As employees come and go, employers embrace ‘democratization of data’

In an end-of-2021 survey of 1,755 IT employees, Gartner found that only 29.1% of respondents had “high” intentions of staying with their current employers.

As organizations face a shuffling of roles, access privileges need to be assigned, reassigned, or cut off entirely.

An increasing number of employers, however, have a hopeful idea of the “gig economy,” and are implementing access-control technologies that welcome new employees and invite collaboration with data rather than a lockdown of it.

No more data islands

Keeping track of access privileges as employees depart requires a level of attention and organization from IT teams.

In the past, many organizational departments isolated their data and security controls for that data, which could feel like a bad dream when it came time to define and maintain access roles, said Bret Greenstein, cloud and digital partner at the professional services firm PwC.

“Really it’s that fragmentation and islands of data that caused the administrative nightmare on access control, even if you could be removed from the system,” Greenstein told IT Brew.

For example, you might have been taken out of the identity system after leaving, but would anyone ever know which pieces of sensitive data you had access to?

Should Employee X be entitled to the application that’s going to authorize a wire transfer?

Should an HR staff member have access to all of the data in an employee profile, including age and salary?

Role management is as much a question about policy as it is about technology. Terry Jost, privacy segment leader at the consulting firm Protiviti, believes the access management challenge requires careful decision-making more than the right products.

“I found about 40% is technology and about 60% is business processes and policy,” Jost told IT Brew. “Sitting down with the organization, really understanding what the role structure is, how the organization chart works, what the entitlements should be for people at various levels—that’s where the work is.”

In the past, you might have had to do some serious legwork to figure out access problems.

“In the old way of doing things, pre-modern, you would have to go and survey every person who has a data system to find out if you have access…and you’d go to multiple teams to do it,” Greenstein said.

Greenstein advises companies as they implement a more modern approach to access management, often supporting organizations with cloud-based implementations or, specifically, cloud-data warehouses.

According to Google, a cloud-data warehouse is “an enterprise system used for the analysis and reporting of structured and semi-structured data from multiple sources, such as point-of-sale transactions, marketing automation, customer relationship management and more.”

A cloud-data warehouse also provides a unified level of access management—which differs from an isolated, departmental approach.

“Effectively, you get one large enterprise data warehouse, which can replace tens, or hundreds, of individual data silos from the old model. It’s done at the enterprise level on the cloud, and then allows [us] to have security controls done once across all data,” Greenstein said.

No more islands

Rob Juncker, chief technology officer at Code42, welcomes contractors and clouds and the increasingly complex data picture. Code42 makes “Insider Risk Management” technologies—tools that track computers, email, and the cloud for behavior that indicates data exposure.

Code42 hires temporary workers in a variety of departments, including marketing, software quality assurance, and creative content, Juncker told IT Brew, but that doesn’t mean they have to be shut out from the company’s data.

“The challenge you run into with contractors is you might be thinking about the process and saying, ‘Well, gosh, if they have that much access to my information, that means I need to lock them down.’ But that’s not the way that the world works now, right? We’re all collaborating. We’re all sharing information,” Juncker said. Later, he added, “The moment you start trying to lock things down, it’s almost invariable that you’re going to lock too much, where you’re not going to be able to freely collaborate.”

Traditionally, employers have tried to limit the number of people who had access to data, said Greenstein, but there’s been a more democratic change in philosophy.

“Most people inside the enterprise felt if they had data and no one else did; they were more valuable. But that mindset has really shifted,” Greenstein said. “Once you focus on  democratization of data, moving data to cloud, the ability to handle roles and individual access control becomes a strategic advantage. If you can do it well, you can get data in the hands of more people.”—BH