The Fallacy of the Security No-Man’s Land

March 5, 2013

Mike Rothman of Dark Reading wrote an interesting piece, which Bruce Schneier echoed last week, arguing that security vendors are focused on the top 1,000 enterprises, leaving the meager mid-sized businesses that live beneath the Security Poverty Line to fend for themselves.  Rothman:

“These folks have a couple hundred to a couple thousand employees. That’s big enough to have real data interesting to attackers, but not big enough to have a dedicated security staff and the resources they need to really protect anything.”

I feel this argument is a tad overstated.  Think about what the No-Man’s Land theory says about the business models of security vendors—that they’re collectively and deliberately ignoring an entire forest full of deer and rabbits with hopes of nabbing a few elephants?  Sounds like a surefire way to starve to death.  (My apologies, vegetarians.)

Rothman really nails it on the head here, though:

“What folks in security no-man’s land need most of all is a security program. They need an adviser to guide them through the program. They need someone to help them prioritize what they need to do right now. ”

YES!  This is the secret sauce. But what makes this exclusive to large enterprises?  Despite not having bespoke security, it’s hard to excuse mid-market companies that don’t go after the low-hanging fruit (sorry, carnivores).

Rothman continues:

“They don’t want or need someone to do everything for them. And they certainly don’t need a shiny object to stop the attack du jour. “

The “blocking and tackling” Rothman calls for something every organization can start doing—large or small.  For unstructured data, Varonis has an entire blog series detailing precisely how companies can implement a security action plan, and Varonis will custom-tailor every step around the resources available.

By focusing on the fundamentals, we’ve seen some mid-market businesses with a few ultra-bright security and operations folks implement more comprehensive and successful IT security programs than Fortune 100s with ostensibly limitless budget and staff.

3 Comments | Application Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

C24s business intelligence solution is child’s play

December 13, 2012

C24 have seen a significant uptake of our Bi24 business intelligence solution over the last year. The solution has been applauded for it ease of use and the speed of installation.

The following is a comment from a recent research document that highlights the strengths of the solution:

Business intelligence (BI) technology holds out much promise, but experience would tend to indicate that it can be difficult to use, requiring specialist skills and imposing considerable latency between need and information delivery. Bi24 addresses these issues for many business needs and the ease-of-use has to be seen to be appreciated. The technology is built on the well regarded Lucene open software search technology and because of this most things are possible. While Bi24 does not give much profile to unstructured data search, a great deal of functionality is delivered out-of-the-box so that email and documents can be incorporated into search and analytic’s functionality. The key to understanding the power of Bi24 is that it provides a search approach to BI.”

“What this means on a day-to-day level is that business users can formulate their own analytical and search needs with ease. This is a highly pragmatic, but in no way compromised BI tool and we would recommend that organisations of all sizes should look at the offering.”

To prove the point the below image is of the daughter of a BI lead who is using the Venn elements of the solution for her homework

IMAG0600

5 Comments | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Using Varonis: Who Owns What?

December 13, 2012

(This one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

All organizational data needs an owner. It’s that simple, right? I think most of us would be hard pressed to argue against that as a principle—the data itself is an organizational asset, so of course it’s not the Help Desk or AD Admin folks who own it, it’s the users or business units that should own it. Of course, that’s great in theory, but with 1, 5, 10, or even 20 years’ worth of shared, unstructured data, figuring out who owns data is far from simple, let alone involving those owners in any meaningful way.

Before we get into using Varonis to locate owners, I want to talk about why finding a single data owner can be such a problem. IT probably knows who owns the Finance folder.  It’s the CFO or a delegated steward. Same with HR, Marketing or Legal—these tend to be clearly-delineated departmental shares and it’s not hard to figure out whom to go to if we need an informed decision. (Regularly involving those owners in data governance is a different problem, and one I will cover in future posts.)  The identification for these folders is relatively straightforward.

But what happens if you need to find the owner of a folder that has a less obvious name? What if the folder’s name is a project ID, or an acronym of some kind? In my experience, a majority of unstructured data resides in folders that aren’t obviously owned by anyone.

What IT tends to do then is a few different things:

  • Check the ACL and see which groups have access. If it’s a single group with an obvious owner, that’s a likely candidate. If the ACL contains many different groups or a global access group like Domain Users, though, this tactic tends to fail.
  • Check the Windows owner under Special Permissions. This metadata can be helpful, but can also be a red herring since it’s often just set to the local Administrator of the server. Even if there’s actually a human user there (who likely created the folder), that value may be outdated or inaccurate.
Special Permissions Dialog
  • Check the owner of files within the folder. Same problems as above.
File Properties Dialog
  • Enable operating system auditing to identify the most active user. Anyone out there excited about turning on file level auditing in Windows? I have yet to talk to anyone who answers yes to this question because of the performance hit on the server as well as the storage required and expertise to parse the logs effectively.
  • Turn off access and see who complains. Not an optimal strategy when it comes to critical data.
  • Email the world and hope for a response. In general, people don’t want to take ownership of something without good reason, since it may mean more work. How confident are you that the proper owners (who may be at a management or director level) are going to know exactly which data sets their teams are using regularly? If they’re not sure, are they going to jump to take responsibility?

So finding owners is hard, let alone finding owners at scale. If you’ve got thousands of unique ACLs and you want owners for all of them (or at least the ones that make sense) you’re going to have to go through some version of this process for each one. It’s no wonder we haven’t done a good job of this over time. Thankfully, there’s a better way.

Step 4: Identify Data Owners

The key difference between attempting to solve this problem manually and attacking it intelligently with Varonis is the DatAdvantage audit trail. A normalized, continuous, non-intrusive audit record of all data access is a key piece of DatAdvantage, and it allows us to actually identify data owners at scale without having to hunt and peck. Once you start gathering usage data and rolling it up into high level stats you can start to see the likely owners of any data set, not just the obvious ones.

DatAdvantage gives you two straightforward ways to get this information: First, we can quickly take a look at a high-level view of a single folder within the Statistics pane of the DatAdvantage GUI. This will show us the most active users of a particular folder. We like to say that at most, you’re one phone call away, since if the most active user isn’t the data owner, they almost certainly know who is.

You can operationalize this process even further by creating a statistics report, which can be run on an entire tree or even a server. A single report can show the top users of every unique ACL, and it’s possible to set up advanced filters to make this even more useful—showing only users outside of IT or in a specific OU, for example. You can even add additional properties from AD to the report, showing each user’s department or line manager, if available. None of this is possible without constantly gathering access activity and providing an interface to combine it with other available metadata.

Identifying owners is useful, but actually involving them is where IT can really start to make headway when it comes to ongoing governance. We’ll tackle that next.

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Using Varonis: Which Data Needs Owners?

December 6, 2012

(This one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.)

Which Data Needs Owners?

In a single terabyte of data there are typically around 50,000 folders or containers, about 5% of which have unique permissions. If IT were to set a goal of assigning an owner for every unique ACL, they’d need to locate owners for 2,500 folders. That’s quite daunting. And most organizations aren’t dealing with a single terabyte of data; in fact, many enterprise installations we encounter are dealing with multiple petabytes of unstructured data. Clearly we need a more surgical approach to assign owners.

Varonis tackled this problem with a longtime customer who needed to identify and assign owners for more than 200 terabytes of CIFS data on their fleet of NetApp filers. There were about 40,000 users in the company, approximately 3,000 of which (as it turned out) needed to be as designated owners for some data.

When we started taking a close look at specific folders, we discovered that many of them (especially at the top of the hierarchy) simply didn’t need an owner; the only users who could read or write data, according to the ACL, were either services accounts or administrative/IT.

What we needed was a methodology for locating the folders where business users had access and a way to identify the likely owner for just those folders. So that’s what we built.

The logic went like this:

  • Identify the topmost unique ACL in a tree where business users have access.
  • If that ACL’s permissions allow write access to users outside of IT, it’s considered a “demarcation point.”
  • For what’s left, identify higher-level demarcation points where non-IT users can only read data.
  • For each demarcation point, identify the most active users
  • Correlate active users with other metadata, such as department name, payroll code, managed by, etc.

The end result of this process is that each demarcation point has a likely ownership candidate. For this particular customer, the next step was to go through a survey process to confirm ownership of each demarcation point with the likely owners (as determined by Varonis’ reports). Any data without a confirmed owner was locked down to remove non-IT access and underwent a separate disposition process.

Other customers have since added content classification and other risk factors in order to better prioritize the data ownership assignment process. With a good classification scheme in place, IT is able to start assigning owners to the most critical data first.

The key takeaway from this process is we can use DatAdvantage to quickly identify the folders that need owners as well as likely owners, so IT doesn’t need to make decisions about 2500 folders per terabyte of data.

While this report was a originally a customization for one customer, we’ve now baked it right into DatAdvantage as report 12M – Recommended Base Folders.

Now that we know who our owners are, the next step is to start getting them involved. My next few posts will cover exactly how we do this using both DatAdvantage and DataPrivilege.

Stay tuned!

2 Comments | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , | Permalink
Posted by david ricketts

Three V’s of Big Data with Example:

November 22, 2012

1. Volume:

TB’s and PB’s and ZB’s of data that gets created:

From the webinar “How to Walk The Path from BI to Data Science: An interview with Michael Driscoll, data scientist and CEO of Metamarkets” – A global surge in Data

2. Velocity:

The speed at which information flows.

Example: 50 Million tweets per day!

twitter 50 million tweets per day

(This is back in Nov. of 2010 – the number must have increased!)

3. Variety:

All types of data is now being captured which may be in structured format or not.

Example: Text from PDF’s, Emails, Social network updates, voice calls, web traffic logs, sensor data, click streams, etc

data variety big data

Image courtesy

And this may be followed by other V’s like V for Value.

Conclusion:

In this blog-post, we saw Three V’s of Big Data with Example

Thanks to http://parasdoshi.com/2012/11/22/three-vs-of-big-data-with-example/

Related articles

1 Comment | Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

4 Secrets for Archiving Stale Data Efficiently

November 16, 2012

The mandate to every IT department these days seems to be: “do more with less.” The basic economic concept of scarcity is hitting home for many IT teams, not only in terms of headcount, but storage capacity as well. Teams are being asked to fit a constantly growing stockpile of data into an often-fixed storage infrastructure.

So what can we do given the constraints? The same thing we do when we see our own PC’s hard drive filling up – identify stale, unneeded data and archive or delete it to free up space and dodge the cost of adding new storage.

Stale Data: A Common Problem

A few weeks ago, I had the opportunity to attend VMWorld Barcelona, and talk to several storage admins. The great majority were concerned about finding an efficient way to identify and archive stale data. Unfortunately, most of the conversations ended with: “Yes, we have lots of stale data, but we don’t have a good way to deal with it.”

The problem is that most of the existing off-the-shelf solutions try to determine what is eligible for archiving based on a file’s “lastmodifieddate” attribute; but this method doesn’t yield accurate results and isn’t very efficient, either.

Why is this?

Automated processes like search indexers, backup tools, and anti-virus programs are known to update this attribute, but we’re only concerned with human user activity. The only way to know whether humans are modifying data is to track what they’re doing—i.e. gather an audit trail of access activity. What’s more, if you’re reliant on checking “lastmodifieddate” then, well, you have to actually check it. This means looking at every single file every time you do a crawl.

With unstructured data growing about 50% year over year and with about 70% of the data becoming stale within 90 days of its creation, the accurate identification of stale data not only represents a huge challenge, but also a massive opportunity to reduce costs.

4 Secrets for Archiving Stale Data Efficiently

In order for organizations to find an effective solution to help deal with stale data and comply with defensible disposition requirements, there are 4 secrets to efficiently identify and clean-up stale data:

1. The Right Metadata

In order to accurately and efficiently identify stale data, we need to have the right metadata – metadata that reflects the reality of our data, and that can answer questions accurately. It is not only important to know which data hasn’t been used in the last 3 months, but also to know who touched it last, who has access to it, and if it contains sensitive data. Correlating multiple metadata streams provides the appropriate context so storage admins can make smart, metadata-driven decisions about stale data.

2. An Audit Trail of Human User Activity

We need to understand the behavior of our users, how they access data, what data they access frequently, and what data is never touched. Rather than continually checking the “lastmodifieddate” attribute of every single data container or file, an audit trail gives you a list of known changes by human users. This audit trail is crucial for quick and accurate scans for stale data, but also proves vital for forensics, behavioral analysis, and help desk use cases (“Hey! Who deleted my file?”).

3. Granular Data Selection

All data is not created equally. HR data might have different archiving criteria than Finance data or Legal data. Each distinct data set might require a different set of rules, so it’s important to have as many axes to pivot on as possible. For example, you might need to select data based on its last access data as well as the sensitivity of the content (e.g., PII, PCI, HIPAA) or the profile of the users who use the data most often (C-level vs. help desk).

The capability to be granular when slicing and dicing data to determine, with confidence, which data will be affected (and how) with a specific operation will make storage pros lives much easier.

4. Automation

Lastly, there needs to be a way to automate data selection, archival, and deletion. Stale data identification cannot consume more IT resources; otherwise the storage savings diminish. As we mentioned at the start, IT is always trying to do more with less, and intelligent automation is the key. The ability to automatically identify and archive or delete stale data, based on metadata will make this a sustainable and efficient task that can save time and money.

Interested in how you can save time and money by using automation to turbocharge your stale data identification? Request a demo of the Varonis Data Transport Engine.

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

5 Step Guide to Reducing the #1 Data Security Risk

September 20, 2012

Last week I had the opportunity to attend an event on 3rd party data security and risk. Throughout the event, I talked with folks from many different industries and in many different roles. I spoke with auditors, general IT managers, storage administrators, CIOs, and of course, security professionals.

What is the Top Priority for Reducing Risk?

Everyone shared one common concern:

How can we reduce risk and protect our clients’ data?

One executive was asked, “Which area would you consider your number one priority for reducing risk?” His decisive answer was that, of all the areas of risk his massive enterprise faces, priority number one is unstructured data security.

This shocked me a bit at first, but when you think about it, it makes perfect sense. According to Gartner, unstructured data accounts for more than 80% of all organizational data, and it’s growing approximately 50% every year.

Even data that is normally stored in databases or apps is regularly being dumped into spreadsheets for analysis, PowerPoint slides for presentations, PDFs for reading, and email for sharing between teams.

When you think about it this way, it becomes very easy to see why unstructured data is the highest risk area for many IT departments.

Compliance and Regulations

In addition to the intrinsic motivation for securing unstructured data, external regulations such as SOX, HIPPA, and PCI are forcing organizations to put processes in place to ensure the protection of 3rd party data. Unfortunately, most organizations don’t have an efficient and affordable way to put these controls in place and prove that they’re being enforced.

An auditor I spoke with mentioned how difficult and time-consuming it is to perform attestations, and how, for most companies, entitlement reviews are manual and painful processes that don’t really accomplish the end goal of protecting data.

Where Do We Begin? A 5 Step Guide

If you are trying to start a risk management project in your organization, here are some actionable ideas on what to focus on:

1. Identify your most valuable assets

All 3rd Party data is valuable. Our clients trust us to manage and protect all of it. But it is critical to pick a starting point. To do this, talk with data owners and key stakeholders to find out which types of data are the most sensitive or most valuable.

2. Locate your most valuable assets

You can’t protect sensitive data if you don’t know where it resides. Is it in the CEO’s mailbox? Is it propagated across all your Windows file servers and NAS devices? In order to do this at scale, you’ll need a data classification framework that can scan files on your network for sensitive content indicators.

3. Identify where sensitive data is overexposed

 

You probably found a ton of high value data in step #2. Now you have to figure out who can access that data and prioritize data sets that are wide-open to everyone.

Many of us, when we move to a new home, we tend to change the locks. Why? Because we don’t know who has had a key in the past – the owners, realtors, past owners, builders? This represents a big risk for us and our families.

The same principle applies with 3rd party data. We need to identify who can access it, and what type of access they have. Then we can identify which data is overexposed, and where permissions need to be tightened up and assigned owners.

4. Monitor Data Access

As my good friend @rsobers says: Context is king. Part of reducing risk is monitoring who is actually accessing the data and what are they doing with it. If we’re constantly monitoring access, we can identify patterns in user behavior and alert when suspicious activity occurs. And if we store the audit data intelligently, we can use it for forensics, help desk, and stale data identification.

5. Use Automation

Are you ready to implement steps 1-4? Do you have an army of IT staff with nothing planned for the next 50 years? Luckily, that won’t be needed. You can use automation to identify the most critical data, understand who can access it, and monitor what they’re actually doing with.

By leveraging automation to provide your security intelligence dashboard, you can spot problems and then use automation (again) to simulate changes and automatically execute the remediation.

There you have it! Go forth and protect your customers’ data! Oh, and by the way, there’s a 6th step that doesn’t require IT involvement at all. Ask us about it.

Are you curious to see how your company measures up? Get a free data protection assessment. We’ll scan your infrastructure for holes and help you plug them with automated data protection and management software from Varonis.

1 Comment | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Big Data, it is all about it at the moment

June 18, 2012

The IT industry has a penchant for inventing new buzz words for topics that have been around for years in one form or another and perhaps Big Data is another example.

Yet just this week Capgemini announced the findings of a report (“The Deciding Factor: Big Data & Decision Making”) which showed that, in a study of over 600 C-Level execs, 9 out of 10 leaders believe data is as fundamental to their business as people and capital.

With the amount of data being generated reaching astronomical levels (and accelerating) buzz word or not, Big Data is a problem all business leaders need a strategy for.

Ever wondered just how much information is created? Domo produced an eye-opening infographic which you might be interested in.

Leave a Comment » | Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

80% of Your Data is Unstructured

May 4, 2012

Eighty percent of an organization’s data is unstructured (Gartner 2010). Documents are being created constantly by virtually all members of an organization with access to a laptop or workstation, and saved on file servers and SharePoint servers, where they remain for long periods of time—often indefinitely. Unstructured data represents an enormous amount of organizational data inventory.

Unstructured Data Growth Is Exponential

Not surprisingly, with so many individuals creating and storing files, the volume of unstructured data is growing at a phenomenal rate. Gartner estimates that in 5 years, unstructured data will grow by 650% – this roughly equates to 50% year over year growth.

A Greater Portion of it Needs to be Managed and Protected

As the data grows so does the scope of what it contains, and the potential ramifications associated with its loss, exposure, and misuse. As risks increase, they are naturally followed closely by new regulatory requirements, archive policies, intellectual property requirements, and personal confidentiality laws mandating additional protections. In The Digital Universe Decade – Are You Ready?, John Gantz and David Reinsel write, “The number of things to be managed is growing twice as fast as the total number of gigabytes […] By 2020, almost 50% of the information in the Digital Universe will require a level of IT-based security beyond a baseline level of virus protection and physical protection. That’s up from about 30% this year. And while the portion of that part of the Digital Universe that needs the highest level of security is small – in gigabytes and total files – that portion will grow by a factor of 100.”

Data protection is necessary to safeguard an organization’s customers, employees, business partners, and investors. It is fundamental in securing intellectual property and competitive edge, and for maintaining the organizational trust that allows it to properly function. Every organization has at least a modicum of customer information, employee information, product design documents, HR documents, legal documents, blue prints, images, audio and video files that relate to the business and its customers — most organizations have a formidable amount. This data must be protected and managed.

For more information on Varonis and C24 please visit www.c24.co.uk

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

10 Things IT Should Be Doing (But Isn’t): Free On-Demand Webinar

April 4, 2012

On our last webinar: 10 Things IT Should Be Doing (But Isn’t), we reviewed some of the challenges associated with unstructured data management and protection. IT requires the ability to answer critical questions about data in order to efficiently and effectively protect it. Some of these questions are:

  • Who has access to data?
  • Who has been accessing data?
  • Where is my sensitive data over exposed?
  • How do I fix exposures?

During the webinar we gave an overview of 10 things IT should be doing to answer these and other fundamental questions, and put the answers to productive use. Maintaining a complete audit trail of access activity, an accurate map of permissions, and identifying data owners are a few of the things IT should be doing. We reviewed why each one of the 10 things is important and what to look for in an automated solution.

If you missed our webinar, https://varonis.webex.com/varonis/lsr.php?AT=pb&SP=EC&rID=26300867&rKey=eac45ec0eefae25e to play the recording.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 746 other followers