Varonis Launches DatAnywhere: Secure File Sharing for Enterprises

May 29, 2013

Today I’m happy to announce that Varonis DatAnywhere, an enterprise-class file sync and sharing solution, is now GA (generally available).  We’re also hosting a webinar on DatAnywhere this afternoon if you want to see it in action.

I’ve been using DatAnywhere every day since the early alpha version was handed to us a few months ago.  Along with an amazing group of beta customers, we were able to provide engineering with the feedback they needed to iterate fast and furiously and, ultimately, create a product we loveto use.

Some reasons why I love DatAnywhere:

DatAnywhere stays out of the way.

I’ve used Box and Dropbox for personal data and both products are a pleasure to use.  I have a folder, I put stuff in it, and it syncs.  That’s it.  DatAnywhere is exactly the same experience.  From a user’s perspective, it could be a cloud app.  Or a hybrid app.  I wouldn’t know the difference.  But my IT department and CEO can rest assured that our company IP won’t leave our corporate infrastructure.

It’s mobile.

I can get to my files from iOS, Android, Mac or PC.

I can easily share files with third parties.

I can right-click and instantly generate a pin-coded URL where parties and customers can download or upload files from a web UI.

It’s secure and auditable.

Everything is encrypted over the wire, I don’t need to connect to a VPN to sync, all data is stored in our data center—not in a third-party cloud—and IT can monitor user activity and shared links.

It doesn’t change our existing infrastructure.

We got up and running fast because we didn’t have to move our data to a dedicated server.  As Terri McClure, Senior Analyst at Enterprise Strategy Group puts it:

“With Varonis DatAnywhere, organizations don’t have to modify their processes, infrastructure or permissions in order to give end users the functionalities they crave.  Access controls stay the same, data classification continues to function, and data doesn’t need to be moved to a new server.”

We left everything on the NAS with its existing NTFS permissions in-tact.  We use Active Directory authentication, so there was no need to create additional users and groups.

If this sounds good to you, sign-up to try DatAnywhere for free today.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , | Permalink
Posted by david ricketts

5 Steps to Get Data Owners Started : What to do with my data

April 8, 2013

During a recent conversation a customer asked if we had a Getting Started Guide for Data Owners. After using Varonis to identify and assign owners, one of the new data owners asked, “What am I supposed to do now? What do data owners do?”  In order to help him—and anyone else in this situation—I created 5 high-level steps business users can follow to get started as a data owner.

Step 1: Take inventory of your data and confirm ownership

One of the first things data owners should do is review the data for which they are responsible; IT should provide them a report listing all the folders, SharePoint sites, etc. that they own. Owners should carefully review this report and confirm with IT that they are, in fact, the correct owners of this data. It is also important that they understand which, if any, of these folders contain sensitive data, which folders are open to other groups in the organization, and which teams they expect to collaborating with.

Once they have reviewed their data assets, they will be able to start governing and protecting their data effectively. In addition, they should determine if other users will need to be involved in the authorization process (delegated “authorizers” for specific folders), and coordinate with them on how access requests will be processed.

Step 2: Review permissions/users with access

Once they’ve confirmed ownership and they understand the types of data contained in these folders, the next step would be to perform an initial Entitlement Review.  These can either be done manually with IT provided lists of people to review, or with automated solutions, like Varonis DatAdvantage and DataPrivilege.

During an initial entitlement review, data owners will review which users have access to which data and make decisions about which users should be removed or added. Solutions that provide automated entitlement reviews, like DataPrivilege, automate this task end to end, providing actionable information to data owners, (e.g. recommendations based on access activity and cluster analysis) and effect changes to the appropriate ACL’s and groups without IT intervention.

It is important that this step be carefully performed, whether manual or automated, as this will be the first step in cleaning up excess access and ensuring that only the right people have access to data.

Step 3: Ensure all requests are processed for the appropriate reasons

Once owners have performed their initial review, they should now be in “maintenance mode” and ongoing data ownership activities shouldn’t take much time– they’ll mostly need to approve/decline access requests as they come up, either with an automated solution (like DataPrivilege) or through a manual process. As a best practice, every access request should ask the requestor to enter a reason for requesting access, either selected from a menu of legitimate reasons, or manually entered.

Data owners should consider access requests carefully, especially when the data they’re managing is sensitive:

  • What data are they requesting access to?
  • If I grant access, is there anything in that folder that they should treat as confidential?
  • Should access be granted permanently, or temporarily?
  • If access should be granted temporarily, how will we remember to revoke it? (Manual process or with automation like DataPrivilege)

Step 4: Do periodic entitlement reviews

On a regular basis—once a quarter, every 6 months, etc.—IT should require owners to complete an attestation, or entitlement review. This will ensure data owners review any changes or new recommendations made since their last review and ensure that organizational changes have not granted unwarranted access. Owners should have the option to specify where access should be restricted or stay the same, and a record of their decisions should be kept. Entitlement reviews help organizations efficiently maintain a least privilege model.

Step 5: Review access statistics on your data

If available, data owners should have the ability to access a dashboard which includes permissions and access activity relevant to their data, as with DataPrivilege’s Self-Service Portal. Data owners can make better decisions if they are able to see who is accessing their data, which folders are most accessed, least accessed, or stale, and who is accessing folders that hold sensitive data.

Conclusion

While there are a lot more details on data ownership, we hope this list provides a starting point for Data Owners on how to govern their data effectively. For more information you can visit our collection of blogs on data ownership or download our whitepapers from our resource center.

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , , , , , | Permalink
Posted by david ricketts

What is really at risk that we need to protect it ???

February 25, 2013

The most important thing you can identify is re-think the way you look at data and security. You must understand what is really at risk and then protect it.  Below are five key principles that you must remember when it comes to protecting your data:

Fit your PC with “Lock” to protect your privacy now!

1.    ALL data has value.
No matter how harmless or insignificant a bit of information may seem, it can probably be used by someone and they are willing to pay for it.

2.    Data” means all communication or information.
This may include many things that some may not have considered data such as VoIP calls, e-mails, etc.

3.    You must assume all data sent in the clear can be easily collected, mined replicated and stored.
Over time, mass amounts of data can be collected and sifted through to gain a pretty good view of an organization.

4.    Once stolen, data can be sold and used repeatedly by multiple people or groups.
Just because your data is stolen once, doesn’t mean it will only be used once.

5.    Security measures should focus on protecting “the thing of value” rather than preventing “events”.
You can’t predict how, when or where an event will take place. This type of defense is always reactionary. Sometimes the event is undetected.

Posted by 

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Using Varonis: Involving Data Owners – Part II

February 13, 2013

(This is one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

If your doctor said “Your blood pressure is 120/95” would that mean anything to you?  Even if you could interpret that data as symptomatic of stage 1 high blood pressure, would it be actionable?  A helpful doctor would not only help you understand your vital stats, she’d also empower you to make informed decisions about your health.

Likewise, not only should we deliver targeted reports to data owners, we should ensure that the information is actionable and provokes intelligent, data-driven decisions.

The next step in the Operational Plan is to help owners make informed decisions about who should have access to their data, and make sure they’re decisions can be executed without bogging anyone down in paperwork. With DataPrivilege we can do exactly that.

Entitlement Reviews

One of the first actions data owners can take is to re-certify access to their data through an attestation, or entitlement review. At a high level, the owner will review the list of users who have access, and users who probably shouldn’t have access to their data, make any appropriate changes, and then commit those changes to file systems or directory services. What has typically been a very manual and time-intensive (for IT) task can be completely automated with DataPrivilege, the internal web-based interface into the Varonis Metadata Framework.

Once configured, DataPrivilege Entitlement Reviews offer automatic, web-based forms delivered on a regular basis that show data owners exactly who has access to their data, highlighting any users that DatAdvantage recommends for removal based on its automated analysis. These recommendations show owners those users who have likely moved on to other roles, left the company, or were added by mistake.  Varonis’ recommendation engine is like the doctor withextremely trustworthy advice on how to immediately improve your health.

These entitlement reviews can be set up for data sets—reviewing the users with access to a specific folder or share—and/or for security groups or mail-enabled distribution lists. This means an organization is able to effectively shift the burden for access reviews for all data to its rightful owner, as well as leverage the same system for application and other group reviews.

Authorization Workflow

While entitlement reviews are key to correcting and maintaining access controls, it’s also important to involve owners at the “point of sale,” when access is initially requested by a user. Traditionally, access control approval has often come from the manager of the requesting user, a group owner that may or may not be aware of what data that group grants access to, or IT rather than the actual Data Owner. This is a problem, since that’s not usually the person who has the best context to make good access control decisions.  To continue our metaphor—it’s like allowing the pharmacy decide which medicine we should take.

DataPrivilege changes this model by offering an authorization workflow that puts decisions into the hands of owners and their designated delegates. A big part of operationalizing DataPrivilege is transitioning this approval process from IT to the end users and owners themselves. It can mean significant operational resource gains for IT as well as a higher level of service and data protection.

Self-Service Portal

The last thing I want to mention about DataPrivilege is the Self-Service Portal, which allows Data Owners to get information and make decisions on-demand. The DataPrivilege portal lets owners see—at any time—information about their data, including permissions, log information and statistics.

We’ve found that many of our customers have seen impressive results once they deploy the portal to their users. If you give owners information about their assets and the ability to make decisions, they tend to use it. The Self-Service Portal is another way IT can shift the management burden to owners themselves.

Empowering owners to implement policy is a great first step, but Data Privilege also offers the ability to automate a lot of this work. The next step in the Varonis Operational Plan involves setting up and deploying automatic rules. Stay tuned!

Related articles

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Using Varonis: Involving Data Owners (Part I)

January 2, 2013

(This one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

Almost every organization is now data driven. With all the talk about data growth and big data analytics over the past couple of years, people have started to ask: “How do we maximize the value of our data? How can we make sure we’re deriving real business benefit?”

The keys to maximizing the value of our data are to gather the right intelligence about it, and then give the right people the ability to take action using the intelligence you’ve gathered.

Now that we know who our Data Owners are, it’s time to start getting them involved. Remember that it’s the owners—not IT—that have adequate context to make decisions about who should and shouldn’t have access to their assets.

The next step in operationalizing Varonis is to provide owners intelligence about their data assets.  DatAdvantage can deliver data-driven reports that shed light on what is happening with their data: who can access it, what they’re doing with it, which data is stale, etc. These reports greatly simplify and optimize reporting by delivering reports to all owners which contain information aboutonly the data they own.

An Example

Say you’ve spent a few weeks identifying and confirming business owners for all of the top-level folders on a large NAS (or two, or three…). Depending on the size of the company, this might be a few dozen or a few thousand people. One of the most common next steps is to provide permissions reports on all of these data sets to the relevant owners. So the HR owner gets a report on all of the users who have access to the HR folder, for instance. It’s the same with Finance, Marketing, R&D, etc. In the past, you would have to create and deliver a separate report for each owner, which depending on the complexity of your reporting process might be an onerous undertaking all by itself. DatAdvantage gives you a far better alternative.

In DatAdvantage, to accomplish the same thing, you’d only need to create a single report, and all owners would get permissions reports once a quarter (or however often you like). Create the report, include the proper filters and formatting, and then set up a data-driven subscription to be delivered on the first day of the first month of the quarter. That’s it you’re done.

Every quarter, every data owner is going to get that report in their inbox, and the report will contain information about only the data that they own—they won’t see anything that doesn’t belong to them. As you add and change owners over time, the subscription will continue to work without intervention. If my job role changes and suddenly I’m the owner of additional folders, my permissions report will show those as well. If I’m no longer an owner, my report won’t contain information about what I no longer own.

Permissions reporting is a great use case for data driven reports, and it’s not the only one. Reports that show actual access can be useful, too.  What if every data owner could see exactly who on their team was accessing data most? What about those people who weren’t accessing any? Or people from outside their team bumbling around?  Who creates content? Showing owners what data is stale or which folders are growing the fastest can help give them understanding of how their using resources. Providing owners intelligence about where their sensitive data is, where it’s exposed, and who has been accessing it lead to informed decisions about how they can reduce risk.

Once you’ve started putting intelligence into the hands of your owners, the next step is to give them the power to take action without bugging IT. We’ll cover that next.

Related articles

2 Comments | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , , | Permalink
Posted by david ricketts

Top 3 SharePoint Security Challenges

December 14, 2012

The rapid adoption of SharePoint has outpaced the ability of organizations to control its growth and enforce consistent policies for security and access control. The ease with which SharePoint sites can be created means that SharePoint use is decentralized and often outside the purview of IT departments, security personnel and even dedicated SharePoint administrators.

So what are the top 3 SharePoint security challenges?

1 – Organic and chaotic deployment of SharePoint sites

Pervasive departmental use of SharePoint means that all types of data makes its way into SharePoint repositories. This can range in sensitivity and importance and may easily include human resources or product information. So, now the problem for organizations becomes not only identifying sensitive data but locating all SharePoint sites, existing and emerging.

2 – Ad hoc, complex permissions administration

The levels and types of permissions available with SharePoint are more complex than their NTFS counterparts, and the additional granularity and inheritance complexity creates more access levels and a high probability for erroneous or overly permissive access.

While access control decisions may be (rightly) left to the data owners through SharePoint’s permissions workflow, the complexity of its implementation often leads to inconsistency in ACL configuration and group assignment. Without strict auditing and oversight, permissions may be set in conflict with enterprise-level access policies, and may not include key business intelligence about why the access should be limited (e.g., content might be regulated or copyright protected).

3 – Limited, resource-intense auditing

Key to maintaining good access control over data is continuous monitoring of how data is being used. This is another challenge with a SharePoint environment. Microsoft SharePoint audit detail is geared toward helping site administrators manage content, not toward refining access policy. Consequently there is no way for SharePoint administrators to easily establish which users took what action on data.

The native auditing capabilities are also limited in terms of scalability across sites. “Normalizing” the data, i.e., creating a unified and accurate view of data use and access across sites and locations, is challenging and time-intensive. Exacerbating the problem is that files on SharePoint often make their way to other platforms like file shares and email – without a unified audit trail of activity, understanding how and by whom data is accessed in the collaborative environment can be a significant challenge.

Download our FREE guide to learn how to make sense of SharePoint permissions & lock down and monitor your sensitive data.

Related articles

1 Comment | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

L’Oreal: The Next Level XBOX 360 App

October 10, 2012

L’Oreal have moved into the console gaming territory with ‘The Next Level’ XBOX 360 App, a personalised world of beauty, style and entertainment delivered right into the Xbox gaming console, complete with a participation based rewards program. The app includes things like a personal stylist, tips, forums, inspiration and even an educational style academy program… The more you interact with the app, including the more friends you bring into the experience, the more ‘Style Cred’ points you earn, which are in turn redeemed for the latest offers from L’Oreal.

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , , , | Permalink
Posted by david ricketts

Mastering Big Data

October 3, 2012

Date: Thursday, November 1, 2012
Time: 14:00 – 15:00 GMT

Big data analytics has already turned entire industries on their heads. To date, many big data analytics are associated with “machine generated” data like trade information, location data, etc. However, 80% of organizational data lives on file servers, NAS devices and email systems in the form of spreadsheets, presentations, audio files, video files, blueprints and designs—human generated content.

Learn how big data analytics helps organizations better leverage, manage, and protect their human generated content:

  • Identify areas of high risk
  • Optimize workflows
  • Connect disparate teams and data sets
  • Discover new patterns, flag potential abuse
  • Enhance data access control, ownership, classification, entitlements and authorization processes

Please see link below to the webinar


http://www.varonis.com/partner/uk/promo/1?utm_source=VAR-C24-UK

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

The 4 Key Requirements for Business Intelligence Reporting

September 26, 2012

A recent white paper published by Birst, Inc., a San Francisco based provider of “agile business analytics” software and solutions, points up the four ‘foundational requirements’ of a business intelligence (commonly called “BI”) solution.  They remind us that our ERP systems are merely a tool, a means to an end, and that end is to extract intelligent information from the underlying data in order to improve our business management decisions.

The article, available here (you’ll have to provide contact info first) points to four key capabilities (along with our own commentary about them):

1.) Historical analysis and reporting.  You want information not just on your business performance, but on the key drivers of that performance as well.  You need to know not just your results, but your influencers.  This usually involves mapping and understanding data over a long time frame, measured often in years.  That’s a lot of data.

2.) Forecasting and future projection.  Collecting and understanding your data is one side of the task.  Projecting into the future is the other.  So for example, once you know something about the progress and flow of past sales deals, the size of your pipeline, the length to close… you’re more able to project the progress of future deals.  The goal is to align your resources with your forecast for maximum efficiency.

3.) Ability to integrate information from multiple business functions.  Integrating the data you need to make better decisions may require multiple data sources.  Obviously, this burden is minimized if you’re operating under, more or less, a single (or limited) silo of information.  This is where an integrated ERP solution starts to really shine.  Often the data there, give or take the contents of a couple of spreadsheets, is more than enough to provide meaningful insight.

4.) Easily explored reporting and analysis.  Decision makers need to understand the big picture.  Sometimes, they need a good bit of detail to be able to do so.  This speaks to the need for explorable reports, drill down capabilities, ad hoc queries and business dashboards.  Flexibility and robustness, without being overly complex, are helpful.  Today we find the better ERP systems can provide much of this.  More sophisticated BI solutions will boost your reporting capabilities significantly, a feature most appreciated in larger, more diverse organizations.

A solution that provides the above foundation, whether it’s part of an ERP system or an add-in, ensures you’ll have the right analytical tool when it comes time to convert hard data into meaningful information that can inform better decision making.

Ironically Bi24 provides all these elements and much more

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Defensible Disposal with Automation

September 13, 2012

It’s no secret that the data on corporate servers is growing exponentially. Documents, presentations, media, spreadsheets, and other files are constantly being created and moved onto servers, and after a while, most of it is rarely used, if at all. However, much of this stale data also must be retained in order to comply with regulatory compliance, or to maintain business continuity.

Many IT departments are faced with the reality of having to either continually expand their storage infrastructure or try to accurately determine which data can be safely disposed. The first option is costly and results in basically paying for information you’ll never use, while the latter can be costly in terms of man-hours and brainpower, especially without an automated process in place.

Let’s examine the options a bit closer.

Do Nothing

While it seems like a simpler solution to keep expanding your hardware and try to hold onto every bit just in case it is needed some time in the future, this sort of inaction with regards to defensible disposal is simply not a viable option. Allowing vast amounts of data to accumulate will make it increasingly difficult for users to find relevant data, slow down e-discovery, cause servers to perform poorly, and possibly even crash them, costing your business precious time and money.

Do Anything

Taking the wrong action can be just as damaging. Deleting your CEO’s old email archive might result in a very uncomfortable conversation; disposing of files that you are legally obligated to retain (for HIPAA, HITECH, SOX, etc.) can cost people their jobs, and possibly result in legal action. That’s something no IT professional ever wants to have to deal with.

Do the Right Thing

It should be clear by now exactly why proper defensible disposal techniques are integral to the survival of any business, especially those with sensitive data. Proper disposal techniques can save money and time by streamlining the process of deleting useless data and allowing for admins to focus on other more pressing needs.

If you’re finding the process itself takes quite a bit of planning and/or some sophisticated technology to do most of the heavy lifting, consider automating with technology like the Varonis Data Transport Engine. Varonis DTE simplifies the process of defensible disposal by leveraging our Metadata Framework, allowing admins to automatically and continually delete or migrate data based on a wide array of criteria, such as the content of the file or the date it was last accessed by a human user. This ensures that information that needs to be retained isn’t disposed of by accident and the data that can be safely deleted proceeds safely to bit-heaven, or bit bucket, or /dev/null.

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 753 other followers