NBC Holdings (Pty) Ltd

How NBC Holdings identifies data owners and involves them in the authorization process

PDF download

NBC Holdings (Pty) Ltd (NBC) is the first black-owned and managed employee benefits company in South Africa. NBC pioneered the establishment of defined contribution funds, a trend that accelerated during the late 1980’s and early 1990’s as trade unions gained more influence and companies took advantage of the commercial certainty offered by defined contribution funds.

Today NBC is a leading force in the South African employee benefits arena, providing a comprehensive range of employee benefits products and services to 120 registered pension and provident funds,representing the retirement fund savings of more than 350,000 members.

The Challenge

As a financial institution, NBC Holdings needs to closely monitor access to data. In some instances data was moved or deleted and it was difficult and time-consuming for the IT department to figure out who moved it, and where. NBC needed a solution that could help them increase their control and auditing capabilities over the data on file servers in a way that could make this process efficient,and effective. In addition, there were some instances in which it was necessary to provide a record of email messages that were read, sent, or deleted and the IT department didn’t have an efficient way to do this. NBC also needed a way to relieve the IT helpdesk of some of the access provisioning tasks, as these tended to be time-consuming. In addition, IT often lacked context about the data to make accurate decisions about who should have access, and identifying who had access to a particular data-set was inefficient and resource-intensive.

Evaluation Parameters

NBC needed an effective and efficient way to monitor access to their Windows file servers and Exchange mail servers. They needed to find files that were moved or deleted, and more importantly,they needed to know who moved or deleted them. Furthermore, the ability to determine which messages were sent, received, read or deleted was another critical functionality for NBC. Native Windows and Exchange auditing tools could not provide the efficiency and accuracy NBC required and lacked any actionable intelligence, or analysis of the activity. At the same time the ability to identify data owners and involve them in the authorization process was something NBC was very interested in.

The Solution

Varonis DatAdvantage automates access and permission management on NAS devices, file servers, SharePoint and Exchange, providing visibility into existing access controls, data access auditing, and recommendations for tightening up access and group membership. DatAdvantage also provides customers with the ability to model or sandbox permissions and group membership changes before committing them without negatively impacting productivity. NBC started their deployment with DatAdvantage for Windows and DatAdvantage for Exchange, with the primary objective being to relieve the NBC help desk of time-consuming tasks like finding lost or deleted files. At the same time they are using DatAdvantage to locate the user who moved or deleted the files and investigate the reasons behind it. In a similar way, they can now monitor their Exchange environment and see which messages were read and which were deleted. When employees claim to not have received an email, NBC’s IT department can now confidently and efficiently access the audit trail and confirm the veracity of these types of claims. They also now periodically report on access activity and have much more control over their data. NBC has also taken advantage of Varonis’ ability to identify data owners, and is in the process of transferring the access provisioning process to them. They have already identified many data owners who are now in charge of provisioning access to their data, giving NBC much better data security, and offloading these tasks from the helpdesk so they have time to focus on other projects.

Business Benefits

Complete audit trail of events on Windows

With DatAdvantage for Windows NBC has a usable audit trail of every file touch on monitored servers. The audit trail provides detailed information on every file in a normalized database that is searchable and sortable. Data collection is performed with minimal impact to monitored servers and without requiring native Windows auditing.

Complete audit trail of events on Exchange

DatAdvantage provides NBC a usable audit trail of every email touch on monitored servers. Detailed information on every email event in a normalized database that is searchable and sortable and the data collection does not impact the monitored servers, nor does it require Exchange journaling or diagnostics.

Data owner identification and involvement

With a complete audit trail of user activity, DatAdvantage provides NBC statistical analysis to effectively identify business owners of data. Automated reports involve data owners in data governance processes.

Automated access provisioning

With DataPrivilege, NBC users can request access to data and group resources directly, providing explanation and duration, and data owners are automatically involved in the authorization process.Permissions changes are carried out automatically once approval requirements are met and permissions revocations are carried out automatically on their predefined expiration date.