Sensitive data is regulated and important to secure. With the increased level of connectivity available to users, sensitive data may be transmitted in violation of policies or legal regulations. The increased level of complexity in computing systems make the security of sensitive data much less manageable.
One solution to this problem has been to create policies associated with sensitive data and to monitor access to the sensitive data utilizing the policies. This approach has become susceptible to failure due to the increased usage of user identifiers. Users may use a variety of user identifiers (such as e-mail addresses, login names, etc.) to access sensitive data. It is very difficult to craft policies that capture all of the user identifiers that may be used in a system.