Jump to content

Solution for SharePoint

SharePoint sites present significant challenges to administrators. Permissions management, access auditing, data owner identification, and protecting sensitive data now require automation—there are simply too many files, folders, ACLs, and groups to continue managing all them manually.

Overview

The Challenge

Microsoft Windows file servers, including NAS devices like EMC Celerra and NetApp filers, present significant management and protection challenges to administrators:

  • Permissions: Determining who has access to a folder, which folders a user or group has access to, and identifying excess, unneeded permissions.
  • Access Auditing: IT can't answer pressing questions like, "Who accessed or deleted my data?"
  • Data Ownership: IT can't reliably identify business owners of data sets.
  • Operational: Manual permissions and group changes are unreliable.
  • High Risk: Stale, excess permissions are rarely revoked. The "everyone" group is out there—a problem that is hard to find and fix. Critical files and folders are exposed.

The Varonis Solution

Varonis® DatAdvantage® addresses these challenges by aggregating Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage.

SharePoint Challenges

Questions

Permissions Challenges

  • Who has access to a site?
  • Which sites do a user, AD group, or SharePoint group have access to?
  • What are their effective permissions?
  • Where are my users changing permissions, and what are they doing?

Access Auditing Challenges

  • Who deleted my files?
  • Who has been accessing my folder?
  • What data has this user been accessing?

Operational Challenges

  • What sites have been exposed to all authenticated users or other "global access groups"?
  • How do I fix those sites without disrupting my users?
  • How can I understand and limit my SharePoint permission levels?

High Risks

  • Where do my users have excessive permissions?
  • How do I revoke permissions without disrupting my users?
  • Who has been accessing an unusual amount of data?

Why is this challenging?

Determining who has access to a SharePoint isn't exactly easy, especially if groups on the SharePoint ACL contain one or more nested SharePoint and/or Active Directory groups. Determining which sites a given SharePoint or AD group provides access to is downright difficult—without a program or script, an administrator has check every site just to begin the investigation. Determining who should and should not have access to any given site is simply impossible without automation.

SharePoint: Permissions Challenges

SharePoint auditing is difficult to collect and decipher. The result is that IT cannot answer fundamental questions like, "Who has been accessing my folder? Who deleted my data? What data has this person accessed?" See how DatAdvantage addresses these challenges.

SharePoint: Operational Challenges

Most SharePoint permissions and group membership changes are performed manually and are untested prior to execution. Identifying and cleaning up sites open to all authenticated users is especially difficult. Without access audit information, IT needs to make a guess as to who accesses a data set, manually effect the changes, and hope they don't get a call from an end user who can no longer access SharePoint data they require to do their job.

SharePoint: High Risk

It is difficult to identify excessive permissions; remediating excessive permissions without disrupting organizational processes is even more difficult. As a result, access to data is rarely revoked. Excessive permissions and the lack of an audit trail leave data at risk for loss, theft, tampering and misuse—with no way to determine what happened after the fact.

Why Varonis

Data protection is necessary to safeguard an organization's customers, employees, business partners, and investors. It is fundamental in securing an organization's intellectual property and competitive edge, and for maintaining the organizational trust required for it to properly function. Ongoing, scalable data protection and management require technology designed to handle an ever-increasing volume and complexity—a metadata framework.

The Varonis Metadata Framework non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes it, normalizes it, analyzes it, stores it, and presents it to IT administrators in an interactive, dynamic interface. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a configurable web-based interface—that are then executed—with no IT overhead or manual backend processes.

Resources

30-Day Trial

Our 30-Day Free Trial provides a full audit of your file system or your SharePoint environment. Audit permissions, auditing access, usage statistics, recommendations, impact analysis, and identification of business owners.

Within hours of installation

You can instantly conduct a permissions audit: File and folder access permissions and how those map to specific users and groups. You can even generate reports.

Within a day of installation

Varonis® DatAdvantage® will begin to show you which users are accessing the data, and how.

Within 3 weeks of installation

Varonis® DatAdvantage® will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs.

Get the Varonis View. Sign up for the 30-Day Free Trial.