Solution for Windows
Microsoft Windows file servers and NAS devices like EMC Celerra and NetApp filers present significant challenges to Windows administrators. Permissions management, access auditing, data owner identification, and protecting sensitive data now require automation—there are simply too many files, folders, ACLs, and groups in Active Directory to continue managing all of them manually.
Overview
The Challenge
Microsoft Windows file servers, including NAS devices like EMC Celerra and NetApp filers, present significant management and protection challenges to Windows administrators:
- Permissions: Determining who has access to a folder, which folders a user or group has access to, and identifying excess, unneeded permissions.
- Access Auditing: IT can't answer pressing questions like, "Who accessed or deleted my data?"
- Data Ownership: IT can't reliably identify business owners of shares and folders.
- Operational: Manual permissions and group changes are unreliable.
- High Risks: Stale, excess permissions are rarely revoked. The "Everyone" group is out there—a problem that is hard to find and fix. Critical files and folders are exposed.
The Varonis Solution
Varonis® DatAdvantage® addresses these challenges by aggregating Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage. With the Varonis Data Classification Framework, IT can immediately identify folders with excessive permissions that contain quantities of sensitive data.
Windows Challenges
Questions
- Who has access to a folder?
- Which folders does a user or group have access to?
- Who deleted my files?
- Who has been accessing my folder?
- What data has this user been accessing?
- What folders are open to the "everyone group", authenticated user, or domain users?
- How do I fix those folders without disrupting my users?
- Who owns this data?
- How can I help them make effective data protection and management decisions?
- Where do my users have excessive permissions?
- How do I revoke permissions without disrupting my users?
- Who has been accessing an unusual amount of data?
Why is this challenging?
Windows Permissions
On any given day, determining who has access to a folder isn't exactly easy, especially if groups on the folder's ACL contain one or more nested groups. Determining which folders a given group provides access to is downright difficult—without a program or script, an administrator has check every folder just to begin the investigation. Determining who should and should not have access to any given folder is simply impossible without automation.
Windows: Auditing Challenges
More than 95% of file access activity is not audited by IT. Why? Because native Windows auditing is so resource intensive and difficult to decipher, it is rarely enabled. The result is that IT cannot answer fundamental questions like, "Who has been accessing my folder? Who deleted my data? What data has this person accessed?"
Windows: Operational Challenges
Most permissions and group membership changes are performed manually and are untested prior to execution. Cleaning up global access groups (everyone, domain users, authenticated users, etc.) is especially difficult. Without access auditing, IT needs to make a guess as to who accesses a data set, manually effect the changes, and hope they don't get a call from an end user that can no longer access data they require to do their job.
Windows: Data Ownership Challenges
Organizational data owners should be making decisions about who gets access to their data and its proper use—not IT. Yet, 91% of organizations lack processes for determining who owns a given data set. Without a data owner that understands the sensitivity, importance, and organizational context, data cannot be managed and protected by the right people.
Windows: High Risk
It is difficult to identify excessive permissions; remediating excessive permissions without disrupting organizational processes is even more difficult. As a result, access to data is rarely revoked. Excessive permissions and the lack of an audit trail leave data at risk for loss, theft, tampering and misuse—with no way to determine what happened after the fact.
Why Varonis
Data protection is necessary to safeguard an organization's customers, employees, business partners, and investors. It is fundamental in securing an organization's intellectual property and competitive edge, and for maintaining the organizational trust required for it to properly function. Ongoing, scalable data protection and management require technology designed to handle an ever-increasing volume and complexity—a metadata framework.
The Varonis Metadata Framework™ non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes it, normalizes it, analyzes it, stores it, and presents it to IT administrators in an interactive, dynamic interface. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a configurable web-based interface—that are then executed—with no IT overhead or manual backend processes.
Resources
30-Day Trial
Our 30-Day Free Trial provides a full audit of your file system or your SharePoint environment. Audit permissions, auditing access, usage statistics, recommendations, impact analysis, and identification of business owners.
Within hours of installation
You can instantly conduct a permissions audit: File and folder access permissions and how those map to specific users and groups. You can even generate reports.
Within a day of installation
Varonis® DatAdvantage® will begin to show you which users are accessing the data, and how.
Within 3 weeks of installation
Varonis® DatAdvantage® will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs.
Get the Varonis View. Sign up for the 30-Day Free Trial.