Location: Edmonton, Alberta, Canada
Industry: Financial Services
Products: DatAdvantage for Windows, UNIX/Linux, and Exchange, DataPrivilege, IDU Classification Framework
As the largest Alberta-based financial institution, ATB Financial helps more than 670,000 customers in 244 Alberta communities, through a network of 164 branches, 133 agencies, and a Customer Contact Centre. With more than 70 years of experience they aspire to be Albertans “first choice for the financial services and advice that matter the most to them”.
The DatAdvantage tools have assisted ATB Financial to better manage their unstructured data and work with the data owners to assign the proper access authority.
ATB Financial wanted to increase visibility into what was happening in their unstructured data environment. Manually auditing over 200TB of unstructured data was inefficient and ineffective—analysis was a time consuming task yielding inaccurate results. Native Windows auditing functionalities were difficult to sift through, and created such a huge amount of log events that they quickly started facing disk space challenges.
ATB also needed an efficient way to identify stale and non-business related data to archive or remove it. Soon after deploying Varonis DatAdvantage, a new challenge emerged as ATB discovered that some of their shared folders were exposed to the entire organization.
In order to remediate these exposures without disrupting business processes, they needed to audit access, identify data owners, and simulate changes to the permissions structure to test remediation steps prior to their execution.
Pat Wren, Managing Director, IT Operations, ATB Financial knew they needed an automated way to audit their NetApp, identify stale data and assign data owners. Further, he knew they needed to get control over their permission structure to make sure only the right people had the proper access to sensitive data.
ATB needed a solution that could give them visibility into their permission structure, allow them to track and audit access to sensitive data, identify stale data, and most importantly identify the data owners. A critical part of the evaluation was the audit and report across both the N-series appliances and file servers.
Varonis DatAdvantage automates access and permission management on both NAS devices and file servers, providing visibility into existing access controls, data access auditing, and recommendations for tightening up access and group membership. DatAdvantage also provides customers with the ability to model or sandbox permissions and group membership changes before committing them without negatively impacting productivity.
ATB started their deployment with DatAdvantage for Windows, having seen how Varonis could solve their permissions and auditing problems, they are in the process of expanding the installation to include DatAdvantage for UNIX and for SharePoint, extending its auditing capabilities to their UNIX and SharePoint environments. Less than a year after the initial purchase they added DatAdvantage for Exchange and expanded DatAdvantage functionalities to their mailboxes and public folders. They also acquired DataPrivilege, which allows them to empower data owners and get them involved in the authorization process. The Varonis IDU Classification Framework allowed them to identify their sensitive content and determine where it was overexposed.
The automated analytics and execution capabilities within DatAdvantage have allowed ATB to audit user access, ensure that permissions are both accurate and up to date, and meet their auditing requirements. Pat no longer has to worry about data being over exposed to the entire organization, or about the impact native auditing will have on their servers.
DatAdvantage gives ATB visibility into potential data risks by uncovering overly permissive access.
DatAdvantage access auditing lets ATB easily report on access activity and document data handling. They can now see who is accessing their data, and what are they doing with it.
With DatAdvantage, ATB now has a full audit trail that allows them to see what data is inactive. They can now identify stale data and then remove it from their environment.
DatAdvantage generates detailed statistics, alerts, and a searchable log of every file-touch, enabling ATB IT administrators to rapidly identify and report on excessive file opens, deletes or other such anomalous behaviours, without impacting the performance of their servers.
With DatAdvantage, ATB is now able to identify owners for the data on their NAS devices and file servers and involve them in the authorization process. DataPrivilege gives them the ability to automate many of the tasks this process entails.