponemon Institute, says the real problem is that IT departments don't have the necessary context to effectively govern data access. IT can provide the core tools, but responsibility for governing data needs to reside with the business. Though business folks are the ones who know who should rightfully have access to what information, no one on the business side wants to step up and take responsibility for that task.

Aveksa Vice President Brian Cleary says that IT organizations have been making progress by trying to define access based on job functions, allowing IT to at least stem the flow of information across the company.

But to solve the problem, Ponemon says smart people on both the business side and within the IT department need to come together to hash out a holistic approach to data governance that creates an effective data-management policy system, as opposed to another series of company policy documents that nobody ever takes the time to read.