The myth you will hear in the hallways of IAM conferences: Unstructured data is so different that application data or user groups that you need a unique solution to tackle governance and access management.
Unstructured data, all those files in folders on seemingly infinite numbers of drives and SharePoint sites spread all over the place, seems very scary. It’s hard enough to take applications and directories and control them. But at least they have some structure to latch onto. Files say it right in the name: unstructured. So how do you even know where to start? Like with so much else, it’s a matter of keeping things simple. What you actually care about? What is important about the files and folders? You care about who owns them. You care about who is allowed to touch them, see them. You care about what’s in them, or, at least, you care about important, sensitive data that may be lurking in them waiting to get you in trouble. When you look at the problem that way, this unstructured data starts to look an awful lot like the structured data in applications and directories.
In the end, the important parts about access governance for unstructured data are identical to the important parts of structured data. This is good news. That means that you ought to be able to lay them over one another in some meaningful way and come up with a more complete picture of access overall. It’s good to know that a certain user has accounts in both the accounting and finance systems. It’s excellent to know they have accounts in account and finance and also have access to the execute SharePoint site being used for M&A clean room activity. Having that level of visibility is not only possible, it should be required. If the things you want to know about unstructured data are the same as the things you need to know about everything else, then how to get that data into the system should be the vendor’s problem not yours. You just need to know you can have it all in one place and set your expectations accordingly.