Limit and Automate Access to Sensitive Data with Free Trial of the Varonis Data Governance Software Suite
London – Jan. 2011 – Following the release of massive amounts of confidential government documents by WikiLeaks, the United States Office of Management and Budget (OMB) has directed federal departments and agencies to review their procedures for safeguarding classified national security information, and to complete an assessment of the safety measures they have in place to protect confidential documents by January 28.
Key in this assessment is the area of “safeguarding” (Section 3), which requires departments and agencies to limit and automate access to sensitive data. Specifically, the memo asks organisations to identify how they “ensure access to classified information in automated systems is limited to those persons who: (a) have received a favorable determination of eligibility from the agency head or their designee, (b) have signed an approved non-disclosure agreement, and (c) have a need to know the information”. Section 3 goes on to ask “How are need-to-know determinations made in your agency reflected in your management of automated systems?”.
Who Knows Who Needs to Know?
Currently, an average Terabyte of data contains roughly 50,000 containers. Of those 50,000 containers, 2,500 usually have unique permissions applied to them. These permissions usually refer to several groups that contain a few or dozens of users—an organization of 1,000 users often has 1,000 or more groups stored in their Directory Service (e.g. Active Directory). All of these folder permissions and groups need to be maintained and updated as people change roles and security labels change.
As Cablegate has shown, humans can no longer keep track of who “needs to know” without automation. There are just too many people and groups, too much data and too much change. In fact, 91 percent of organisations can’t even identify who should be deciding who needs to know (Source: Ponemon Institute Study, June 2008), nor can they accurately determine which containers their groups grant access to.
Varonis maps what data is accessible by whom and tracks what data is used by whom. Like search engines and online stores, Varonis uses sophisticated analytics to make recommendations about who should and shouldn’t be in which groups, and who should and shouldn’t have access to data. For example, recommendations automatically highlight users that have changed roles yet still have access to data sets that are no longer relevant for them, users that are in incorrect groups, and other access control errors.
Identification of Data Owners, Automated Authorization and Review
Varonis also uses automation to help identify data owners—the most active users of a high level container where the organization has write access are very likely candidates. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a web-based interface—that are then executed—with no IT overhead or manual backend processes.
Once data has been locked down so that only those who need to know have access, access still needs to be monitored—trust, but verify. Varonis analyses all data usage to identify users that suddenly deviate from their normal access patterns, or suddenly access a statistically significant number of files. These alerts can be routed to the proper personnel for immediate review.
Leveraging Metadata to Limit and Automate Access to Sensitive Data
A critical part of limiting and automating access is the ability to leverage metadata - data about data (or information about information). When it comes to identifying sensitive data and protecting access to it, a number of types of metadata are relevant: user and group information, permissions information, access activity, and sensitive content indicators. A key benefit to leveraging metadata for preventing data loss is that it can be used to focus and accelerate the data classification process. In many instances the ability to leverage metadata can speed up the process by up to 90 percent, providing a shortlist of where an organization’s most sensitive data is, where it is most at risk, who has access to it and who shouldn’t.
The Varonis Metadata Framework™ technology that forms the foundation of Varonis software, non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes, normalizes, analyzes, stores, and presents the metadata to IT administrators in an interactive, dynamic interface – automating the process of finding areas with excessive permissions and abnormal access activity, understanding who can access, who is accessing, who shouldn't have access, and who owns the data, and enabling remediation of risk faster than traditional data protection products.
"Federal agencies need to know that they no longer have to manually manage permissions to ensure that only the correct users have access to the right data and that their permission can be revoked when they no longer need them,” said Yaki Faitelson, chief executive officer, president and co-founder of Varonis Systems. “The previously impossible is now possible through the intelligent use of metadata and data governance automation. The instinctive reaction of many to these WikiLeaks is to try and lock down all data — that is not only impossible, it is unnecessary if you use the right technology.”
Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. The company was named "Cool Vendor" in Risk Management and Compliance by Gartner, and voted one of the "Fast 50 Reader Favorites" on FastCompany.com. Varonis has over 3,000 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organisations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel.
Varonis, the Varonis logo, DatAdvantage and DataPrivilege are registered trademarks of Varonis Systems in the United States and/or other countries and Data Classification Framework and Metadata Framework are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.
Source: Eskenzi PR Ltd.
This press release is presented without editing for your information only.
Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.