Classification Module for Identity Manager–Data Governance Edition

Identify content. Secure data. Comply with ease.

Provide security and access rights to the appropriate users.

Securing unstructured data, such as documents, spreadsheets and PDFs, is a complex enterprise data management challenge. Often, unstructured data is not classified, so it’s hard to know which documents contain sensitive information.

Moreover, your organization likely has thousands of terabytes of data to classify across Windows files servers, SharePoint and NAS devices—and that data is constantly changing (and continually growing).

Fortunately, the Classification Module for Identity Manager–Data Governance Edition automates the process of securing and classifying unstructured data. Its “MRI like” ability to find, identify and classify unstructured content manages risk, enforces security and takes the stress out of audits.

Additional benefits of the Classification Module include:

  • Mitigates the risk of bad press and financial exposure associated with sensitive information falling into the wrong hands or a failed audit
  • Automatically identifies and protects sensitive data based on policy, eliminating the need to open and examine each file manually
  • Offers the flexibility to enable business compliance owners to intervene in the automated process where they need to
  • Provides a visual risk map showing hot spots that need to be addressed and enables immediate action to be taken from within the solution
  • Simplifies the audit process for regulations such as PCI, HIPAA and SOX by identifying the types of data impacted by those regulations.

Features

  • An MRI scan for your data – Classification Module delivers a Management Risk Index (MRI) report that shows you a heat map of your organization’s infrastructure, so you can focus on the “hot spots” of unstructured data that contain the most risk.
  • Automated classification of unstructured data – Understand what sort of sensitive information is contained in your unstructured data files without having to perform the tedious process of manual evaluation. Classification Module can automatically categorize and organize credit card numbers, PII and more.
  • Tag and secure existing and newly created sensitive data – Tag sensitive unstructured data throughout your organization as it relates to compliance regulations, use, sensitivity and so on. Then establish and enforce rules for how all existing and newly created sensitive unstructured data is treated, who may access it and where it can be stored.
  • A complete all-in-one data governance solution – The combination of Classification Module working as part of the Identity Manager – Data Governance Edition protects your organization by giving access control to the business owners who actually know who should have access to which sensitive data, with the power to analyze, approve and fulfill unstructured data access requests to files, folders and shares across NTFS, NAS devices and SharePoint.

Additional Features supplied by Identity Manager–Data Governance Edition

  • Restricted access – Define access policies for your organization to ensure that sensitive unstructured data is only accessible to approved users. Identity Manager locks down sensitive data such as files, folders and shares across NTFS, NAS devices and SharePoint.
  • Data owner assignment – Determine and assign the appropriate owner of data for all future access requests by evaluating usage patterns and read and write access.
  • Simplified auditing –  Aside from using Classification Module to classify the data, Data Governance Edition will identify user access to enterprise resources such as files, folders and shares across NTFS, NAS devices and SharePoint to provide key information during audit preparations, including how access was obtained, when and by whose approval
  • Automated access requests – Use built-in workflows to automatically direct access requests from the request portal to the appropriate data owner. Approved requests are automatically and correctly fulfilled, with no burden on IT.
  • Access verification – Ensure that only approved users have access to specific resources, including those who have left the organization or department or whose roles have changed. Identity Manager enables you to monitor user and resource activity, and configure and schedule a recertification process for data owners to verify and attest to employee access.
  • Personalized dashboard – View trends, historic and current data access activity, and attestation status on a personalized dashboard with reports that can be used to prove compliance to auditors.

Sys Reqs

Classification Module System Requirements

Database Server

  • Microsoft SQL Server Standard Edition 2008 Service Pack 3
  • Microsoft SQL Server Standard Edition 2008 R2 Service Pack 1
  • Microsoft SQL Server 2012 Standard Edition, Service Pack 1 (Compatibility level for databases: SQL Server 2008 (100))
  • Oracle database 11g r2 Enterprise Edition version 11.2 (patch level will vary with operating system platform)
  • Microsoft Windows Operating Systems: Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 (R2) (32 bit or non-Itanium 64 bit), or Windows Server 2012
  • 32 GB RAM minimum
  • In addition to Q1IM Database Server requirements, an additional 30GB per million resources

Classification Server

  • 64-bit Windows Server OS (Windows Server 2003 (R2), Windows Server 2008, Windows Server 2008 (R2), Windows Server 2012
  • 500 MB of space required for installation, 200 MB space for logs, plus an additional 2 GB per 1 million resources for data processing
  • 8 GB RAM
  • Quad core CPU

Worker Server

 

  • 64-bit Windows Server OS (Windows Server 2003 (R2), Windows Server 2008, Windows Server 2008 (R2), Windows Server 2012
  • 300 MB of space required for installation, plus an additional 300 MB for logs
  • 8 GB RAM
  • Quad Core CPU
  • .NET 3.5.1

Classification Agent Host

  • 4GB RAM (if hosting multiple agents, 16GB RAM)
  • 100 MB free disk space for every million resources scanned
  • 2 GHz or faster x86 or x64 bit processor (if hosting multiple agents, quad core CPU)
  • .NET 3.5.1
  • Classification enabled local agents are not supported on Windows Server 2003 or Windows Server 2003 R2 operating systems.
  • Agents hosts installed on Windows Server 2003 or Windows Server 2003 R2 operating systems are not supported if they are scanning a classification-enabled managed host.

Classification Account

 

  • The Classification service account requires administrative privileges on the Classification Server, Worker Servers, and any agent hosts.
  • The managed domain account requires administrative privileges on the Classification Server, the Worker Servers, and any agent hosts.

Screenshots

loading

Classification Module for Identity Manager–Data Governance Edition

Take a Screenshot Tour

Manage Risk Index (MRI) Heat Map

Manage Risk Index (MRI) Heat Map

This visual interface represents a set of information on data and its risk according to volume.

Automated classification of unstructured data

Automated classification of unstructured data

The scan has discovered 11 files classified as ‘secret’ and they have no assigned data owner as of yet. Using functionality from the Data Governance Edition, the solution can suggest an owner based on read/write usage.

Find the classified data you are looking for

Find the classified data you are looking for

Compliance managers can do a search for all data that has a specific classification level – in this image, PCI level 2.

Governed Data Dashboard

Governed Data Dashboard

The dashboard view will display a visual breakdown of the classification categories that exist in your environment, and how much data falls under each category.

High Risk Overview

High Risk Overview

The user’s top 10 resources (based on risk level) that they are responsible for are displayed on their portal home page.

Resources

Classification Module for Identity Manager–Data Governance Edition videos