Kronstadter Str. 4
81677 München, de
+44 (20) 71832-833
Varonis Enables Departments and Agencies to Comply With New Wikileaks us Document Automation Clampdown
Limit and Automate Access to Sensitive Data with Free Trial of the Varonis Data Governance Software Suite(PresseBox) ( London, )
Key in this assessment is the area of "safeguarding" (Section 3), which requires departments and agencies to limit and automate access to sensitive data. Specifically, the memo asks organisations to identify how they "ensure access to classified information in automated systems is limited to those persons who: (a) have received a favorable determination of eligibility from the agency head or their designee, (b) have signed an approved non-disclosure agreement, and (c) have a need to know the information". Section 3 goes on to ask "How are need-to-know determinations made in your agency reflected in your management of automated systems?".
Who Knows Who Needs to Know?
Currently, an average Terabyte of data contains roughly 50,000 containers. Of those 50,000 containers, 2,500 usually have unique permissions applied to them. These permissions usually refer to several groups that contain a few or dozens of users-an organization of 1,000 users often has 1,000 or more groups stored in their Directory Service (e.g. Active Directory). All of these folder permissions and groups need to be maintained and updated as people change roles and security labels change.
As Cablegate has shown, humans can no longer keep track of who "needs to know" without automation. There are just too many people and groups, too much data and too much change. In fact, 91 percent of organisations can't even identify who should be deciding who needs to know (Source: Ponemon Institute Study, June 2008), nor can they accurately determine which containers their groups grant access to.
Varonis maps what data is accessible by whom and tracks what data is used by whom. Like search engines and online stores, Varonis uses sophisticated analytics to make recommendations about who should and shouldn't be in which groups, and who should and shouldn't have access to data. For example, recommendations automatically highlight users that have changed roles yet still have access to data sets that are no longer relevant for them, users that are in incorrect groups, and other access control errors.
Identification of Data Owners, Automated Authorization and Review
Varonis also uses automation to help identify data owners-the most active users of a high level container where the organization has write access are very likely candidates. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a web-based interface-that are then executed-with no IT overhead or manual backend processes.
Once data has been locked down so that only those who need to know have access, access still needs to be monitored-trust, but verify. Varonis analyses all data usage to identify users that suddenly deviate from their normal access patterns, or suddenly access a statistically significant number of files. These alerts can be routed to the proper personnel for immediate review.
Leveraging Metadata to Limit and Automate Access to Sensitive Data
A critical part of limiting and automating access is the ability to leverage metadata - data about data (or information about information). When it comes to identifying sensitive data and protecting access to it, a number of types of metadata are relevant: user and group information, permissions information, access activity, and sensitive content indicators. A key benefit to leveraging metadata for preventing data loss is that it can be used to focus and accelerate the data classification process. In many instances the ability to leverage metadata can speed up the process by up to 90 percent, providing a shortlist of where an organization's most sensitive data is, where it is most at risk, who has access to it and who shouldn't.
The Varonis Metadata Framework(TM) technology that forms the foundation of Varonis software, non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes, normalizes, analyzes, stores, and presents the metadata to IT administrators in an interactive, dynamic interface - automating the process of finding areas with excessive permissions and abnormal access activity, understanding who can access, who is accessing, who shouldn't have access, and who owns the data, and enabling remediation of risk faster than traditional data protection products.
"Federal agencies need to know that they no longer have to manually manage permissions to ensure that only the correct users have access to the right data and that their permission can be revoked when they no longer need them," said Yaki Faitelson, chief executive officer, president and co-founder of Varonis Systems. "The previously impossible is now possible through the intelligent use of metadata and data governance automation. The instinctive reaction of many to these WikiLeaks is to try and lock down all data - that is not only impossible, it is unnecessary if you use the right technology."
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an firstname.lastname@example.org.