PresseBox
Press release BoxID: 453564 (Varonis Deutschland)
  • Varonis Deutschland
  • Kronstadter Str. 4
  • 81677 München
  • http://www.varonis.com
  • Contact person
  • Bill Boyle
  • +49 (2071) 832-840

The Information Access Mafia

(PresseBox) (London, ) Responding to an Information Week feature on the trials and tribulations of a fictitious chief information officer, data governance specialist Varonis Systems says that least privilege automation is clearly the way forward and the controls on handling that data are an essential part of the Governance, Risk and Compliance (GRC) jigsaw, specifying who can do what, where and when with an organisation's information.

Mr. Laura is not alone-the employees in most organizations are over-entitled, and 90% is a pretty typical figure based on our experience. He is also not the only CIO whose business needs to collaborate digitally in order to survive (and thrive). Lastly, he points out that some data assets that are so sensitive that they "will never allow to escalate. But there's an enormous amount of data that is 'gray'..."

If I'm interpreting Mr. Laura's new approach correctly, he will be to make it easier for individuals to get access to data (that falls into the "gray" category), observe their use of that data, and then "come down very hard after the fact on those who abuse the privilege."

This approach is not vastly different from the approach we have helped many organizations shape, but I would offer some hope for those that have been operating under the hope that least privilege access is possible and effective: It's not that least access doesn't work, it's that least access doesn't work without the right automation, and correct use of that automation.

Automation is required because the amount of existing and new data that needs protection is enormous, the access control and group relationships are numerous and complex, and the rate of change has increased in the context of team collaboration with digital assets. Too many complex decisions need to be made too frequently in order to maintain a least privilege model through traditional, manual means.

Least access has also been difficult because organizations have lost track of which data belongs to whom-no one knows who is supposed to even make the decision on correct access. Furthermore, monitoring actual data access activity has been, until fairly recently, unrealistic or impossible for most organizations. Without an audit trail, use cannot be monitored, abuse cannot be observed, and access control effectiveness cannot be validated.

Luckily, automation now exists that can audit all data access activity, spot abuse, identify data owners, provide automated recommendations on how to reduce access, and automate the access approval and review processes. With this kind of automation, secure collaboration-with least access- is not only possible, but will become standard.

For more on Varonis: www.varonis.com

For more on the Information Week CIO conundrum: http://bit.ly/pw6zre

Varonis Deutschland

Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,500 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel