Fresenius Netcare

How Fresenius Netcare identifies access behaviour anomalies and locates lost or moved files

PDF download

The Customer

Location: Bad Homburg, Germany Industry: Information Products: DatAdvantage for Windows Fresenius Netcare is a wholly owned subsidiary of Fresenius SE & Co. KGaA, specialising in information technology services. More than 400 Fresenius Netcare employees, at 40 locations worldwide, optimise business processes for national and international customers. It offers a full spectrum of services from consulting and administration to the operation of infrastructure. As the IT provider of the Fresenius Group, Fresenius Netcare has attained extensive process and project management experience within the health care and pharmaceutical sectors. The company is ISO 9001 certified and is also an SAP Hosting Partner and a certified SAP Customer Competence Centre.

DatAdvantage allows us for the first time to manage the changing and cleaning-up of all permissions within our company from a single, central administrative platform, while also enabling us to analyse data access and usage extensively.

– Lothar Gützkow, Senior Manager Customer Service Support & Projects, Fresenius Netcare

The Challenge

A central file server at the Fresenius Netcare headquarters in Bad Homburg, Germany, serves all the business units, divisions and subsidiaries within the organisation. For a company the size of Fresenius, this means a huge volume of unstructured and semi-structured data – such as documents, images, spreadsheets, presentations and media. The average growth rate of unstructured data is about 50%, which makes it practically impossible to manually gain a clear and accurate overview of the company data and corresponding permissions. “The ever-increasing volume of data means that reliable auditing has become pivotal for us,” said Lothar Gützkow, Senior Manager Customer Service Support & Projects at Fresenius Netcare. “We had tried to gain the upper hand over the company’s data with our previous system but were unable to find a satisfactory solution.”

Evaluation Paramters

All user and project specific data within Fresenius Netcare is centrally stored on a NetApp Filer and managed by a central domain admin team who, previously, were only able to get a limited overview of the extensive company data and access rights. The IT team were able to read events, but could not provide auditable evaluation and information. Netapp emulates native Windows auditing, however the event IDs it generated for data access activity were not congruent with the Windows IDs. For the company to provide visible and reliable auditing, it needed a system that would be able to accurately monitor activity on the NetApp Filer. “Our key requirements for the optimisation of our data and permissions management were transparency and visibility”, said Gützkow. “These are crucial – not only for overarching reports on storage usage, critical data and permissions, but also for individual requests or lost data.”

The Solution

During the search for a solution, DatAdvantage for Windows quickly stood out from other providers during the market evaluation. The Data Governance Suite was the only product capable of clearly interpreting the NetApp Filer activity, which it gathers from Fpolicy rather than using the Windows auditing emulation. In addition, Varonis offered a broad spectrum of evaluation functions with minimal effort, allowing an unprecedented level of visibility. After a smooth installation, Fresenius Netcare has been using the system since 2010. The company now finally has the ability to check, update and clean up permissions, as well as migrate file systems.

One for All

For Fresenius Netcare, the precise evaluation and logging of data activity were crucial. With DatAdvantage, the IT team is, for the first time, in a position to gain a clear overview of where sensitive and critical data is located, who has access to it, who actually has accessed it and who should be able to access it. The quick identification of permissions means that relevant permissions can easily be granted, while unnecessary permissions are removed. Documents in folders that lie idle and could not previously be allocated can now also be clearly assigned.

Transparency and Visibility

The system also makes it possible to identify anomalies in access behaviour and locate lost or moved files. A further benefit for Fresenius is the ability to see how much storage space gets used on the system. Folders and storage areas with the greatest data growth are also identified. “Varonis DatAdvantage allows us for the first time to manage the changing and cleaning-up of all permissions within our company from a single, central administrative platform, while also enabling us to analyse data access and usage extensively,” said Gützkow. “This opens up a new level of transparency and visibility that ensures our continuously growing data volume will be able to keep pace with the future growth of our organisation. DatAdvantage has met our core requirements and now acts as a basis from which we will be able to expand the system into other locations and domains within Fresenius.”