Our Top Predictions for 2012

It’s that time of year again—reruns of It’s a Wonderful Life (or The Lord of the Rings), comfy chairs in front of a blazing fire, libations and cheer, and when we start to consider what’s around the corner for us next year. This time we’re avoiding the long shopping list of predictions for a few […]

Continue Reading →

Authorized Access – Understanding how US laws affect your authorization policies

In 1986, the United States Congress passed the Computer Fraud and Abuse Act (CFAA).  While the intent of these laws were originally to protect government computers and information from hackers, the laws have been applied to commercial interests, as well. Specifically, the Computer Fraud and Abuse Act subjects punishment to anyone who “knowingly and with […]

Continue Reading →

Reduce Risk for Your Most Critical Assets: Data and People

Register for our TechTalk on December 1, 2:00 pm (EST) with Varonis partner, SPHERE Technology Solutions Every company knows that they have risk, either from external or internal forces, but few know where this risk comes from, how to measure it and more importantly how to effectively reduce their risk. It boils down to two […]

Continue Reading →

Improving Authorization with Metadata

Now that we’ve covered why authorization tends to be broken, let’s talk about some solutions. To recap: Authorization is the process whereby we figure out what someone can and can’t access in a system Authorization controls are typically too permissive thanks to global access groups, groups not properly aligned with data, and excessive group membership Traditional tools […]

Continue Reading →

Hampton Products

“We have a level of confidence now that we didn’t have before Varonis. DatAdvantage helps us simplify security and know with certainty that files and information at risk for overly permissive access are locked down.” That quote’s from Brian Millsap, CIO and Vice President at Hampton Products, who announced today that they’ve successfully implemented Varonis […]

Continue Reading →

Data Authorization Processes – A need to relive the past

In 1941, the accounting governance body, the American Institute of Certified Public Accountants (AICPA) overhauled their Rules of Professional Conduct.  Rule 16 stated “A member or an associate shall not violate the confidential relationship between himself and his client.”  This provision was developed to guide Accountants (Data Stewards) and to reassure their customers (Data Owners) […]

Continue Reading →

Big Data

Big data is in the news quite a bit these days as organizations become excited about the possible benefits of analyzing website traffic, database logs, and many other kinds of “Big Data.”  Some Big Data examples that are of particular interest are the spreadsheets, images, emails, audio files, video files, blueprints, and presentations that reside […]

Continue Reading →

Open Shares

In my post last week, Share Permissions, I promised I’d write a follow up post on “open shares.” Open shares, in a nutshell, are folders that are accessible to all (or pretty much all) of the people on the network. In the Windows world, these are folders are that are shared over the network via […]

Continue Reading →

Windows Auditing

Before we really dig into how we’re going to fix authorization problems, we need to tackle that last level of data protection: access auditing and analysis. With access control this basically means: are we recording what people are doing, and are we reviewing those logs to make sure what they’re doing is appropriate? Authorization implies […]

Continue Reading →