Location: New York, NY
A member firm within Grant Thornton International, one of the world’s leading international organisations of independently owned and managed accounting and consulting firms, Grant Thornton France operates from 25 offices and has 1300 employees, of which 101 are partners. As a leading audit and consulting organisation in its own right, Grant Thornton France specialises in five key disciplines: auditing; consulting; accountancy; outsourcing; legal advice; tax and social security. Its clients include listed companies and large international organisations covering various industries including retail, manufacturing, distribution hospitality and services. Experienced employees from other Grant Thornton International member companies are often extended the opportunity of a minimum two year consecutive placement within Grant Thornton France. This not only provides personal and cultural development for the employee but also helps strengthen relationships within the member companies.
Since deploying DatAdvantage we’re not only able to find missing directories but also identify and prove which user is responsible for moving or deleting it saving time and improving efficiency.
Two years ago, Grant Thornton France was unable to consolidate access to its 30 file servers which, at the time, contained approximately four terabytes of data. Its Help Desk would spend on average 20% of its time speaking to users trying to access data that ‘had disappeared’, manually tracking down missing directories and restoring the information. Users would often claim to have had no involvement in the information vanishing with the IT team helpless to prove otherwise. Initially it tried to resolve the situation by using audit features within Microsoft Exchange Server however this proved unfeasible as, each time it was activated, the system was unable to operate causing the file servers to fail.
Eric Mege, security officer for Grant Thornton France explains further, “We’d identified that access auditing was a big stumbling block for us. We knew the data hadn’t just vanished, someone had to have done something, but users claimed they ‘hadn’t done anything’. A lot of time was being wasted on something that basically was down to human error. Every time we tried to activate the audit features within Exchange performance would be hindered to the extent that the system would crash.”
Grant Thornton knew it needed visibility to what users were doing on the system. Eric adds,“With just 13 in our IT team, we were wasting time trying to put something right that shouldn’t have been wrong in the first place. That’s just madness. We understand that mistakes can happen but it was frustrating as users would blame us when we knew, most of the time, it was them that had created the issue. With the information growing at between 20 to 30% year on year, in fact it might be slightly more as today we have about five or six terabytes of data, so this was a problem that wouldn’t just go away but would get worse.We needed a way of pinpointing the exact moment the data had moved so it could be reversed and everyone could get on with their jobs – for us its improving the infrastructure.” Another supplier to Grant Thornton, who was aware of its problem,suggested Varonis might be able to help.
Grant Thornton started the process with a proof of concept and instantly recognised that DatAdvantage could provide the quick and clear answer it so desperately needed.
Eric explains, “We started running DatAdvantage on one file server. I created a user guide for the help desk and, within a morning, they were proficient at using it to find lost data. The results spoke for themselves so the decision was taken to roll it out across all the file servers.” DatAdvantage automatically monitors every touch of every file on the server and stores the metadata it collects. These records can then be searched, retrospectively, to pinpoint the moment a file is moved or deleted, or query a particular user’s activity. For Grant Thornton this was just the intelligence it needed to be able to find its missing data.
Additionally, it also provided the evidence needed to determine who was responsible for its disappearance in the first place. Eric adds,“DatAdvantage has been a good teacher for our users as now, when they lose a file, they don’t claim innocence because we have the proof of who did it and when.” With the time saved by increasing help desk efficiency, Grant Thornton’s IT team can turn its attention back to the day job, and other areas of the infrastructure, where it can make improvements and add value without needing additional people.
Having solved one problem, Grant Thornton has already started looking at other areas where DatAdvantage can be used to offer improvements. Permissions is another area that, prior to DatAdvantage, Grant Thornton had not been able to manage effectively. Eric clarifies,“Personally I think every organisation that has a significant volume of information, so a few terabytes, needs automation if they’re to properly manage permissions otherwise as it’s just impossible to manually audit them. We’ve got 1300 users – that’s a lot of permissions.”
A relatively new project, Grant Thornton has started to use DatAdvantage to gain control of all the permissions on one file server. By combining user and group information, taken directly from Active Directory and other directory services, it is able to glean a complete picture of its file system and the permissions structure. By looking at which folders are accessed by which users and groups the data owners can be identified. Reports are then automatically created that provide clear, yet still detailed, information of every user and group that is actually accessing the data. These are sent to the relevant department heads who confirm if any permissions need to be changed or revoked.
Prior to actually making changes, Grant Thornton is able to model and simulate modifications in the sandbox to make sure there are no adverse results before activating them. Eric reports, “The sandbox is a fantastic resource as nothing happens that hasn’t already been tested so time is wasted making mistakes and having to roll back to the beginning. I know before I make a change what is going to happen and that the result is what I plan to achieve. We’re doing this server by server, not because I don’t think its valuable, but just the sheer volume makes it easier to break it down. If I suddenly had reports for all 30 file servers I’d buckle under the task. This is a continuous project and,as we gain control of each file server, more can be added as we move forwards.”
Having started this process, Grant Thornton has also been able to identify a few instances of data that has been accessed by users who don’t necessarily have a reason to do so. Eric explains, “One example was an internal department had some files that a user from another department had been looking at without necessarily have a valid reason for doing so. This information was passed to the department head for them to handle as they deemed appropriate. At the end of the day its not up to me what happens to nosy people but if users know we’re monitoring this type of activity then their less likely to poke around.”
Although it isn’t governed by any specific regulation, Grant Thornton uses DatAdvantage to create audits for its own internal security governance, to maintain records of who is accessing data and what they are doing with it. Eric concludes, “For me, a solution is worthless if the reporting is inadequate as it devalues what you’re doing. With Varonis I can produce reports covering months of activity, or even hours of activity, depending on what it is I’m trying to achieve. I can create reports that compare activity over a period to identify changes in behaviour which would be impossible to do manually. I’ve also got reports that are scheduled to be created and sent automatically periodically to the relevant business heads so its one less thing for me to remember to do. They’re in normal language, so there’s no involvement from me interpreting and translating them first, and they understand what they’re reading. That’s invaluable as I can spend my time on other tasks.”
The driving factor for Grant Thornton to select DatAdvantage, the suite automatically monitors every touch of every file on the system and stores this information in a database. These records can then be searched, retrospectively, to pinpoint the moment a file is moved or deleted, or query a particular user’s activity, providing the intelligence needed to resolve the query instantly. Being able to proportion blame has also improved the perception of IT as they are viewed asknowledge able and in control.
Tasks performed by the Help Desk are relatively basic yet 20% of its time was being wasted resolving issues caused by human error. With minimum training they were able to locate missing data and restore access improving not only its own efficiency but that of its users by reconnecting them quickly with the files needed to get back to work.
Although not a driving factor in selecting Varonis DatAdvantage, the suite provides detailed information of which files users and groups have access to as well as those that are actually being accessed and by whom. Using this intelligence Grant Thornton is able to gain control of its permissions, and maintain the security of its sensitive data.
With the clear language used within the reports, Grant Thornton is able to identify data owners and share reports automatically with them. This puts management and control back into the hands of those best placed to make informed decisions about the data rather than leaving IT to guess at what’s required.