Jump to content
Microsoft Windows file servers and NAS devices like EMC Celerra and NetApp filers present significant challenges to Windows administrators. Permissions management, access auditing, data owner identification, and protecting sensitive data now require automation—there are simply too many files, folders, ACLs, and groups in Active Directory to continue managing all of them manually.
Microsoft Windows file servers, including NAS devices like EMC Celerra and NetApp filers, present significant management and protection challenges to Windows administrators:
Varonis® DatAdvantage® addresses these challenges by aggregating Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage. With the Varonis Data Classification Framework, IT can immediately identify folders with excessive permissions that contain quantities of sensitive data.
On any given day, determining who has access to a folder isn't exactly easy, especially if groups on the folder's ACL contain one or more nested groups. Determining which folders a given group provides access to is downright difficult—without a program or script, an administrator has check every folder just to begin the investigation. Determining who should and should not have access to any given folder is simply impossible without automation.
More than 95% of file access activity is not audited by IT. Why? Because native Windows auditing is so resource intensive and difficult to decipher, it is rarely enabled. The result is that IT cannot answer fundamental questions like, "Who has been accessing my folder? Who deleted my data? What data has this person accessed?"
Most permissions and group membership changes are performed manually and are untested prior to execution. Cleaning up global access groups (everyone, domain users, authenticated users, etc.) is especially difficult. Without access auditing, IT needs to make a guess as to who accesses a data set, manually effect the changes, and hope they don't get a call from an end user that can no longer access data they require to do their job.
Organizational data owners should be making decisions about who gets access to their data and its proper use—not IT. Yet, 91% of organizations lack processes for determining who owns a given data set. Without a data owner that understands the sensitivity, importance, and organizational context, data cannot be managed and protected by the right people.
It is difficult to identify excessive permissions; remediating excessive permissions without disrupting organizational processes is even more difficult. As a result, access to data is rarely revoked. Excessive permissions and the lack of an audit trail leave data at risk for loss, theft, tampering and misuse—with no way to determine what happened after the fact.
Data protection is necessary to safeguard an organization's customers, employees, business partners, and investors. It is fundamental in securing an organization's intellectual property and competitive edge, and for maintaining the organizational trust required for it to properly function. Ongoing, scalable data protection and management require technology designed to handle an ever-increasing volume and complexity—a metadata framework.
The Varonis Metadata Framework™ non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes it, normalizes it, analyzes it, stores it, and presents it to IT administrators in an interactive, dynamic interface. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a configurable web-based interface—that are then executed—with no IT overhead or manual backend processes.
Our 30-Day Free Trial provides a full audit of your file system or your SharePoint environment. Audit permissions, auditing access, usage statistics, recommendations, impact analysis, and identification of business owners.
You can instantly conduct a permissions audit: File and folder access permissions and how those map to specific users and groups. You can even generate reports.
Varonis® DatAdvantage® will begin to show you which users are accessing the data, and how.
Varonis® DatAdvantage® will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs.
Get the Varonis View. Sign up for the 30-Day Free Trial.