11 things it should be doing

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL

Our mission is to help enterprises realize value from their unstructured data.

11 Things IT Should Be Doing (But Isn’t)

Presenter:

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2

Agenda

Company Overview

Unstructured Data Explosion

11 Things IT Must DoWhy are they important?

What to look for?


About Varonis

Founded in 2004, started operations in 2005

Over 1800 Customers

Over 4500 installations

Offices on 6 continents

Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their unstructured data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged.


Varonis Solutions

GOVERNANCE

ACCESS

RETENTION

Ensure that only the right people has access to the right data at all times, access is monitored and abuse is flagged.

Use your existing file shares, on your own servers, to provide file synchronization, mobile access, and secure 3rd party sharing.

Intelligently automate data disposition, archiving and migration process using the intelligence of the Varonis Metadata Framework


Varonis Products

9 Products in 8 yearsDatAdvantage for Windows

DatAdvantage for UNIX/Linux

DatAdvantage for SharePoint

DatAdvantage For Exchange

DatAdvantage for Directory Services

IDU Classification Framework

DataPrivilege

Data Transport Engine

DatAnywhere


Unstructured Data Explosion


Data GROWTH Facts (IDC Digital Universe)

By 2020 (Source: IDC)Number of servers will grow by 10X

Data volume will grow by 14X

IT staff will grow by 1.4X

Protection19% is protected

25% needs protection

Big Data Analysis< 1% of data is tagged and analyzed

23% would be valuable if tagged

Cloud< 25% of data will be stored in the cloud


Data is the lifeblood of business

Data is a business asset that is constantly appreciating

Human-created content is extremely rich and valuable

Documents, spreadsheets, presentations, audio, video

In order to get value, people across many teams need to be able to collaborate and share data

But, if the wrong people access data, it can damage the business


Data Challenges

According to recent research:Only 26% of companies are very confident their data is protected

18% weren’t confident at all

23% of companies are not confident or unsure where their critical business data resides

27% of companies do not monitor any access activity on file servers and SharePoint sites

13% of companies never revoke access to data when an employee leaves the organization

61% do not scan their environment for sensitive data

www.varonis.com/research


Tough Questions

Who has access to data?

Who should and shouldn't have access to data?

Who uses the data? Is any of it stale?

Who abuses their access?

Who owns data?

What does all this data contain?

Which data is sensitive and exposed to risk?

Is any data redundant, duplicated, or unneeded?


11 Things IT Should Be Doing (But Isn’t)


11 THINGS IT SHOULD BE DOING

1. Audit Data Access

2. Inventory Permissions

3. Prioritize Data

4. Remove Global Access Groups

5. Identify Data Owners

6. Perform Entitlement Reviews

7. Align Security Groups to Data

8. Audit Permission and Group Changes

9. Lock Down, Delete, or Archive Stale Data

10. Clean Up Legacy Groups and Artifacts

11. Get Control of Public Cloud Services


1. AUDIT DATA ACCESS - IMPORTANCE

An Audit trail is necessary to answer key questions:

Who uses which files & folders?

Who owns them?

Who isn’t using data?

How can access controls be tightened?

What data is not being accessed at all?

What can we archive?

Common IT Questions:

Who deleted my files?

Common Security Questions:

What did this person access?


Audit trail: What to look for

Non-Intrusive

Complete

Normalized

Searchable, Sortable


2. PERMISSIONS INVENTORY – IMPORTANCE

Permissions are how we manage access

They are on every type of container

Folders, SharePoint objects, Mailboxes, etc.

Without a map of permissions, we can’t answer:

Who has access to which files, folders, etc.

What data a user or group has access to

Where permissions are misconfigured, too loose


Permissions Inventory: What to look for

Non-Intrusive

Correlate Users & Groups

Bi-Directional

Complete, Pre-Collected


3. PRIORITIZING DATA – IMPORTANCE

Most organizations have many Terabytes of unstructured data

Thousands of folders need remediation

Global access

Large Groups

It makes sense to prioritize remediation efforts on important

data

Key Questions:

What should I remediate right now?


Prioritizing Data: What to Look For

Over-Exposed FoldersContaining Sensitive Data


Prioritizing Data: What to Look For

Sensitive Data Exposed DataPrioritized list of folders that should be addressed

Lots of sensitive data

-AND-

Excessive/loose permissions


4. CLEAN UP GLOBAL ACCESS – IMPORTANCE

Data Open to the entire organization

Open Shares

Everyone, Authenticated Users, Users

Key Question:

How do we lock down exposed data safely?


What to Look For: Global Access

Change Modeling

Change Execution


5. IDENTIFYING OWNERS –IMPORTANCE

Data is an asset – who decides?

Who should be allowed to access it

What use is appropriate

That person needs to be defined

Probably shouldn’t be IT

Common responses:

We have owners for groups (we’ll get to that)

Managers decide who should have access

(inefficient and ineffective)


Ownership: What to look for

Easy identification of:

Folders that need owners

Ownership candidates

Owner assignment and tracking


6. ENTITLEMENT REVIEWS – IMPORTANCE

Access Control Needs Change

People change jobs, roles

Teams form and dissipate

Key Question

How can we make entitlement reviews more efficient and effective?


Entitlement Reviews: What to Look For

Intelligence

Automated

Delivery

Execution


For unstructured data, a critical link has been lost:

Which groups grant access to which resources?

7. ALIGN GROUPS TO DATA – IMPORTANCE

UNKNOWN


Permissions Map

Simulation Capabilities

Unused, Empty Groups

GROUPS TO DATA: WHAT TO LOOK FOR


8. AUDIT ACCESS CHANGES –IMPORTANCE

Now that we’ve fixed everything, we need to keep it that way.

Access Control Lists

Group Membership

Changes must be approved by owners


CHANGE AUDITING: WHAT TO LOOK FOR

Complete

Sortable, Searchable

Reportable


9. Identify Stale Data – Importance

40-60% of data is likely stale and can be archived without impacting business

activity

ActiveStale

How much are you spending on storage?How much data is unnecessarily accessible?


Stale Data: What to Look For

Uses real activity

Reportable

Automated archiving


10. CLEAN UP – IMPORTANCE

Complexity breeds mistakes

“Artifacts” Impact Performance


CLEAN UP: WHAT TO LOOK FOR

Orphaned SIDS

Individual ACE’s

Disabled Users

Looped Nested Groups

Empty Security Groups


11. Control public cloud services - Importance

Unapproved public cloud servicesRisk

Does the organization even know about data stored there?Who grants/revokes access?Where is the data stored?Security controls – are they available?

IT OverheadUsers/Group management?Permissions management?

Facts80% of organizations don’t allow cloud based file sync servicesBut… 1 in 5 employees already use Dropbox for work!78% would like to offer these services if they could offer them using their existing infrastructure*.

Source: Nasuni http://www6.nasuni.com/shadow-it-2012.html

Source: BYOS http://www.varonis.com/research

http://www6.nasuni.com/shadow-it-2012.html

http://www6.nasuni.com/shadow-it-2012.html

http://www.varonis.com/research


Approved Alternative – what to look for

Can leverages data-in-place

Can leverage existing Permissions and Security

Has External collaboration capabilities

Has Desktop, web and mobile app access


11 THINGS IT SHOULD BE DOING

1. Audit Data Access

2. Inventory Permissions

3. Prioritize Data

4. Remove Global Access Groups

5. Identify Data Owners

6. Perform Entitlement Reviews

7. Align Security Groups to Data

8. Audit Permission and Group Changes

9. Lock Down, Delete, or Archive Stale Data

10. Clean Up Legacy Groups and Artifacts

11. Get Control of Public Cloud services


Efficiency AND Risk Reduction

Access Provisioning

20 minutes

1 minute

Permissions Report

30 minutes

1 minute

Identify Data Owner

4 hours

20 minutes

Remediate Global Group

6 hours

10 minutes

Entitlement Review

30 minutes

2 minutes

Management Activity

Manual

Automated


SECURE COLLABORATION

Too much access

UncontrolledCollaboration

No AccessNo Collaboration

MaximumValue

Negative Value (Damage)

Correct Access

No Value


SECURE COLLABORATION

Trust• Access is

restricted• Data owners

identified• Owners

Review Access

Verify• Access

Audited• Usage

analyzed• Less will

arrive at endpoints

Data assets need the same controls as financial assets:

Only the right people have access

Access is continually maintained

Use is monitored

Abuse is observed and controlled


Questions?

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL

Thank you

Sign up for a FREE Evaluation

Data & Analytics

11 things it should be doing