Customer Success Story: Conde Nast

Download The Case Study (PDF)

"DatAdvantage showed us the existing access permissions and gave us visibility into who is really using the data, how often and in what way."
- Jerry Anzano, Manager, Security & Identity Management Group, Condé Nast

The Customer

Condé Nast is home to some of the world's most recognizable magazines and websites including GQ, Vogue, Vanity Fair and The New Yorker among many others. With offices across the US and in Paris and Milan, the company literally delivers quadrillions of bytes of information to millions of readers around the globe on a weekly and monthly basis.

Naturally, many of Condé Nast's critical assets take the form of electronically stored intellectual property. This includes internal corporate data, but also the work of writers, editors, contributors and artists who fill the pages of Condé Nast's portfolio of magazines. With tens of file servers and thousands of contributors, Condé Nast requires global data governance that is comprehensive and adaptive to the Company's dynamic access needs.

The Challenge

The process of granting and revoking permissions to data is difficult to conduct expediently and accurately for any organization. The challenge is further amplified within electronic publishing and the Condé Nast IT environment specifically. With a worldwide user base of thousands and stored data in the hundreds of terabytes, maintaining an accurate mapping of appropriate user to data access needs manually is infeasible. The result of dated file controls can mean that data access is either overly permissive thus raising security concerns or overly restrictive which can cause disruption in business flow and missed deadlines.

"Our user base is very diverse and transient. Contractors and freelance writers require access to some of the same file servers used by our writers and editors. Our IT department spends a great deal of time setting these permissions but revoking them is even more complicated. What we need is a central place to see which users should have access to what data and for how long."

Evaluation Parameters

Condé Nast requirements for comprehensive data governance centered on having a centralized way in which to view and manage data access permissions. Because the user group memberships and filer store contents change so frequently, the system needed to adapt to new information and render the updated authorizations instep with the changes in the environement.

"Our Windows Administration group needs to grant and revoke folder access through a process that is repeatable, so that anyone in the group can enact these permissions consistently," says Anzano. Condé Nast had concerns about misappropriated data access through the "inherited" permissions process. This is a notion that is part of directories. A user that is placed in a group "inherits" the file access permissions of that group. While this mechanism makes it easier for an administrator to grant access quickly, it makes the revocation of privileges very difficult especially if the user has "inherited" permissions from multiple groups.

The Solution

Condé Nast deployed the Varonis® DatAdvantage® solution for establishing an effective data control process worldwide.

"DatAdvantage showed us the existing access permissions as they had been defined, and gave us visibility into who is really using the data, how often and in what way. With the granular data use audit information, we can spot wrongful or inappropriate use but the biggest benefit is that any one of our administrators knows exactly who should have access to what information" says Mr. Anzano.

After spending two weeks in the evaluation of Varonis DatAdvantage within the production environment, Condé Nast began to verify that the data authorization recommendations from DatAdvantage would indeed eliminate many unused or unwarranted data permissions.

Since the permanent installation of Varonis DatAdvantage on a key subset of critical file servers, Condé Nast has redefined data control company-wide. On servers managed with DatAdvantage, permissions are granted and revoked as needed and in the case of freelance employees, on a per engagement basis. The solution lets the IT team respond more quickly to new access requests and permissions are granted much more efficiently and in line with business objectives for strict data governance.

Business Benefits

Full Visibility Into Data Use and Access

Given large amounts of data and an ever changing user base, Condé Nast was challenged to provide timely and appropriate data access control. Lack of visibility into the existing data permission levels and the data use patterns made IT reluctant to revoke or modify permission levels for fear of denying access to legitimate users. DatAdvantage shows the existing access environment and data permissions, providing full visibility into who is really using data and how. Wrongful or unwarranted data access can be flagged and investigated.

Effective Data Access Control Applied Within a Highly Transient User Community

Before DatAdvantage, Condé Nast had to manually infer a user's access privileges. With DatAdvantage, the team gets precise recommendations on which users and data belong to the same group and which data authorizations should be removed.

Increased Efficiency of IT

The IT staff of Condé Nast field a continuous stream of requests for access by permanent, contract and freelance magazine content contributors. The DatAdvantage solutions allows them to respond to these requests quickly and gives them the recommendations for implementing the appropriate levels of access and control. When permissions are no longer needed, DatAdvantage shows administrators where data authorizations should be removed and how to avoid impact to legitimate users.