One of the things our customers ask us from time to time is how RSA DLP, RSA Archer and Varonis can work together. RSA Archer is an eGRC or enterprise governance, compliance and risk product. It’s designed to help organizations organize and maintain a wide variety of governance and risk policies, and it does a great job of absorbing information from and integrating with systems like Varonis.
Let’s take a look at how EMC leveraged all three products. EMC has over two petabytes of unstructured data on file shares and Celerra NAS devices. To get a handle on some of the risk associated with that data, EMC scanned the content of those shares with RSA DLP, uncovering more than 30,000 files containing sensitive information. The challenge was to remediate those files by moving them to secure locations, deleting them, or locking down access to appropriate users. EMC set an aggressive goal: all remediation should be completed in less than two months.
The key for EMC was to identify and involve the business owners of the assets so that the remediation didn’t affect the business. EMC needed to know who had the proper context to make these decisions, so they leveraged Varonis. By looking at actual file access, EMC was quickly able to determine likely data owners for all 30,000 files—around 1,200 users.
The next step for EMC’s risk organization was to involve those 1,200 business users and find out what needed to be done about all of that sensitive content. EMC leveraged Archer’s assessment functionality to reach out to the owners and query them on each file. Data owners received custom questionnaires about each sensitive file they owned. Out of 1,200 users who owned sensitive data, only 150 responded saying they needed to retain the data. Archer was then used to track the remediation and encryption of each of the 30,000 incidents. Archer can prove the process was completed, and Varonis and RSA DLP are used to ensure that any new data is protected accordingly.