The Challenge of Governing Information Access
Successful governance of business intelligence related data requires that the business needs comprehensive policies to govern information access. It is critical that the policies that govern such access must be understandable, both to the business and IT. They must be accurately implemented and auditable, so that any risks can be identified and their impact and likelihood understood. Even good policies change from time to time. There may be new legislation, or the business may need to reorganize itself for increased flexibility or efficiency. Such changes impact the design of information access security policies. Barriers to quickly changing policies cannot be allowed to hold up the business’ evolution.
It is critical that the policies that govern such access must be understandable, both to the business and IT. They must be accurately implemented and auditable, so that any risks can be identified and their impact and likelihood understood. Even good policies change periodically. There may be new legislation, or the business may need to reorganize itself for increased flexibility or efficiency. Such changes impact the design of information access security policies. Barriers to quickly changing policies cannot be allowed to hold up the business’ evolution.
Typical policy examples include:
- Finance. Policies that govern access to P/Ls by location and business unit within an entity. Because certain information is more confidential than other information therefore certain financial measures might be available to one audience, but not to another.
- Sales. Policies for segregating sales pipeline forecasts across departments/divisions from a consolidated company plan. The policy would govern access to revenue information, especially during period end close. Insiders can see what is closing this week, in the last month of the quarter, but product management can only see closed months, and everyone else can only see publicly announced information about previous quarters.
- Human Resources. Policies that insuring HR information is only visible to first line managers, and then only some of it. Individual personal information must be secured according to privacy laws. Key measures like Headcount or Base Salary are treated differently because certain data is more confidential than other.
Implementing these policies quickly moves from being a high level business issue to a hands-on technology challenge. Authorizing access in a typical business intelligent reporting application can easily require hundreds of thousands of manual steps to implement. Such information access challenges are shared by all enterprise class products, including IBM Cognos software.
The Solution
The answer has to be software that designs sophisticated policies and automates the design, testing and implementation across the application lifecycle. The software must facilitate the process cost effectively without increasing existing IT human resources. Such information access challenges are shared by all enterprise class products, including IBM Cognos software.
Enter FirstQuarter Security Studio
The first commercially developed software solution that addresses these issues. It dramatically reduces the cost of addressing all of these challenges. It reduces the time from man-months to minutes. The software was initially designed specifically with IBM Cognos in mind.
Learn more about how FirstQuarter addresses: