Archive for: January, 2012

Data Connectors Chicago

I just got back from a fantastic Data Connectors event in Chicago where I had the opportunity to speak to a group of IT security professionals about how we think about unstructured data governance. The theme of the presentation was on Authentication, Authorization and Accountability, and how we need the right metadata and automation to ensure secure collaboration and protect unstructured data.

The feedback after the presentation was (and usually is) really the best part—it’s clear that so many of us in IT are starting to really think hard about how to correctly manage access to data. In the past, we haven’t had necessary information we need or the automation in place to manage access in any meaningful way, which is why we’re suddenly scrambling to protect against insider threats. A number of the folks I was fortunate enough to meet told me that five years ago unstructured data was pretty much “out of sight, out of mind” from a security standpoint. Things are changing, though, and quickly. Every time there’s another public data breach due to an insider, more CIOs and CISOs start mandating governance of all organizational data, including unstructured and semi-structured stores. IT professionals are searching for the right solution, and at Varonis we feel very fortunate to be in a position to help.

You can find similar upcoming events on the Varonis events page

Why Do SharePoint Permissions Cause So Much Trouble?

SharePoint permissions can be the stuff of nightmares.  At Varonis, we get a chance to meet with a lot of SharePoint administrators and it’s rare that they’re not exhausted trying to manage user permissions. SharePoint’s a useful collaboration platform—and Microsoft’s fastest selling product ever—but helping to ensure proper permissions and access control is probably not its strongest suit.

The first challenge with SharePoint permissions is that, like file servers, SharePoint has “local” or SharePoint-specific groups that can contain AD groups and users. Unlike file shares, however, where server local groups are rarely used on the shared folders, SharePoint local groups are much more common.  This adds a layer of complexity, especially in large organizations where the SharePoint administrative team may be completely separate from the group managing Active Directory.

Next, the actual permissions themselves are more complicated. NTFS file systems are usually Full, Modify, Read & Execute, List, Read and Write. With SharePoint, you get 12 permissions types for lists, 3 for “personal” actions like views and 18 different types for sites themselves. These permission types can be grouped into “permission levels.” For example, the default “Contributor” site permission level contains 8 of the 12 permission types. In addition to the handful of built-in permission levels, Administrators can create custom permission levels. To top it off, a given user, group, or SharePoint group can be granted multiple permission levels on a given list or site, so it can quickly become very difficult to understand what a given user or group can actually do with the data they’ve been granted access to.

Even though SharePoint permissions can be confusing even for technology teams, Microsoft is designed to allow non-technical folks to manage permissions directly. Prior to SharePoint 2010, there was even a built-in button to easily grant access to all Authenticated Users, or everyone in the organization that’s logged into the domain. What ended up happening is that business users would use this as a short-cut to get people access when needed, rather than managing permissions in a more secure way. With more and more sensitive data being shared on SharePoint servers, this represents a significant area of risk.

The good news is that Varonis DatAdvantage for SharePoint helps organizations make sense of SharePoint permissions by providing intelligence and unobtrusive metadata collection for SharePoint, as it has for years for file systems and (more recently) for Exchange. The SharePoint permissions nightmare ends as critical data governance questions can finally be answered: Who has access to a SharePoint site and what level of access do they have? What have they been accessing? Which SharePoint sites are exposed and contain sensitive data? Most importantly, how do we fix them without disrupting business? SharePoint can be a powerful collaboration tool, but it’s important to understand the data that’s there, who’s using it and what permissions are in place and how those controls are changing.

Case Study: Mercy Health and Aged Care

Mercy Health and Aged Care

Data governance and protection is extremely important for healthcare organizations and Mercy Health and Aged Care (MHAC) is no exception.  MHAC must comply with numerous industry security regulations in the face of rapid data growth and expanding infrastructure.

Read about the business benefits MHAC has been able to realize with Varonis DatAdvantage and DataPrivilege, including:

Compliance with information security standards

With a complete audit trail, MHAC can prove policies are in place and being adhered to to satisfy compliance with various national and international information security standards.

Transparency into who is accessing its data, and what they are doing with it

MHAC can not only classify its data, but also identify who is accessing the information and what they are doing with it.

An easier, holistic approach to control access

The process of provisioning users becomes far more efficient as people are now dealing directly with managers who can take immediate action on the request.

Read the complete case study here.