Varonis DatAdvantage for SharePoint
Post on 19-Oct-2014
2930 Views
Preview:
DESCRIPTION
Transcript
Introduction to DatAdvantage for SharePoint
© 2010 Varonis Systems.
Unstructured Data Quantities – Present and Future
© 2008 Varonis Systems. Proprietary and confidential.
Unstructured and semi-structured data is exploding...
Source: Gartner Jan 2010
650% growth over the next 5 years
80% of all data is unstructured or semi-structured
Data Explosion – Are We Ready?
91%
lack processes for determining data
ownership
76% unable to determine
who can access unstructured data
© 2010 Varonis Systems. Proprietary and confidential.
Page 3
DataCollaboration
Cross-Functional Teams+ Security Requirements
More ContainersMore ACLs
More Management
Source: Ponemon Institute
Can IT answer: Who has access to this
folder? Which folders does this
user or group have access to?
Who has been accessing this folder?
Which data is sensitive? Who is the data owner? Where is my sensitive
data overexposed? How do I fix it? Where do I begin?
---------More---------
Varonis IDU Framework – Foundation for Data Governance
• Four types of metadata are collected, synthesized, processed, and presented:
Permissions information
User and Group Information
Access Activity
Sensitive Content Indicators
• Actionable data governance information is presented:
Who has access to a data set?
Who has been accessing it?
Which data is sensitive?
Who is the data owner?
Where is my sensitive data overexposed, and how do I fix it?
• Allows data owners to participate in data governance:
Automated Entitlement reviews
Authorization workflows
© 2010 Varonis Systems. Proprietary and confidential.
Page 4
Varonis Data Governance Framework Components
© 2010 Varonis Systems. Proprietary and confidential.
Retention/Storage
Analysis & Modeling
Aggregation & Normalization
File System Meta Data Collection
User Data Collection
Commit Changes to
File Systems and
Directory Services
DatAdvantage DataPrivilege
Windows File
Systems
UNIX/Linux
SharePointMS Active Directory
LDAP NISLocal
Accounts
Data Content Classification
The Varonis IDU Framework creates and manages a meta-data layer that enables IT and the business to work together to protect unstructured data
Presentation
NAS
Access Activity
IDUIDU
Future
FUTURE
IDU Multi-tiered Architecture
© 2010 Varonis Systems. Proprietary and confidential.
Page 6
• Metadata and folder location don’t reveal ownership
• Time consuming and manual process to find owners
• Significant amounts “orphan” data–unknown business context or relevance, wasted storage
Unstructured Data – Operational Challenges
© 2010 Varonis Systems. Proprietary and confidential.
• As employee needs change, authorizations grow & grow
• Permissions are seldom revoked
• Tools are mostly manual: time consuming and error prone
Ensuring authorizations are based on business need
Identifying data business owners
• Native auditing impairs server performance, generates large volumes of difficult to decipher data
• Audit trail often enabled only after incident has occurred
• Most lack any audit information
Understanding who accessed data & how
• Searching through so much data takes a lot of time
• Data constantly changes – hard to keep current
• Results provide only the first step in the data’s protection
Finding/classifying sensitive content
Risks, Controls & Regulations
• High Risk LevelsFile System data is at great risk for loss, theft, and misuse
Access configuration changes are untested
• File System Controls GapsMany access controls are “loose,” even broken
No audit trail exists
>50% of data has no known business owner
• Regulatory RequirementsHIPAA
CMS
Sarbanes Oxley
© 2010 Varonis Systems. Proprietary and confidential.
Page 8
Varonis Solution
• Technological BreakthroughAutomatically Identify and Remediate Access Control Gaps
Provide a Usable Audit Trail of Data Usage
Identify Data Owners, Inactive Data, Sensitive Content
Automate and Enforce Access Control Processes
• Efficient, Effective Risk Reduction
• IT Data Protection Jumpstart
• Proven Operational Execution>600 customers
All Verticals
© 2010 Varonis Systems. Proprietary and confidential.
DatAdvantage Functionality
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Double-click any site…Double-click any site…
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
…to see all of the users and groups which have access
…to see all of the users and groups which have access
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Including SharePoint groups, which may contain AD groups
Including SharePoint groups, which may contain AD groups
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Double-click any user or group…Double-click any user or group…
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
…and see all accessible SharePoint sites and sub-sites
…and see all accessible SharePoint sites and sub-sites
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Including what permission levels the user or group has
Including what permission levels the user or group has
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
And where the permissions are inherited fromAnd where the permissions are inherited from
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Right-click a site to see actual permissionsRight-click a site to see actual permissions
© 2010 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
See the effective permissions of combined levels
See the effective permissions of combined levels
Audit Trail
© 2010 Varonis Systems. Proprietary and confidential.
Page 21
Audit Trail
© 2010 Varonis Systems. Proprietary and confidential.
Page 22
Complete audit trail of file eventsComplete audit trail of file events
Audit Trail
© 2010 Varonis Systems. Proprietary and confidential.
Page 23
Every open, create, move, modify and delete on the SharePoint system is recorded
Every open, create, move, modify and delete on the SharePoint system is recorded
Audit Trail
© 2010 Varonis Systems. Proprietary and confidential.
Page 24
Record all SharePoint permissions changesRecord all SharePoint permissions changes
Recommendations
© 2010 Varonis Systems. Proprietary and confidential.
Page 25
Recommendations
© 2010 Varonis Systems. Proprietary and confidential.
Page 26
By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed
By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed
Recommendations
© 2010 Varonis Systems. Proprietary and confidential.
Page 27
List of users with red X’s next to their names can be removed from this group
List of users with red X’s next to their names can be removed from this group
Simulate Changes
© 2010 Varonis Systems. Proprietary and confidential.
Page 28
Simulate Changes
© 2010 Varonis Systems. Proprietary and confidential.
Page 29
With Varonis you can simulate permissions changes to your environment without affecting production
With Varonis you can simulate permissions changes to your environment without affecting production
Simulate Changes
© 2010 Varonis Systems. Proprietary and confidential.
Page 30
See what the results would have been if you’d made the changeSee what the results would have been if you’d made the change
Simulate Changes
© 2010 Varonis Systems. Proprietary and confidential.
Page 31
These users would have been affected by the changeThese users would have been affected by the change
Simulate Changes
© 2010 Varonis Systems. Proprietary and confidential.
Page 32
They can be added back to the ACL to avoid any interruption of service while reducing unneeded access
They can be added back to the ACL to avoid any interruption of service while reducing unneeded access
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
By analyzing audit activity, Varonis can help identify business data owners
By analyzing audit activity, Varonis can help identify business data owners
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
Double-click a folder…Double-click a folder…
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
View most active users…View most active users…
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
The data owner is likely in this listThe data owner is likely in this list
© 2010 Varonis Systems. Proprietary and confidential.
Finding Data Owners
…or you’re one phone call away…or you’re one phone call away
© 2008 Varonis Systems. Proprietary and confidential.
Common Use Cases for Varonis
• Access Control Cleanup – Identify & Remediate:“Global” Groups -(everyone, authenticated users, etc)
Redundant, Excessive Group Memberships
Orphaned SID’s, Individual User SIDS on ACL’s
• Find Lost & Deleted Files
• Identify Anomalous Behavior
• Track Permissions & Group Changes
• Ongoing Entitlement Reviews
• Automate Access Authorization & Revocation
• Identify Inappropriate File Activity (mp3’s, etc.)
• Enhance Other Data Protection Projects
© 2008 Varonis Systems. Proprietary and confidential.
Common Use Cases for Varonis (cont’d)
• Efficient audit compliance - provide evidence of:
Effective permissions (preventive controls)
Usable audit trail (detective controls)
Authorization processes
Compliance with authorization processes
• SharePoint Migration
Stale Data Identification
Data Owner Identification
top related