La Trobe University

How LaTrobe University asserts who is doing what with its data.

PDF download

The Customer

Location: Victoria, Australia

Industry: Education

Products: DatAdvantage

La Trobe is a multi-campus university in Victoria, Australia. Its maincampus is located in Melbourne, with two further major campusesand a number of smaller regional sites across the state. Today, it offers undergraduate and postgraduate courses to its 28,000 students across five major faculties, covering all the main learning areas: Education; Health Sciences; Humanities and Social Sciences;Business, Economics and Law; and Science, Technology and Engineering.

There’s a brilliant feature [in DatAdvantage] where you put in a user name, or a group name, and it instantly tells you where they have permissions on the folder structure. There’s no other way that I’ve seen that you can easily do that without dumping out all the permissions.

– Clint Beecroft, Windows Systems Manager

The Challenge

La Trobe operates a Windows environment, with close to 15 terabytes of data housed on its network-attached storage (NAS) system. Over the coming months this capacity will grow exponentially as the university consolidates its storage facilities, migrating additional file shares away from its dated Windows server cluster onto its NAS storage. As it has a fairly high user turnover, La Trobe recognizes that a significant proportion of its data is probably stale: while the people have moved on, their data remains. It’s down to the IT team to help areas determine what can safely be removed and what is still being used, which is extremely hard to do without usage intelligence.

In addition to these changes, an external audit highlighted the university’slack of insight of what users were doing with its data. Clint Beecroft, Windows Systems Manager at La Trobe, explains, “The imminent migration is obviously a major challenge for the team, and we need to make sure it goes as smoothly as possible. More urgently was addressing the audit’s findings. We wanted a way to see, and report, what is happening on our employee shares – who’s moving what and where, what’s being copied and deleted, etc. At the time, we didn’t have anything that offered capabilities to address this.”

Evaluation Parameters

The risk and compliance team had received a call from Varonis and, having a greed to a demonstration of its DatAdvantage solution, the officer was suitably impressed that he asked Clint to attend a subsequent demo. Clint quickly recognized DatAdvantage’s significance for himself.

He adds, “With Varonis’ help, we set up DatAdvantage on one of our servers and let it run for a few weeks collecting information. As soon as we started playing with the results we could quickly see it’s potential. I’d say that, within a week, you’ve got so much intelligence that you can start making decisions that produce immediate improvements. Aside from the auditing capabilities it also showed us a lot of extra data – we’d gathered some of this information in the past, but it was always really hard to get.”

The Solution

Varonis DatAdvantage works in the background, collecting every file touch within La Trobe’s file servers. Automatically collected and housed in a database that can be searched/sorted, this audit trail provides La Trobe the evidence required to confirm who is doing what with its data. Additionally, this intelligence means Clint can identify not just which folderscontain the bytes – but he can drill down to determine if it’s being used and by whom.

Clint elaborates, “It’s very easy to see from the DatAdvantage reports when data was last accessed, and modified. This information can then be used for data retention decision making.” As well as recording who is accessing what information, and what they’re doing with it, DatAdvantage also maps La Trobe’s permission structure. This offers visibility to who could have access and helps identify excessive or broken permissions.

Clint confirms, “There’s a brilliant feature where you can put in a user name or a group name and it will tell you whether they have permissions on the folder structure. There’s no other way that I’ve seen that you can easily do that without dumping out all the permissions. I can double click a file and see the security permissions, and where there’s broken SIDS on the folder structures. Moving forwards with La Trobe’s SAN to NAS migration, Clint plans to use DatAdvantage to report across the old cluster. This analysis will allow him to determine what data is there, and aid the decision making process of what can be cleaned away or moved across.

Clint adds, “To do this without Varonis, while possible, is time consuming. For example, if you want to know how much space a folder has utilized, you can find out by right clicking and then going to properties,but it takes time to go through each server, load it up and then analyze it. As we’re dealing with old and unstable servers we don’t like doing that too much anyway. With Varonis we can see so much more – when it was last modified,accessed and other details that all help with data retention decisions.”

A final element for Clint is the ability to perform group clean ups. Before DatAdvantage’s introduction, when deleting groups, the admin team wouldn’t have insight to the affect it would have, if any, on folders and file shares. Clint concludes,“Varonis gives us the ability to simulate the results, before we delete them.”

Business Benefits

Gain insight of what users are doing with its data

DatAdvantage works in the background, collecting every file touch within La Trobe’s file servers. Automatically collected and housed in a database that can be searched/sorted, this audit trail provides La Trobe the evidence required to confirm who is doing what with its data.

Determine permission structure

DatAdvantage maps La Trobe’s permission structure, offering visibility to who could have access and help identify excessive or broken permissions.

Consolidate its storage facilities

La Trobe can analyse data currently housed on its SAN system, to determine what data is there, and identify if it’s redundant, confirming what can be cleaned away or moved across.