Add Varonis to IAM for Better Access Governance

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help...
Michael Buckbee
2 min read
Last updated June 16, 2023

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help manage and govern access to applications and other corporate resources.

One of the challenges that remains after implementing an IAM solution, however, is how to apply its principles to unstructured data. IAM may be able to help you manage group memberships in Active Directory, but can’t tell you which data each group gives access to. It’s like managing the keys on a keyring without knowing which doors they unlock.

Get the Free Essential Guide to US Data Protection Compliance and Regulations

That’s where Varonis comes in. DatAdvantage has a bi-directional permissions view: just double-click on a folder, site, or mailbox to see who has access to it or click on a user or group to see everything they can access – across all your data stores.

Our customers often find that IAM is overprovisioning access based on roles, and Varonis will bring attention to those issues and help you fix them.

Varonis integrates with IAM to enhance and increase their capabilities, bringing together a holistic data security solution.

How Varonis integrates with IAM

Varonis DataPrivilege enhances the IAM process by taking the IT staff out of the approval chain for data access and putting that decision back with the data owners. Once that’s taken care of, you can implement a workflow to maintain least privilege permissions.

Varonis facilitates the integrations with both SOAP and REST API. With the API, you can synchronize managed data with your IAM/ITSM solution, and return instructions to DataPrivilege to execute and report on requests and access control changes. You’ll be able to use the integration to externally control DataPrivilege entitlement reviews, self-service access workflows, ownership assignment, and more.

The integrations allow for several standard use cases:

  • Data-Side Entitlement Review: From the IAM system, a user can request a report of the permissions on a folder for auditing, with options for removal
  • Line Manager User Side Entitlement Review: A manager selects one of their direct reports to pull a list of all groups/permissions that user is a member, and can request changes directly from the list
  • Self Service Access Request Workflow: Users request folder or group access, and DataPrivilege manages the approval process
  • Provisioning/Deprovisioning Workflow: Creating a new user in the IAM triggers a process to provide that user with standard permissions based on their job function, and conversely deprovisioned users get removed from all groups, so there are no orphaned accounts left in groups

Advantages of adding Varonis to your IAM strategy

On top of the IAM integration capabilities, Varonis helps build out a strong data security strategy: adding monitoring, classification, threat detection, and more to your arsenal.

If you have an IAM or you are planning on implementing an IAM as part of your data security initiatives, we’ll show you how to get even more out of your IAM by integrating with the Varonis Data Security Platformclick here for a personalized demo to get started.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

share-permissions
Share Permissions
In one of our recent posts, What About Individual Users on ACL’s? I mentioned that some organizations have opted for using Windows share permissions instead of NTFS permissions for file...
maximize-your-roi:-maintaining-a-least-privilege-model
Maximize your ROI: Maintaining a Least Privilege Model
TL;DR: Managing permissions can be expensive. For a 1,000 employee company, the overhead of permissions request tickets can cost up to $180K/year. Automating access control with DataPrivilege can save $105K/year...
ntfs-permissions-vs-share:-everything-you-need-to-know
NTFS Permissions vs Share: Everything You Need to Know
NTFS permissions are used to manage access to the files and folders that are stored in NTFS file systems. When you are using share and NTFS (NT File System) permissions together, the most restrictive permission wins.
another-look-at-folder-permissions:-beyond-aglp
Another Look at Folder Permissions: Beyond AGLP
AGLP is Microsoft’s four-letter abbreviation for guiding admins in setting permissions in an Active Directory environment. Account, Global, Local, Permission just means the following: you put user accounts (A) into...