Varonis Presentation at the Chief Data Officer Forum - Examining the role of the Chief Data Officer

Slide 1

20 Feb, 2014Dietrich Benjes VP UK, Ireland & Middle EastDATA SECURITY & DATA MANAGEMENTWHAT YOU NEED TO KNOW

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIALOur mission is to help enterprises realize value from their unstructured data.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL#

What do you know about your data? What dont you know about 1

Started operations in 2005Headquartered in NYC10 ProductsOver 2500 customersSolutions for Human Generated Data

About Varonis


For those of you who don't know us, Varonis is headquartered in New York City and we started operations in 2005. We now have over 10 products and over 2100 customers. We develop software solutions for human generated data.

2

What do you know about your organisations data?



3

Where is it?Who has access to it?Who is accessing it? The most / least?How is the business using it?Whats important / sensitive / classified / internal / public?What makes it the above?Where is that data overexposed?Whats stale / past the retention period?Whats being collaborated on and how can that be done effectively and securely?Etc..What do you know about your data?



4

What is Human-Generated Data?UNSTRUCTUREDHUMAN-GENERATED DATA

UNSTRUCTUREDMACHINE-GENERATED DATA

STRUCTUREDBUSINESS APPLICATIONS DATA

Emails

Word Files

Spreadsheets

Presentations

PDF FilesTime Series Data(No Pre-defined Schema)Generated byAll IT Systems;Highly-DiverseFormatsMassive VolumesRelational DatabasesFinancial RecordsMath DataMulti-dimensional DataMonthly Reporting Data(Pre-Defined Schema)

Image, Audio,and Video FilesGenerated by every employee in every organizationMassive volumesFocus ofVaronis solutions


What is human generated data? Unlike structured data which is commonly found in databases, or machine generated data, which is comprised of the log files spit out by applications and servers every day, human generated data are the files and e-mails that employees typically create and share. Does anyone here work at a company that uses human generated data? No?Of course we do. Files and e-mails are part of almost every business process and are some of the most important information an organization has. I think of them as the gateway to your brain. Every time you have a thought you put it down in an e-mail or a file. When you analyze data from a database, you usually use a spreadsheet, and then convey your findings in a presentation.If today somebody turned off your companys ability to create and share files and e-mails, would you have a business? Interesting question.5

Data GrowthSource: IDC Digital UniverseBy 2020, Data Centers Will Manage:

14x Data10x Servers1.5x IT StaffWith


Human generated data is also one of the fastest-growing types of information. And we all know about data growth. IDC estimates that by 2020 we will be managing 14 times more data on 10 times more servers. Is anybody getting 10 times more IT staff?6

Challenge and OpportunityOnly 0.5% of the digital universe is analyzed

Opportunity to extract more value through tagging and analysisEnterprises are responsible for protecting 80% of all dataSource: IDC Digital Universe


There's both a challenge and opportunity here.Were all pretty aware of the security challenges. We hear about breaches almost every day. Why is this? A lot of reasons, certainly, but some things we know for sure are that employees typically have far more access than they need to do their jobs, activity on file shares, intranets and in email systems is usually not logged or analyzed, and it's difficult to spot abuse. Oh, and by the way, enterprises are responsible for protecting 80 percent of all the data in the digital universe.We're also not as productive as we could be. We all know what it's like when employees cant get access to data quickly enough, or when we can't get access to the data we need using the device we want or in the way we want. It's hard to make sure data is stored in the right places. Another thingthink about how many employees create the same data over and over again. How much do you even know about your data? Can you remember the files that you created three years ago well enough to use them? How much do you know about your predecessors data?So even though we're not as productive as we could be and our human generated data is at risk, we're still spending a lot of money on manual processes that are inefficient and error prone, and we're spending money on expensive storage that houses a lot of data we can't make use of, and in many cases we probably don't need.At the same time there is a huge opportunity here to get more value out of human generated data. IDC estimates that less than 1% of the data in the digital universe is tagged and analyzed. 7

Big Metadata

Content Information knowing which files contain sensitive and important informationAccess Activityknowing which users do access what data, when and what theyve done

User and Group Informationfrom Active Directory, LDAP, NIS, SharePoint, etc.Permissions Information knowing who can access what data

users and groupsusers and groupsusers and groupspermissionsclassificationclassificationactivityactivitypermissionspermissionsusers and groupsusers and groupspermissionsusers and groupsusers and groupspermissionsclassificationactivityactivitypermissionsclassificationpermissionsactivitypermissionsclassificationclassificationactivityusers and groups[classification][activity]Metadata


So what do we need to address these challenges and take advantage of the opportunity? We need metadata, and for human generated data we really need 4 kinds: 1st, we need to know the digital identities of every user and group in an organization. 2nd, we need to know what they're able to access, or what permissions they have. 3rd, we need to know what they're doing, or which files they're opening, creating, deleting, moving, or modifying, and 4th, we need to know what these files contain. Which ones contain regulated content, which ones contain PII, which ones contain intellectual-property, etc.8

Intelligence: Human-Generated Big DataVISUALIZE DATAAND ACCESSACTIVITY TRENDS& DATA GROWTHRESIGNATION,HACKER, VIRUSIDENTIFYSTALE DATAUNNEEDEDACCESSDATA OWNERIDENTIFICATIONEXPOSED,SENSITIVE DATA

010011

BUSINESSEXECUTIVESBUSINESSDATA OWNERSIT SECURITYCOMPLIANCEIT STORAGEIT OPERATIONSCONSUMERSFILE SYSTEM &PERMISSIONSDIRECTORYSERVICE OBJECTSACTIVITYCONTENT

INPUTS:METADATA

BUSINESS & IT INSIGHTS



If we combine these 4 kinds of metadata, we can provide insights to both business and IT users. We can visualize who has access to what data, we can analyze their activity to see who has access to data they don't need anymore, we can baseline normal activity and alert when we see unusual activity. We can trend activity to analyze data growth and identify still data. We can determine who data belongs to, and find data that is sensitive and exposed to too many people.Lots of people can make use of this kind of intelligence -- from business executives and data owners , to IT security, compliance, storage, and IT operations.

9

Why is this a Big Data Problem?

Why is this a big data problem?

10

Why Is This A Big Data Problem?1 Terabyte:1 million files50,000+ folders2500 unique access control lists1 Access control list:Lists 4 groups1 Group:15 members150,000 functional relationships in 1 TB of data!Thats before considering activity and content


A single terabyte of data typically has 1 million files and 50,000 folders. 2500 of those folders have unique access control lists. Each one of those access control lists usually lists four groups, and each group has about 15 members. That's 150,000 functional relationships in a single terabyte of data. And that's before we add activity and content metadata.

11

What Might a Solution Look Like?

So what might a solution look like?

12

Metadata FrameworkDATANYWHERE

DATADVANTAGEDATA TRANSPORTENGINEIT USERSBUSINESS USERSDATAPRIVILEGEDATANYWHEREVARONISMETADATAFRAMEWORKTECHNOLOGY

EMAIL

WORD FILES

SPREADSHEETS

PRESENTATIONS

PDF FILES

IMAGE, AUDIO &VIDEO FILES

WINDOWS

UNIX/LINUS

NAS

EXCHANGE

MS ACTIVEDIRECTORY

LDAP

NIS

LOCALACCOUNTS

SHAREPOINT

IDENTIFICATIONCOLLECTIONMAPPINGVISUALIZATIONANALYSIS

MULTIPLE DATA CREATORS& FORMATSIDU CLASSIFICATION FRAMEWORKIT INFRASTRUCTUREVARONIS PRODUCTS



Whatever the interface looks like,we're going to need to collect a lot of metadata from all the major platforms that store human generated data Windows and UNIX file shares, NAS devices, SharePoint, Exchange Active Directory etc. Metadata framework technology is able to identify metadata that's required, collect it non-intrusively and build sophisticated maps so that we are able to analyze metadata and visualize it in a way that allows us to take action.So what would visualization look like?13

Who Has Access to Any Data Set?


We could visualize who has access to any data set and the permissions they have Both groups and users.

14

What Data Can a User or Group Access?


We could visualize all the data any user or group has access to, and what data is sensitive.

15

Easy Data Classification


Speaking of sensitive, it would be easy to figure out which files contain PII or other regulated content.

16

What Has a User or Group Accessed?


We could visualize what any user group has been up towhat they've been creating, deleting, moving, or modifying, or who they've been e-mailing.

17

Who Deleted My Files?


We could finally figure out who is deleting the CEOs files and reading his email.

18

Get Alerted in Real Time


We could be alerted in real-time when bad things happen, like changes made outside of change control windows, people deleting sensitive data, or people trying to access things they shouldnt.

19

Who Shouldnt Have Access?


We could visualize where users have too much access and should be removed from groups they shouldn't be in.

20

Simulate Changes


We could simulate changes, to see who has been making use of permissions that were thinking about removing. This is a lot less intrusive than the scream test. 21

Commit Changes to all Platforms


Once we've decided what changes we want to make, it would be nice to be able to make changes on all the platforms from a common interface.22

Early Resignation Detection


We can baseline normal activity and alert on abnormal activity. I call this an early resignation detection system because when an employee gets ready to resign they sometimes grab everything they ever worked on, or everything they can.

23

What Data is Stale?


We could determine what data is most used, and what data hasn't been used in years.

24

Automatically Move or Delete Data


And wouldn't it be nice to be able to use all this metadata to identify not just the stale data, but anything that should be archived, deleted, migrated, or quarantined, and then get it where it needs to be, with the right permissions, even if it's on a different platform or in a different domain?

25

Who Owns Data?


By analyzing access activity, we could identify who should be responsible for data, or a data owner.

26

Automate Entitlement Reviews


And once we know who owns data, let's have them review who has access. We could do this automatically, periodically, and without any IT intervention.

27

Automate Authorization Processes


We could automate access provisioning with a system that lets end users request access for what they need and lets data owners approve or deny access.

28

Self-Service Portal


Data owners could see who had access to their data, who was using their data, or trends about usage anytime they wanted through a self-service portal.

29

DatAnywhere: Your Own Private Cloud


Lastly, why should the cloud have all the fun? Why can't we access our file shares from mobile devices or with file sync technology, and why not be able to share securely with 3rd parties?

30

Case Study: Philip Morris International

What we have now is unprecedented visibilityinto who has access to which information. Jan BillietDir. Security & Risk ManagementPhilip Morris InternationalProblemBenefitsSolutionCould not visualize access to critical data No visibility into collaboration workflowsLow productivity when fulfilling audit requirements Instrumented file share and SharePoint environmentAutomated map of data, users, groups, and access controlsAutomated ownership identification and involvementGlobal visibility of Active Directory, File server and SharePointQuantified access control challengesDrives Active Directory and file server managementbest practices


31

31

Case Study: BNP Paribas

ProblemBenefitsSolutionThe project has enabled us to ensure data is either allocated to an owner or archived so we only store what we need to store. Stuart LincolnVice President ITP&L Client ServicesBNP ParibasNo uniform access control policy in placeData was potentially at riskData use was unmonitoredInstrumented windows and UNIX file shares Complete map of access, all access activity monitoredSelf service portal fordata ownersSignificant risk reduction enforced least privilege modelCapital expenditure savings through stale data identificationCompliance inquiries answered in minutes without ITs help


32

32

Case Study: ALSTOM

ProblemBenefitsSolutionNeeded to make sure critical data was only accessible to correct peopleManaging access control: most time-consuming & inaccurate activity in data center, consuming 4 full time employeesWanted to make users more productive with mobile devices/BYODInstrumented file share environment, mapped access, assigned ownersAutomated access control managementExtended file share capabilities with file sync and mobiledevice supportReallocated 4 full time employees to more productive tasksReduced risk, increased accountability for data managementIncreased productivity& collaboration using existing infrastructure

"Varonis positively affected end user productivity, IT operational efficiency, and our bottom line. Raphael Viard CorriveauVP IT Engineering and Security, Alstom


33

33

Reducing Risk, Complexity, and Cost

RISK30+% of data can be archived60+% of infrastructure is not utilized effectively

COMPLEXITY

COST50+% of access is unwarranted70+% of infrastructure is unmonitored

Rationalize domain structure, access control entities, and supporting business processes

Varonis DatAdvantage gave us the visibility and recommendations to limit user-to-data access by business function and need. Now, my team is able to audit the use of any data set or group for our compliance initiatives.

James Nelson, IT Security Manager, Juniper Networks


Increasing Productivity and Functionality

ACCESSIBILITYExtends functionality of existing investments in infrastructure

OPERATIONAL EFFICIENCY

FUNCTIONALITYFile synchronization and mobile access make collaboration more immediate

10-40x Efficiency gains for daily data management and protection tasks

A process that previously took five or six days now takes just a few hours... were able to produce reports that werent possible previously,

Thibaud Desforges, Tool and Processing Manager, GDF Suez


Operational OverviewRisk


IMAGE, AUDIOand VIDEO FILES

EMAILS

PDF FILES

WORDFILES

PRESENTATIONS

SPREADSHEETS

Our mission is to help enterprisesrealize value from theirhuman-generated data


So this is how metadata framework technology and big data analytics can help organizations get more out of their team generated data with less risk and less cost.37

Thank YouDietrich [email protected]: @dietrichbenjes

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIALThank you very much and come see us at booth X.

38

Varonis Presentation at the Chief Data Officer Forum - Examining the role of the Chief Data Officer

Data & Analytics