Customer Success Story: MoMA
"With Varonis DatAdvantage we were able to establish effective data authorization processes and enact access control across MoMA."
- Steve Peltzman, CIO, MoMA
The Customer
MoMA (www.moma.org) is one of the leading modern art museums in the world. MoMA collects, conserves and exhibits modern and contemporary art; presents exhibitions and educational programs; maintains archives and research facilities and produces publications. As a highly acclaimed art and cultural institution, it is incumbent on MoMA to use the best and most sophisticated means available to ensure data governance. MoMA is a highly collaborative organization sharing information across departments including curatorial, education, archive, publication and administrative departments as well as their members. With over 700 employees, establishing data governance is essential in order to protect sensitive and private museum information within and across all MoMA constituencies.
The Challenge
Taking control over the data authorization process to establish data governance was a difficult challenge. "We did not have an automated and comprehensive process or technology that could apply MoMA data authorization initiatives across departments. Instead, we were trying to control access to data with the means available at the time, basic Windows resources and incomplete tools, which did not help us achieve our desired data governance objectives or meet our strict museum standards" says Steve Peltzman. Varonis DatAdvantage made it possible to set granular data governance controls throughout MoMA - eliminating excessive permissions, while providing working access to authorized users. With DatAdvantage, MoMA was able to align access controls with the Museum's unique business processes and organizational needs. Varonis DatAdvantage also helped MoMA establish an archiving strategy including the management of orphan data. DatAdvantage lets MoMA maintain and administer effective access controls over high-volume traffic from its user community.
Evaluation Parameters
The evaluation parameters focused on the need to build an effective access control process in a change-driven environment. The specific requirements included gaining visibility and understanding of how data is used and establishing authorization change controls with the ultimate goal of achieving sustainable data governance across the museum.
"We were looking for a solution that would provide us with visibility into the current data access situation and existing authorization levels. We wanted to analyze the process of permission grants and its implications on users and data, as well as to revoke permissions without disrupting our business processes" says Peltzman.
"It was also important for us to apply data governance to historical data and archives. We wanted to audit past data access patterns and produce granular reports that would allow us to take control over the authorization process and make it more efficient and repeatable."
"MoMA's small but centralized IT staff must monitor and manage high user traffic to shared data files. It is important for us to function very efficiently. Varonis DatAdvantage has allowed us to reduce some daily administrative tasks to minutes where they used to take hours. For instance, the process of ensuring that a specific department's team members are the only ones accessing their sensitive Departmental information used to take hours, even days. With DatAdvantage, it was quickly implemented on the spot."
The Solution
MoMA deployed Varonis DatAdvantage to establish and control museum wide data governance:
Visibility of MoMA Data Usage & Authorization Model
Immediately after its initial deployment, DatAdvantage provided full visibility into MoMA's existing authorization model identifying any potential data risks and uncovering unrightful access. Today, MoMA IT administrators consult DatAdvantage on a daily basis for comprehensive views of data utilization and authorization levels across shared files and archives.
Adaptive Authorization and Dynamic Access Control
DatAdvantage delivers actionable authorization recommendations, that automatically adapt to any changes in the museum's user or data landscape. This lets MoMA align data access with the museum's organizational and business needs.
Granting or revoking permissions for data access is challenging because the user repository and data file server information are in constant flux. Moreover, once permissions are granted, they are rarely revoked because doing so may have unpredictable consequences on authorized use. This often results in overly permissive access rights for most data users.
In order to address this challenge, what is needed is full visibility into MoMA's past data access patterns as well as an understanding of the business relationship between MoMA users and data. Since unstructured organizational data is so voluminous, this visibility and understanding cannot be attained manually. Varonis IDU Analytics identifies the true relationship between users and data, making it possible to establish effective data access controls by understanding who needs working access to what.
Now when the contents of MoMA user repositories or file servers change, or in the event of new museum collaborations, DatAdvantage automatically adapts data access recommendations to reflect these changes. MoMA IT administrators can then 3300review DatAdvantage recommendations and simply apply them to update museum wide access controls.
Data Owner Identification and Data Archiving Strategy
With DatAdvantage, MoMA can identify data ownership as well as locate orphan data, in order to discern which files are actively used versus those that are dated. By tracking the rightful owners of the data, MoMA can manage data liability across the museum and better define its data archiving strategy.
Intelligent Reporting
DatAdvantage provides multi-level, reporting and auditing capabilities, affording coverage of all user activities across multiple user groups and shared data repositories. With DatAdvantage reporting, MoMA IT can demonstrate control over the data authorization process to business and external auditors, as required by regulations and internal policies.
Reduced IT Management Complexity and Costs
Before deploying DatAdvantage, MoMA IT staff used to spend hours each day reviewing and managing user access. Varonis DatAdvantage has reduced data authorization management to mere minutes a day, resulting in higher IT productivity and responsiveness within a comprehensive framework and process for data governance.
Configuration
- IDU Probe for transparent activity monitoring
- DU Analytics Engine
- DatAdvantage Management GUI
