
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Organizations who implement Strategic Portfolio Management at times require the capability to manage projects with varying levels of sensitivity and access requirements. This article will discuss several options for data segregation, allowing companies to balance security needs with collaboration and efficiency. This article explores the various data segregation options available. Configuring SPM to segregate data in any manner will add complexity to the implementation as well as support effort and should be carefully considered. Not all items or considerations will be covered in the post (e.g. reporting and dashboarding).
Common Use Cases for Data Segregation
Before looking at specific options, let's consider some common scenarios where data segregation is crucial:
- Mergers and Acquisitions (M&A) Projects: These highly sensitive projects which often require strict access control to prevent information leaks that could impact stock prices or competitive advantage.
- Confidential Product Development: Projects involving new product development or innovation may need to be hidden from the general employee population to protect intellectual property.
- Team-based Project Segregation: In large organizations, different departments or teams may need to manage their projects independently without interference or visibility from other groups.
- Regulatory Compliance: Certain industries may have legal requirements to separate specific types of data or limit access to particular groups.
- Client-specific Projects: Service providers managing projects for multiple clients need to ensure data isolation between different client engagements.
1. Data Separation
Data Separation is a native feature that allows for granular control over data visibility based on group membership.
Pros:
- Provides fine-grained control over data access
- Relies on organizational structure
- Integrates well with existing security models
Cons:
- Can be complex to set up and maintain
- Relies on organizational structure (depends on foundational data)
- May impact system performance if not implemented carefully
- Requires careful planning and testing to avoid conflicts with other access control mechanisms
- Some tables are not covered under data separation (eg. RIDAC)
Use Case: Data Separation can be considered for organizations that need to manage multiple organizational projects on a single instance, ensuring that each client's data remains isolated.
2. Data Filtration
Data Filtration is a declarative way to deny read access to tables and records based on conditional logic.
Pros:
- No scripting required, making it easier to implement and audit
- Works well for complex access scenarios
- Can be more performant than script-based solutions
Cons:
- Limited to read operations only
- May not be suitable for all types of data segregation needs
- Requires careful planning and testing to avoid conflicts with other access control mechanisms
Use Case: Data Filtration can be considered for organizations that need to implement, condition-based access rules for project data, such as limiting visibility based on project attributes or user characteristics.
3. Team Spaces
Team Spaces provide organizational silos for project access, allowing teams to work in isolated environments.
Pros:
- Intuitive for users
- Simplifies access management for team-based projects
- Supports collaboration within defined groups
Cons:
- May not be granular enough for highly sensitive data
- Not all tables are included in teamspace implementation (e.g. RIDAC)
- Limited to 5 teamspaces
Use Case: Team Spaces can be considered by organizations with up to 5 distinct departments or project teams that need to manage their work independently while still operating within the same instance.
4. Custom Access Control Lists (ACLs)
Custom ACLs allow for tailored access control rules based on specific organizational needs.
Pros:
- Highly flexible and customizable
- Can address unique security requirements
- Integrates with native security model
Cons:
- Requires scripting knowledge to implement
- Can be complex to maintain and troubleshoot
- May impact system performance if not optimized
- Typically, higher technical debt
Use Case: Custom ACLs can be considered by organizations with unique or complex security requirements that cannot be fully addressed by out-of-the-box options, such as multi-tiered approval processes for sensitive projects.
5. Separate Instances
For the highest level of data isolation, organizations can opt to use separate ServiceNow instances.
Pros:
- Provides complete data isolation
- Simplifies compliance with strict data segregation requirements
- Allows for customized configurations per instance
Cons:
- Increases infrastructure and maintenance costs
- Complicates cross-project reporting and resource management
- May lead to duplication of effort and inconsistencies across instances
Use Case: Separate instances implementation around SPM requirements is rare but allow for absolute data segregation.
6. Domain Separation
Domain Separation is an extensive feature that allows for complete data isolation within a single instance. This is added for completeness of options but is not recommended unless already in place. SPM requirements around data separation should not dictate the implementation of Domain Separation.
Pros:
- Provides robust data isolation within a single instance
- Supports complex organizational structures and multi-tenancy
- Allows for shared configuration while maintaining data separation
Cons:
- Significantly increases complexity of system administration
- Can impact performance if not implemented correctly
- May require extensive redesign of existing processes and workflows
Use Case: Domain Separation is typically used for large enterprises with multiple subsidiaries or service providers managing data for multiple clients on a single instance.
Warning: While Domain Separation offers strong data isolation capabilities, it is often considered overkill for typical SPM project data segregation needs. The complexity and potential performance impact of Domain Separation will likely outweigh its benefits in the context of project management. Other options like Data Separation, Team Spaces, or Custom ACLs are generally more appropriate and easier to implement for SPM use cases.
Conclusion
Choosing to implement data segregation should be considered only with a strong business case to support the effort. The solution will depend on your organization's specific needs, security requirements, and operational structure.
- 2,334 Views
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.