Who Keeps the Keys to the Corporate Data Castle?
In a recent eDJ Reviewed briefing session, Geoff Bourgeois (CTO of Acaveo) highlighted the Smart Information Server’s rapid installation by pointing out that all the only preparatory requirement was a single service account with essentially “Superuser” access rights to every data source that you want to see, search or collect from. Having sat through hundreds of product demos, I know that it takes nerve to do a cold installation, configuration, search and collection in a one hour demo on a live remote environment. It occurred to me that every enterprise discovery collection system on the market assumed that the corporate IT group would give Legal/Compliance full access rights. I have observed increasing tension between IT, Security, Legal and other stakeholders over these ‘keys to the data kingdom’. The Sarbanes-Oxley Act of 2002 was the first big access rights wake-up call to IT. Every new article on massive data breaches (example Target stores) drives IT/Security to slam the gates of the corporate castle and scream “None shall pass!”