Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
Blog Data Security

What About Individual Users on ACL's?

One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically...
David Gibson
1 min read
Last updated June 23, 2022

Contents

    One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically with an automated solution like DataPrivilege®, why use groups at all? Why not just assign users directly to the ACL?” That’s a great question (even though the idea may seem like heresy in the windows world).

    There’s also a great answer: Applying NTFS permissions takes a very long time when you have to write the ACL’s (access control lists) on a large number of subfolders and files—sometimes it can take hours or even days with a large directory structure. Therefore, for now at least, we seem to be better off using groups and relatively static ACL’s to minimize the number of times permissions have to be applied to individual files and folders. In contrast, moving users into and out of groups is relatively quick, though replication can take a while, and users often have to log out and log back into AD for changes to take effect.

    Some organizations have opted for a different approach that goes against what has become accepted as best practice—using Windows share permissions instead of NTFS permissions. I’ll discuss the pros and cons of this technique next time.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    David Gibson
    David Gibson David Gibson has more than 20 years of technology and marketing experience. He frequently speaks about cybersecurity and technology best practices at industry conferences, and has been quoted in The New York Times, USA Today, The Washington Post and numerous security news sources.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    stop-configuration-drift-with-varonis
    Stop Configuration Drift With Varonis
    stop-configuration-drift-with-varonis
    Nathan Coppinger
    April 16, 2024
    Stop configuration drift in your environment with Varonis' automated data security posture management platform.
    introducing-automated-posture-management:-fix-cloud-security-risks-with-one-click
    Introducing Automated Posture Management: Fix Cloud Security Risks with One-Click
    introducing-automated-posture-management:-fix-cloud-security-risks-with-one-click
    Nathan Coppinger
    January 26, 2023
    Varonis launches Automated Posture Management to effortlessly fix cloud Security risks with a simple click of a button
    how-varonis'-approach-to-sspm-helps-your-company
    How Varonis' approach to SSPM helps your company
    how-varonis'-approach-to-sspm-helps-your-company
    Rob Sobers
    April 26, 2023
    Adopt a data-first approach with Varonis' SSPM, securing SaaS apps & reducing risk. Learn how you can get better visibility, automation, and protection.
    how-varonis-helps-with-email-security
    How Varonis Helps With Email Security
    how-varonis-helps-with-email-security
    Yumna Moazzam
    November 20, 2023
    Discover how you can proactively reduce your email attack surface, stop data exfiltration, and curb gen AI risk with accurate and automated email security.