Archive for: June, 2012

Please Take Our Domain Migration and Consolidation Survey

This survey will take you less than 60 seconds and you will have a chance to win $100!

Domain migrations and consolidations projects are complex, time-consuming, and often turn into bottlenecks for other mission critical IT initiatives. The Varonis software suite can ease the pain of these migrations by using automation to assist with planning and execution.

A complicated domain map

But we want to learn more about the problems IT departments are facing in the real world so that we can help in other ways — perhaps by providing free utilities, tutorials, or training sessions that everyone can benefit from.

To this end, we’re asking you to please take our short 5 question survey about the problems and challenges you face with domain migration projects.

As an added incentive, one lucky participant will win a $100 gift certificate to ThinkGeek.com.

Lost in the Cloud – Are Businesses Really in Control of Their Data?

Managing and protecting corporate data is a major challenge. As the technology evolves, so must our data protection strategies. Unfortunately, as our March 2012 report on “The State of Data Protection” revealed, most organizations aren’t confident about their data protection practices: 80% of respondents said that they store data belonging to customers, vendors, and other business partners, but only 26% were very confident that the data was protected.

Now, with cloud adoption ramping up, IT is charged with solving a whole new set of data protection problems. Which data should go to the cloud and which data should stay? How do I enforce this? How do I provision and manage access to cloud services? How do I prevent everyone from using their own favorite solution in favor of company sanctioned ones? The list goes on.

To see the effect of cloud services on data protection, Varonis recently surveyed IT workers from over 400 organizations to gauge their adoption of cloud-based collaboration, and their perception of its security. The results indicate that organizations need to formulate their data protection strategy for cloud collaboration now– the controls gaps present with cloud-collaboration in the mix are reminiscent of the gaps reported by those that were “not confident  at all“ that their data was secure in our data protection survey. Organizations may well be under pressure to better control the data that makes its way into the cloud.

How bad is it? Here is a sneak preview.  Be sure to download the full research report here for an in-depth look at IT’s view of cloud adoption.

Enjoy, share, embed our infographic!

Lost in the Cloud - Are Businesses Really in Control of Their Data?

Embed this infographic on your own site

Copy and paste the code below into your blog post or web page:

<a href="https://blog.varonis.com/lost-in-the-cloud/"><img title="Lost in the Cloud - Are Businesses Really in Control of Their Data?" src="https://www.varonis.com/assets/infographics/lost-in-the-cloud.png" alt="Lost in the Cloud - Are Businesses Really in Control of Their Data?" width="600" height="2500" /></a>
<p><small>Like this infographic? Get more <a href="https://blog.varonis.com">data protection</a> tips from <a href="http://www.varonis.com/">Varonis</a>.</small></p>

Case Study: NBC Holdings

NBC Holdings (Pty) Ltd (NBC) is the first black-owned and managed employee benefits company in South Africa. Today NBC is a leading force in the South African employee benefits arena, providing a comprehensive range of employee benefits products and services to 120 registered pension and provident funds, representing the retirement fund savings of more than 350,000 members.

As a financial institution, NBC Holdings needs to closely monitor access to data. When data was moved or deleted it was difficult and time-consuming for the IT department to figure out who moved it, and where. In addition, there were some instances in which it was necessary to provide a record of email messages that were read, sent, or deleted and the IT department required an efficient way to produce this information. (Native Windows and Exchange auditing tools could not provide the granularity NBC required and on their own provided no actionable intelligence or activity analysis).

Further, they wanted to relieve the IT helpdesk of some manual access provisioning tasks, as these were very time-consuming, and the helpdesk often lacked context about the data to make accurate decisions about who should have access.  Even identifying who had access to a particular data-set had been inefficient and resource-intensive. NBC is now able to identify data owners and involve them in the authorization processes through automation.

Find out how Varonis® DatAdvantage® for Windows, Varonis® DatAdvantage® for Exchange and DataPrivilege® helped NBC with their auditing, permissions and data ownership challenges.

Click here to read the complete case study.

 

Varonis 2012 User Forums – Thank You!

To our user group attendees,

We’d like to thank our customers for joining us at our spring 2012 User Forums. Varonis held events in New York, Boston, London, Paris, Luxembourg, and Geneva to share product updates, roadmap plans, and most importantly, to hear from you. It was a real treat for us to get to spend time with you outside of the office at wonderful venues like the Tate Modern in London, Hôtel La Réserve in Geneva, and aboard the ship Excellence in Paris. So thank you.

Paris

The feedback we receive about our products and services is invaluable. Nothing teaches us more about what’s working and what’s not, and how we can better accomplish our mission: to make digital collaboration as effortless and secure as possible, so that people are free to work – to easily create and share content with others, and so that organizations can be confident that their human generated content is well protected and efficiently managed.

As always, we are grateful that you have chosen to do business with us. Thank you.

Yaki Faitelson,
CEO and Co-Founder

For more User Forums images, visit our Facebook page.

Data Classification Tips – Finding Legal Data

In our previous post, we introduced 4 regular expressions that help us locate credit card numbers.  Today, we’ve got a few more handy RegExes for your data classification library. This time we’re targeting legal data.

Find “All Rights Reserved” NOT near your company name

Regular expression:

\b(?!all rights reserved\W+(?:\w+\W+){1,10}?acme)all rights reserved\b

Use case: you want to find files within your organization that you do not own the rights to, and verify that they are being used in accordance with their license.

Find “attorney” near “client” near “privilege”

Regular expressions:

\battorney\W+(?:\w+\W+){1,10}?client\W+(?:\w+\W+){1,10}?privilege\b
\battorney\W+(?:\w+\W+){1,10}?privilege\W+(?:\w+\W+){1,10}?client\b
\bclient\W+(?:\w+\W+){1,10}?privilege\W+(?:\w+\W+){1,10}?attorney\b
\bclient\W+(?:\w+\W+){1,10}?attorney\W+(?:\w+\W+){1,10}?privilege\b
\bprivilege\W+(?:\w+\W+){1,10}?attorney\W+(?:\w+\W+){1,10}?client\b
\bprivilege\W+(?:\w+\W+){1,10}?client\W+(?:\w+\W+){1,10}?attorney\b

Use case: you want to find files that contain confidential information that should only be shared between an attorney and their client.

This should get you started, but remember, finding sensitive data is only the first step.  In the “All Rights Reserved” example, once you find these files you need to interview the people who are using them in order to figure out whether you’re compliant.  This can be quite a project if you don’t have an audit trail that can help you find the data owner.  In the attorney-client privilege example, the next step would be to ensure that only the right people had access to the data. How do you know who the right people are? Your best bet is to ask the data owner.

Hmm, I’m sensing a pattern here.

 

Why Organizational File Sharing Infrastructure Must Provide the Cloud Exper...

“The Infrastructure Must Adapt to the New Experience”
–Yaki Faitelson

Public cloud file shares make digital collaboration easy for consumers, but they are very risky for organizations. To protect the investment organizations have already made in their internal file sharing infrastructure—and to truly protect their data—the infrastructures must be extended. Organizations must be able to provide the same kind of file sharing experience that is currently associated with public cloud file sync services, but using their existing data stores.

Dropbox Alternative: Are You Searching for One?

So were we. We wanted to sync with our existing file shares and NAS devices as easily as we could with storage in the cloud, but no one seemed to provide a solution that was just right— where we could use only our existing storage, authenticate with Active Directory, and keep our permissions intact. We decided that we’d build it ourselves.

The Dropbox Explosion: How to Get Control of File Sync Services

Cloud-based, file synchronization services like Dropbox, Sugarsync, and Google Drive have exploded over the past few years. While these platforms are compelling for consumers, they can be unsettling for organizations because of the new data protection and management ramifications they carry.

Based on Gartner’s assessment that “Huge Amounts of Proprietary and Regulated Data Are Leaking Onto NoncorporateDevices, Outside of Enterprise Controls and Audit Trails,”1 here are three conclusions that can be drawn about current state of file sharing for organizations:

  1. Cloud-based file synchronization services have become so popular that they threaten to scatter organizational assets.
  2. Organizations must offer sanctioned file synchronization services and device interoperability, or they run the risk of losing control of digital assets outside the corporate LAN.
  3. Today’s cloud based file synchronization services sacrifice a level of control and do not fully integrate with existing infrastructure.

Read the full white paper here to learn how organizations can take back control of their data assets.

[1] “How to Control File Synchronization Services and Prevent Corporate Data Leakage,” by Jay Heiser, and Lawrence Pingree, Published 31 January 2012

Photo credit: http://www.flickr.com/photos/carolynconner/7012281403/

DatAnywhere Turns File Shares Into Secure Corporate Dropboxes

I love Dropbox for my personal data.  It’s so easy and convenient to sync data between people and devices.  I have a folder, I put stuff in it, and it syncs.  Simple.  It’s no wonder file synchronization services in the public cloud are immensely popular among consumers.  But what about businesses?

Corporate users have had shared data for a long time in the form of file shares and mapped drives.  I can put a document in \\corp01\Marketing and my colleagues can grab it almost instantly.  It’s easy – there’s no training necessary.  IT sets it up, and end users are off and running.  But these almost-Dropboxes are missing some key functionality that the public cloud has pioneered:

  • Data doesn’t sync across devices – it stays on the file share until I pull it off
  • File shares are horribly slow for remote users
  • They don’t let me access data on my iPhone, iPad or Android device

Dealbreakers.  Off to the public cloud with my corporate data, I guess.  But hold on – there are problems with the public cloud, too:

  • Security – remember when Dropbox turned off passwords?
  • Fragmentation – Joe in Accounting uses internal file shares, Steve in Finance uses Google Drive, etc.
  • Control – do you let your employees keep inventory in their garage?

IT is stuck between a rock and a hard place.  File shares lack modern features. The company’s SharePoint is great for a lot of things, but is too clunky as a file repository.  Users are clamoring for an easy way to share data. We’ve got this huge investment in corporate infrastructure (NAS, SAN, etc.).

If only there were a way to magically transform our easy-to-use corporate file shares into something more modern; something that can sync seamlessly like a Dropbox or Google Drive, but was more secure and kept our corporate data inhouse.

Now there is: it’s called Varonis DatAnywhere and it’s in beta right now.  Check it out and sign-up free.

New Case Study: Western Precooling

Western Precooling was founded in 1942. For nearly 70 years it has been the partner of choice for growers and shippers to get fresh, healthy produce from the field to their customers.

Western Precooling wanted to eliminate possible security concerns due to folders open to global access groups like “Everyone” and “Domain Users.”  These folders would be accessible to the entire organization, and since some of them might contain sensitive information, it was imperative to restrict access only to users who needed it. In addition, Western Precooling wanted to have a more detailed record of access activity.

Brian Paine, Director of IT, began looking for a solution that could clean-up excessive permissions and provide granular auditing capabilities. He considered bringing in a team of consultants, but was concerned that this approach wouldn’t allow him to maintain a secure environment after the clean-up process, and a team could not provide the auditing he needed. One of Brian’s concerns was the impact the clean-up process might have on business activity; he needed solution that could allow him to clean up permissions without affecting the daily operations of the company.

Since Western Precooling is preparing to move several applications and services to the cloud, it was necessary to have permissions in order prior to the migration; it would become a much more difficult problem to fix later on. It was also important to identify stale data so it could be archived instead of migrated. Finally, Brian needed a solution that could support their newly acquired NetApp NAS device.

Varonis DatAdvantage was the long term solution that Brian was looking for.  Varonis gives his team the ability to clean up permissions, audit access activity, identify stale data, and provide support for NetApp. Download the case study to read the complete story.

 

SharePoint Permissions Cheat Sheet

Complexity is dangerous in the security world.  The harder something is to understand, the harder it is to protect.  SharePoint falls squarely into this category.  Configuring permissions in SharePoint can be daunting, especially if you don’t understand the core concepts and terminology.  Unfortunately, managing access controls in SharePoint is often left end-users, not IT administrators, and that can spell disaster.

Learn more about permissions management with our free guide. 

This mini cheat sheet is designed to point out the various gotchas with SharePoint permissions so you don’t make the typical mistakes (now you’ll only make atypical mistakes).

  • SharePoint has “local” groups that can contain Active Directory Groups
    • For example, you can have a SharePoint permissions group called “Sales” which can contain Active Directory groups “Sales” and “Sales Engineering” and “Chess Team”
    • Unlike file shares where local groups are generally avoided, SharePoint specific groups are very common – this is makes it much harder to answer the question “Which human beings can access my data?”
  • There are more default permissions types than you can keep in your head at one time (33 in all):
    • 12 permissions types for Lists
    • 3 permissions types for Personal actions (e.g., views)
    • 18 permissions types for Sites
    • Each permissions type can be grouped into Permissions Levels.
      • For example, the default “Contribute” site permission level contains 8 of the 12 site permission types.
  • In addition to the built-in permissions types, admins can create custom levels
    • For a given site or list, a custom level might be applied, making it really hard to determine who can do what
    • A malicious admin could create a custom level called “Extremely Limited” (sounds innocent, no?) but grant that level permission to do everything
  • If you’re running a version of SharePoint prior to 2010, watch out for the “Authenticated Users” button
    • Before 2010, there was a button that let admins grant access to everyone who authenticated to the domain
    • The button was a common cure-all for frustrated admins trying to grant access to frustrated users

OK, now that I’ve primed you for the worst, I’m going to give you a link that should be your best friend.  Bookmark it, study it, and hope for the best:

http://technet.microsoft.com/en-us/library/cc721640.aspx

Did you really think I’d leave you hanging here?

Varonis DatAdvantage for SharePoint abstracts away the complexity of SharePoint permissions.  You’re only ever a double click away from figuring out who has access to SharePoint document libraries, lists, sites, sub-sites, etc.

Don’t just take my word for it – try DatAdvantage free for 30 days.  At the very least, you can point Varonis at your existing sites and immediately lockdown data that is wide open.

Image credit: keenanpepper

Learn more about permissions management with our free guide.