Customer Success Story: Academic Institution
Academic Institution and Multimedia Archiving Center
The Customer
The customer of this case study is an independent not-for-profit organization with a mission to accelerate the productive uses of information for the benefit of higher education worldwide. It operates in close collaboration with affiliates chartered with the archival of thousands of scholarly journals, digital images and media. In addition, the institution provides administrative and technology services support, including data management, to affiliates institutions and e-learning centers.
With a charter of greatly expanding the information and digital resources available for scholarly pursuits, this customer must control access to copyrighted materials while enabling broad information sharing among the organization, its affiliates and students. Given this, a system of comprehensive data governance cannot compromise on either the effectiveness of data control or the ease of information access.
The Challenge
With one petabyte of data to preside over, the centralized IT operations group must have automated and highly accurate processes for unstructured data control as well as entitlement management. Since the organization's operating focus is to greatly expand available information, any system for data governance has to scale to easily accommodate additional users and ever growing information repositories.
"It impossible to accurately control access to file shares by clicking on each folder when you are talking about an organization whose business is digital information sharing. Not only are the amounts of data enormous but most of the information is protected by law and not appropriate for broad access. Controlling who can get to it and proving that those controls are in place is an imperative", says the IT director. "Our group is responsible for security, networking and server systems for six entities. We require a centralized way to determine and monitor who gets access to data and the process has to be consistent. Ideally the individuals responsible for the data will control access, and this too is a requirement."
Evaluation Parameters
This particular school had very specific requirements for a data governance platform. It conducts bi-annual internal audits of data entitlements and use. Additionally, they contract with external auditors on an annual basis. A detailed reporting structure which provides an inventory of data sets, a detailed record of a given user's permissions as well as a list of data business owners were a must. In order to ensure that access to data is being managed in an expedient manner, the institution also outlined needs for entitlement management that shifted responsibility to the data business owners. Since many of the data sources are affiliates and colleges, it was clear that those organizations had the best context for the data and what constitutes appropriate and warranted access. Any infrastructure for doing so however, had to maintain the centralized IT department's role as overseer since this group provides shared services to all entities.
"The data types under our care are covered by practically every regulatory mandate. We have business and administrative information as well as grant and scholarly data. This means that our systems for access control fall under the strictest guidelines for proof of least privilege access," said the IT department's director. "An audit of privileges to all of these data types can take weeks if not longer. And since we have to conduct these twice a year, that translates to a large percentage of my group's time. This is time we can put to much better use. Consider that our public web pages alone get six million hits per day."
The Solution
This institution of learning has deployed Varonis® DatAdvantage® and DataPrivilege® for a comprehensive data governance infrastructure for their unstructured data sets.
"Initially, DatAdvantage was deployed to give us a full audit of the users' permissions to data as they had been defined. The application also helped us identify the data business owners so that we could begin the process of transitioning responsibility for the assignment of those permissions, to the people responsible," said the director of IT. “DatAdvantage and DataPrivilege together help us standardize our methods for assigning permissions, and how we report on them. This not only saves us a lot of time but it increases the accuracy of the controls in place."
DatAdvantage was installed first with an initial evaluation of two weeks or so. After a few months of use, the IT group recognized the value in deploying the Varonis companion application DataPrivilege. With a web-based UI, the application provides a very intuitive interface through which to control requests and the granting or revocation of permissions. Users from the institution's business owner community where trained in groups of five over a period of two weeks.
Since the installation of DatAdvantage and DataPrivilege, this institution of higher learning has been able to greatly streamline the process of regulatory and internal compliance. With the IT department's oversight, owners are now able to manage their own files shares. Additionally, reports of precise user activity on data are generated regularly and sent to the overseers of payroll, benefits, grant information as well as scholarly journals and media.
Business Benefits
Detailed audit of data use and access
This educational institution and data center has a need to conduct very frequent and detailed audits of user permissions to data on file servers. It must also demonstrate how data is being accessed and by whom. Prior to Varonis this process was very time consuming and manual. With DatAdvantage and DataPrivilege this type of information can be generated with a couple of mouse clicks.
Identification of data business owners
In order to transition responsibility of data entitlement management to data business owners, the school's IT group had to first identify who the responsible parties were. As an educational institution, the organization has a very large user base as well as data store. The process of establishing what belongs to whom cannot be done manually within any reasonable timeframe that would yield accuracy. With DatAdvantage, the school was able to get a list of data business owners. These individuals were then given the ability to manage permissions to their own files shares through the Web-based GUI of DataPrivilege. The whole process of data entitlement transition has been completed in three months.
Reduction in IT Burden
This school's centralized IT department presides over enormous unstructured data stores amounting to one petabyte and growing. A great deal of this information is sensitive or copyright protected so the organization must ensure need-to-know based access. Prior to the installation of Varonis data governance solutions, IT was spending a great deal of time to ensure warranted access manually. Now, the process of both granting and auditing data entitlements and use is much more expedient and saves weeks. Most importantly, Varonis has helped this school standardize unstructured data protection, control and auditing.