Monday, February 24, 2014

Extend ISIM’s Visibility to Unstructured Data with StealthBits

In this age of Access Governance, organizations need to know who owns the data, who has access to it and how they were granted that access. IBM Security Identity Manager (ISIM) effectively provides visibility into access, policy, role management and it also facilitates periodic entitlement reviews of access across numerous systems. However when it comes to provisioning and management of access, a critical link between the access management platform and the unstructured data on managed resources is missing. Traditionally, ISIM can reconcile Group data (i.e. structured data) from access management platforms like Active Directory and open the way for effective Role Discovery and Role Based Access Control (RBAC). However it is unable to extend the same capabilities into the unstructured data components primarily because it lacks the ability to explore what access has been granted to the Users and the Groups as the data is too difficult or distributed to understand.

Unstructured data refers to disorganized information that does not have a data structure (i.e. exist within a database). Examples of “unstructured data” may include documents, presentations, spreadsheets, scanned images, multimedia files stored in file repositories like regular file systems or an advanced collaborative tool like SharePoint. This type of data is critical to every business as users frequently collaborate on such files that often contain sensitive information. It is critical for the organizations to ensure that the users have access to correct data and any unnecessary accesses are revoked.

This visibility gap is effectively fulfilled by StealthBits' StealthAUDIT Management Platform (SMP). StealthBits has the capability to crawl across an organization’s environment discovering unstructured data and dump a single, consolidated entitlement catalogue containing key information such as:
  • Who owns the unstructured data
  • Who has access to this unstructured data items – Users and/or Groups.
  • How access has been granted – Is it through a Group?
Not only does this StealthBits product discover unstructured data, it also pushes this discovered data to ISIM through its Data and Access Governance connector. With this direct integration of StealthBits with ISIM, organizations can now
  • Control provisioning and revocation of access to unstructured data from ISIM and 
  • Accelerate the effort to map all these unstructured data items to ISIM. 
This is how organizations can leverage their existing ISIM investment with StealthBits to manage access control on unstructured data:

1. StealthBits' StealthAUDIT Management Platform discovers unstructured data in an environment and creates a consolidated view of entitlements. SMP also determines the AD Groups that have access to these unstructured data items.
2. Items discovered by SMP can be selectively published to ISIM.
3. After the publish activity is complete, “Access” on the AD Groups that entitle access to these items is automatically enabled by the publish workflow.

4. SMP helps identify an owner for the access.
5. Once these accesses have been defined, organizations can implement the Request Based Access Control model for the unstructured data items leveraging the existing advanced workflow processes for user self-service requests of access to organizational resources.

At IBM Pulse this week, Prolifics is showcasing this security solution and other solutions that help organizations around the world manage risk and compliance. Our experts will also be sharing recent client success stories in the solution showcase and across several conference sessions.

Learn more about our presence at Pulse and download session replays by visiting our conference page.

Nikhil Firke is a Security Solution Architect with Prolifics. He has an extensive background in design and implementation of Identity and Access Management solution for organizations around the world. Nikhil is a Certified Information Systems Security Professional (CISSP) and a certified solution advisor for IBM security and compliance management solutions.