Quest Extends Access Control to Unstructured Data
Extending its line of identity management software, Quest Software has released an application to help administrators more easily control who accesses documents on the corporate network.
While enterprise applications such as Oracle's PeopleSoft are pretty well-locked-down when it comes to user access, organizational networks are often populated with many files that are more widely accessible, such as spreadsheets or source code files, noted Jonathan Sander, an identity management analyst for Quest.
The Quest One Identity Manager Data Governance Edition extends the company's Quest One Identity Manager line of software to unstructured data. The software helps administrators "make sure when a breach takes place [they] are in the best position possible to ensure people are not walking off with data," Sander said.
Data is called unstructured when it does not reside in a database, but rather in a document that resides directly on the file system. Spreadsheets, word processing documents, PDFs, presentations, images, and audio and video recordings are all forms of unstructured data.
Administrators can't keep control of who accesses unstructured data as closely as they can for data in databases, Sander said. File systems provide access control but they require considerable work in establishing user permissions and extracting usage data from system logs. An administrator can "find all the file shares and SharePoint sites, but wouldn't haven't a clue about who owns these things," Sander said.
According to Quest's understanding, organizations want to have greater accountability and control over who can access unstructured documents on their networks. The software would be most beneficial for establishing access for users who may be requesting material they don't normally require, rather than for the users accessing the same set of material on a daily basis, Sander said.
In a survey, Quest found that 50 percent to 100 percent of enterprise data is unstructured, yet only 15 percent of organizations can determine the proper owners of all their unstructured data. About 68 percent of these respondents have set up processes to give their employees permission to access data, though these processes tend to be manual and take up the time of the system administrators.
Establishing proper access control appears to be an ongoing challenge for many organizations. This week, the U.S. Environmental Protection Agency was criticized by the Government Accountability Office for not having sufficient controls in its IT systems to identify and authenticate users.
Quest One Identity Manager Data Governance Edition provides an interface for administrators to more easily control access to unstructured data on an internal network. The new software acts as an additional authentication layer between the user and the data. It works with files on drives formatted with the Windows NTFS file system, and is based off of NTFS' built-in access controls. It allows administrators to define the owners of data, groups and guests that can access data. It authenticates users and provides usage reports to administrators. The software does not manage email, even though email is considered unstructured.
The software works in conjunction with the organization's user directory, either Active Directory or another LDAP (Lightweight Directory Access Protocol)-based system.
Approximately 5,000 organizations already use Quest software to manage access for their employees, according to the company. Last month, Dell announced that it is acquiring Quest for US$2.4 billion, an acquisition that should be finalized by the end of the year.
Pricing for the Quest One Data Governance Edition starts at $35 per managed person.