Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

5 Data Governance Reports for Data Owners

Data Security

This blog will cover five Varonis reports that you can automatically generate for data owners to promote strong data governance practices. We will show you how to create, customize, schedule, and interpret these reports.

Why Data Owners Should Pay Attention to Their Data

Business users often don’t have any idea who can and does access the data relevant to their department. While IT often has tools to analyze permissions, grant and revoke access, and troubleshoot issues, data owners are left in the dark.

Data is a business asset, not an IT asset. We want our business users to grant/revoke access when appropriate, spot unauthorized or suspicious access and, help manage the data lifecycle—getting rid of stale, risky data that we no longer need.

Varonis reports are a great way to put actionable information in front of the users that are in the best position to make smart decisions to protect the organization’s data.

The Reports

Here are the five reports in DatAdvantage that your data owners can use to meet the objectives we discussed above.

Subscription form in DatAdvantage

The key is to set the subscription delivery parameters to “Report Server Email (Data-Driven).” In this context, “Data-driven” means that the report contains results based on data ownership in Varonis. Varonis will create reports for each data owner about their data, so data owners only see results about the information they actually care about. That way, administrators can set up a single subscription in Varonis, and send out a copy of that report to each owner about their relevant data activity.

For all of the reports discussed, schedule a Data-Driven subscription and select the delivery format for the report. My personal preference is to export reports as Excel files so I can manipulate the data so find what I need to see as quickly as possible. Your users might prefer PDF reports, or .CSV files. For ease of managing subscriptions, you will probably just want to settle on one standard format.

Drop down of the file types available for report subscriptions

There are different ways to schedule and configure subscription reports depending on the size of your organization, the number of Varonis monitored resources, and the number of data owners. We will go over two basic options, but please consult your Varonis Sales Engineer or Professional Services for more customized guidance.

The first option – for large shops – is to schedule different reports per monitored resource. This means you would set the file server filter to a specific resource at a unique time. Varonis will generate all the reports for each server during their scheduled run for each data owner on that server. Schedule the next server to run after the previous server completes.

File server filter set to a single filer

 

The second option – for smaller shops – is to remove the ‘File server’ filter and run the report with the filter Affected Objects -> Assigned Owner -> Management Status = Managed. This will create a report for all managed folders across all monitored resources in a single batch.

Management Status filter set to Yes to generate report for all data owners

Again, please discuss with the Varonis support teams to determine the best strategy for your organization.

2.a.01 Access Statistics

What does it do? The Access Statistics report lists all the users who perform any activity in a folder or server. It’s an aggregation of how many file events a user generates over a certain period.

What’s the business benefit? Data owners can look for any oddities in event usage over the past 30 days. Did one user create many more events than usual?

Recommended schedule: Monthy

Pro tip: Data owners can group the results by user with a pivot table to see the total events easily.

Access statistics report grouped by users
Access Statistics report grouped by User Name

3.a.01 Group Members

What does it do? The Group Members report presents a list of users that are in each data owner’s group(s).

What’s the business benefit? Data owners can use this report to spot-check their group’s members between entitlement reviews.

Recommended schedule: Weekly

Group members report

4.b.01 User or Group Permissions for Directory

What does it do? The User or Group Permissions for Directory report is a complete list of all permissions on the data owners’ file shares.

What’s the business benefit? Data owners can review this report to verify that there are no oddities in data access rights for each group on their file shares.

Recommended schedule: Weekly

Pro tip: Attackers add permissions to groups to move laterally across an organization and access more sensitive data.

Group permissions reports

4.g.01 Classification and Priorities

What does it do? The Classification and Priorities report shows the most recent (within the Relative Mode value) classification matches in the data owners’ file shares. Classification matches might exist in newly created files, new sensitive data in modified files, or matches from a previous scan.

What’s the business benefit? Data owners can review classified sensitive files in their shares to determine if they need to accept the risk as necessary for business use, and move, encrypt, or delete files that could become compliance risks.

Recommended schedule: Bi-monthly or Monthly

Pro tip: Add the Classification Results View role to data owners so they can use the DatAdvantage UI to see classification results in their shares.

Classification results report

7.b.01 Inactive Directories by Size

What does it do? The Inactive Directories by Size report will show data owners the folders in their shares that users don’t access.

What’s the business benefit? Data owners can use this report to determine if they can archive or delete data that their team no longer needs and has gone stale. Stale sensitive data is a treasure trove for attackers because people might not notice that they access it.

Recommended schedule: Monthly

Inactive folders report

Start The Varonis Operational Journey

Good data governance is not an accident. Organizations that take the necessary steps can get there. What we discuss here is a later stage of the Varonis Operational Journey. There are many steps that organizations must take to get to this level of data governance. You have to achieve least-privilege access, remediate Global Access, and then identify and assign data owners before implementing these reports.

Click here to schedule a meeting and start your Varonis Operational Journey so you can reach this level of data governance.

Jeff Petters

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.