11 things it should be doing
Post on 22-Aug-2015
223 Views
Preview:
TRANSCRIPT
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
Our mission is to help enterprises realize value from their unstructured data.
11 Things IT Should Be Doing (But Isn’t)
Presenter:
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2
Agenda
Company Overview
Unstructured Data Explosion
11 Things IT Must DoWhy are they important?
What to look for?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL4
About Varonis
Founded in 2004, started operations in 2005
Over 1800 Customers
Over 4500 installations
Offices on 6 continents
Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their unstructured data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL5
Varonis Solutions
GOVERNANCE
ACCESS
RETENTION
Ensure that only the right people has access to the right data at all times, access is monitored and abuse is flagged.
Use your existing file shares, on your own servers, to provide file synchronization, mobile access, and secure 3rd party sharing.
Intelligently automate data disposition, archiving and migration process using the intelligence of the Varonis Metadata Framework
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL6
Varonis Products
9 Products in 8 yearsDatAdvantage for Windows
DatAdvantage for UNIX/Linux
DatAdvantage for SharePoint
DatAdvantage For Exchange
DatAdvantage for Directory Services
IDU Classification Framework
DataPrivilege
Data Transport Engine
DatAnywhere
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL8
Data GROWTH Facts (IDC Digital Universe)
By 2020 (Source: IDC)Number of servers will grow by 10X
Data volume will grow by 14X
IT staff will grow by 1.4X
Protection19% is protected
25% needs protection
Big Data Analysis< 1% of data is tagged and analyzed
23% would be valuable if tagged
Cloud< 25% of data will be stored in the cloud
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9
Data is the lifeblood of business
Data is a business asset that is constantly appreciating
Human-created content is extremely rich and valuable
Documents, spreadsheets, presentations, audio, video
In order to get value, people across many teams need to be able to collaborate and share data
But, if the wrong people access data, it can damage the business
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL10
Data Challenges
According to recent research:Only 26% of companies are very confident their data is protected
18% weren’t confident at all
23% of companies are not confident or unsure where their critical business data resides
27% of companies do not monitor any access activity on file servers and SharePoint sites
13% of companies never revoke access to data when an employee leaves the organization
61% do not scan their environment for sensitive data
www.varonis.com/research
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11
Tough Questions
Who has access to data?
Who should and shouldn't have access to data?
Who uses the data? Is any of it stale?
Who abuses their access?
Who owns data?
What does all this data contain?
Which data is sensitive and exposed to risk?
Is any data redundant, duplicated, or unneeded?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL13
11 THINGS IT SHOULD BE DOING
1. Audit Data Access
2. Inventory Permissions
3. Prioritize Data
4. Remove Global Access Groups
5. Identify Data Owners
6. Perform Entitlement Reviews
7. Align Security Groups to Data
8. Audit Permission and Group Changes
9. Lock Down, Delete, or Archive Stale Data
10. Clean Up Legacy Groups and Artifacts
11. Get Control of Public Cloud Services
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14
1. AUDIT DATA ACCESS - IMPORTANCE
An Audit trail is necessary to answer key questions:
Who uses which files & folders?
Who owns them?
Who isn’t using data?
How can access controls be tightened?
What data is not being accessed at all?
What can we archive?
Common IT Questions:
Who deleted my files?
Common Security Questions:
What did this person access?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL15
Audit trail: What to look for
Non-Intrusive
Complete
Normalized
Searchable, Sortable
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16
2. PERMISSIONS INVENTORY – IMPORTANCE
Permissions are how we manage access
They are on every type of container
Folders, SharePoint objects, Mailboxes, etc.
Without a map of permissions, we can’t answer:
Who has access to which files, folders, etc.
What data a user or group has access to
Where permissions are misconfigured, too loose
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL17
Permissions Inventory: What to look for
Non-Intrusive
Correlate Users & Groups
Bi-Directional
Complete, Pre-Collected
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18
3. PRIORITIZING DATA – IMPORTANCE
Most organizations have many Terabytes of unstructured data
Thousands of folders need remediation
Global access
Large Groups
It makes sense to prioritize remediation efforts on important
data
Key Questions:
What should I remediate right now?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19
Prioritizing Data: What to Look For
Over-Exposed FoldersContaining Sensitive Data
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20
Prioritizing Data: What to Look For
Sensitive Data Exposed DataPrioritized list of folders that should be addressed
Lots of sensitive data
-AND-
Excessive/loose permissions
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21
4. CLEAN UP GLOBAL ACCESS – IMPORTANCE
Data Open to the entire organization
Open Shares
Everyone, Authenticated Users, Users
Key Question:
How do we lock down exposed data safely?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL22
What to Look For: Global Access
Change Modeling
Change Execution
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23
5. IDENTIFYING OWNERS –IMPORTANCE
Data is an asset – who decides?
Who should be allowed to access it
What use is appropriate
That person needs to be defined
Probably shouldn’t be IT
Common responses:
We have owners for groups (we’ll get to that)
Managers decide who should have access
(inefficient and ineffective)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL24
Ownership: What to look for
Easy identification of:
Folders that need owners
Ownership candidates
Owner assignment and tracking
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25
6. ENTITLEMENT REVIEWS – IMPORTANCE
Access Control Needs Change
People change jobs, roles
Teams form and dissipate
Key Question
How can we make entitlement reviews more efficient and effective?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL26
Entitlement Reviews: What to Look For
Intelligence
Automated
Delivery
Execution
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL27
For unstructured data, a critical link has been lost:
Which groups grant access to which resources?
7. ALIGN GROUPS TO DATA – IMPORTANCE
UNKNOWN
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL28
Permissions Map
Simulation Capabilities
Unused, Empty Groups
GROUPS TO DATA: WHAT TO LOOK FOR
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL29
8. AUDIT ACCESS CHANGES –IMPORTANCE
Now that we’ve fixed everything, we need to keep it that way.
Access Control Lists
Group Membership
Changes must be approved by owners
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL30
CHANGE AUDITING: WHAT TO LOOK FOR
Complete
Sortable, Searchable
Reportable
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL31
9. Identify Stale Data – Importance
40-60% of data is likely stale and can be archived without impacting business
activity
ActiveStale
How much are you spending on storage?How much data is unnecessarily accessible?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL32
Stale Data: What to Look For
Uses real activity
Reportable
Automated archiving
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL33
10. CLEAN UP – IMPORTANCE
Complexity breeds mistakes
“Artifacts” Impact Performance
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL34
CLEAN UP: WHAT TO LOOK FOR
Orphaned SIDS
Individual ACE’s
Disabled Users
Looped Nested Groups
Empty Security Groups
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL35
11. Control public cloud services - Importance
Unapproved public cloud servicesRisk
Does the organization even know about data stored there?Who grants/revokes access?Where is the data stored?Security controls – are they available?
IT OverheadUsers/Group management?Permissions management?
Facts80% of organizations don’t allow cloud based file sync servicesBut… 1 in 5 employees already use Dropbox for work!78% would like to offer these services if they could offer them using their existing infrastructure*.
Source: Nasuni http://www6.nasuni.com/shadow-it-2012.html
Source: BYOS http://www.varonis.com/research
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL36
Approved Alternative – what to look for
Can leverages data-in-place
Can leverage existing Permissions and Security
Has External collaboration capabilities
Has Desktop, web and mobile app access
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL37
11 THINGS IT SHOULD BE DOING
1. Audit Data Access
2. Inventory Permissions
3. Prioritize Data
4. Remove Global Access Groups
5. Identify Data Owners
6. Perform Entitlement Reviews
7. Align Security Groups to Data
8. Audit Permission and Group Changes
9. Lock Down, Delete, or Archive Stale Data
10. Clean Up Legacy Groups and Artifacts
11. Get Control of Public Cloud services
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL38
Efficiency AND Risk Reduction
Access Provisioning
20 minutes
1 minute
Permissions Report
30 minutes
1 minute
Identify Data Owner
4 hours
20 minutes
Remediate Global Group
6 hours
10 minutes
Entitlement Review
30 minutes
2 minutes
Management Activity
Manual
Automated
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL39
SECURE COLLABORATION
Too much access
UncontrolledCollaboration
No AccessNo Collaboration
MaximumValue
Negative Value (Damage)
Correct Access
No Value
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL40
SECURE COLLABORATION
Trust• Access is
restricted• Data owners
identified• Owners
Review Access
Verify• Access
Audited• Usage
analyzed• Less will
arrive at endpoints
Data assets need the same controls as financial assets:
Only the right people have access
Access is continually maintained
Use is monitored
Abuse is observed and controlled
top related