Torsion Information Security Blog

Exploring the business and technical implications of information security.

Who in a business should be controlling file access and sharing?

 

If you want to make a good decision about who should have access to a piece of business information – you need to have a close and intimate understanding of the information itself.

The answer isn’t I.T.

And who in the business has this detailed understanding of the information? Well its not the IT guys. They are only aware of the information at a much higher level of abstraction, to help them keep the systems working.

And yet, as an industry we’ve been thinking about this as an IT problem for years. We’ve been asking them to make the decisions about who should have access to information that they don’t really understand. And since they don’t really understand the information, it is inevitable they’re going to make some incorrect decisions.

It’s the business user

So who actually has that level of understanding?

Answer: Its the data owners in the business.

The project managers, the account managers, the line managers, the people who are creating and overseeing the information day-to-day. They are the people who understand the information best, and so they are the people who are best placed to make the decisions about who should have access to it.

We need to shift the entire data access conversation away from IT, and move it much closer to the business. We need to be talking to business users, and empowering the data owners in the business to effectively take responsibility for their own information.

But business users are too busy?

Yes, data owners and business users are busy. They’re not technical. They have jobs to do. They’re not even interested in this stuff. But that doesn’t mean they’re the wrong people to be speaking to – they’re still the only people who really understand the information.

We just need to be very careful about how we engage with them.

Torsion asks for literally 2 seconds of their time. We don’t ask any kind of complexity whatsoever. If we were to do that, what would be achieve? Nothing. They will simply ignore us. They won’t engage, they won’t do it, and we will have achieved nothing at all.

Instead, we need to keep the experience for the business users, extremely, exceptionally simple. The intelligent automation in Torsion makes this possible.

And the great thing is, once our intelligent automation is handling the configurations and the detail, we now have an approach that scales. It no longer matters if there are tens of millions of files and folders, thousands of staff, everything moving around and access constantly changing. We no longer need more manual processes and people to keep up. Regardless how much data there is, our automation simply handles it.

I want to know more
close slider

Sounds interesting, send me a bit more info...