Products: DatAdvantage Windows, DatAdvantage UNIX, and DatAdvantage SharePoint
The NPD Group provides market information and advisory services to clients. NPD tracks businesses representing over $1 trillion in sales in the Americas, Europe, and Asia-Pacific.
Varonis DatAdvantage is a product that we brought in as a security tool, but it’s so much more than that at the end of the day. Ultimately, it helps me make better decisions around our environment and it helps with planning.
To meet ISO 27001 standards for security and file access controls, NPD’s IT team was looking for a way to monitor file usage in their shared folders and restrict access to only those who were authorized. Overall, they also needed a more efficient way to administer file permission requests from over 1300 users globally.
The IT team top requirement was to have a “single pane of glass” from which to monitor file access, determine who should have access, and provide an efficient way to request and grant file permissions.
NPD is a multi-national company with offices in 27 countries. The IT department supports over 1300 internal users, as well as a pool of approximately 400 consultants. IT managers and executives began to see there was a potential for data exposure of their shared folders since they were accessed by changing groups of external contractors.
According to Al Mujtaba, VP of Enterprise Systems, verifying whether permissions for shared files were accurate and up-to-date was one of the IT group’s biggest challenges. The company was also facing an upcoming ISO 27001 audit. “We had to close the gap with ISO 27001,” says Mujtaba. “We didn’t have any technology within the enterprise to monitor the usage of file shares and see who was accessing these shares in anywhere close to real-time. We had to address this shortfall to be certified as 27001 compliant.” NPD began to look for vendors to close their access management and security gaps. Many stakeholders were involved in the evaluation process, including the executive director of the compliance and security department and managers in the IT platform group. As the evaluation process got under way, it was becoming clearer that Varonis would be a top contender.
“Working with the compliance group, we were able to identify our gaps, and analyze risks,” recalls Mujtaba. “The bottom-line business case for Varonis DatAdvantage was becoming very solid as we realized what it could do.” The IT group ran a proof of concept with Varonis DatAdvantage and that ultimately helped them decide to purchase the software. Mujtaba was able to show NPD’s security and IT executives that DatAdvantage not only could limit security exposures but also would improve the efficiency with which they could handle their management of permission requests.
The NPD executives were also impressed by the analytics engine and underlying platform, the Varonis Metadata Framework. They ultimately bought licenses for DatAdvantage Windows and DatAdvantage SharePoint for their Microsoft-based servers, as well as DatAdvantge UNIX for their other environments. They also purchased DatAdvantage Directory Services to automate user updates in their Active Directory.
“Varonis DatAdvantage really solves two problems for us,” emphasizes Mujtaba. “It not only improves our data security, but it handles proactively the entire data life cycle. I think that it was an easy sell at that point to our upper management.” The implementation went smoothly. With help from Varonis, Mujtaba’s team was able to fine tune DatAdvantage for their environment. After just a few months, DatAdvantage was fully rolled out and was collecting actionable information to help the IT team make better decisions and improve their operations.
“Before Varonis, we were getting requests for upwards of ten tickets per week to perform restores for files that were thought to be deleted,” notes Mujtaba. “A restore costs $300 to recall the tape and install the file in our environment, involving about four or five man hours. With DatAdvantage, we discovered that the data was often accidentally moved to another location by the user. This was a significant savings in terms of staff resources and money.” DatAdvantage is an especially important solution for NPD’s 20 system admins. DatAdvantage lets the admins work out who are the true owners of files in the shared folders. The admins then configured DatAdvantage to send out automated monthly reports to the owners showing them who has access to the files and who has actually accessed them in the last 30 days. “With DatAdvantage, we are able to give the users and data owners more intelligence,” says Mujtaba. “They’re now able to make better decisions around the data they are managing for their departments.”
When the 27001 audit finally came around, NPD had no problem passing and gaining certification. Mujtaba feels strongly that DatAdvantage is really a multipronged product that encompasses data security, operations, and governance.
“Varonis is a product that we brought in as a security solution,” says Mujtaba. “But it’s so much more than at the end of the day. It helps me make better decisions around our environment and it helps with planning.” Mujtaba’s overall advice for other IT groups is to take time in analyzing the data that Varonis provides, and then incrementally create a strategy around what you want to do. His own plan for the near future is to start using the powerful data classification feature in the IDU Classification Framework to better organize NPD’s data.
Using Varonis DatAdvantage Windows, DatAdvantage UNIX, and DatAdvantage SharePoint, the IT team at NPD was able to avoid unnecessary restores of file data that was thought to be deleted. This manual task can cost up to $300 per request and involve five man-hours of work. DatAdvantage keeps a complete log of file activities, enabling system admins to spot files that have been accidentally moved to other folders. With between three and ten requests per week to restore data, DatAdvantage’s cost savings for NPD are significant. To handle their heavy daily volume of user roll changes, they configured DataPrivilege to automatically make updates to Active Directory, freeing up a considerable block of time for the NPD system admins.
Varonis DatAdvantage reduces the risk of data exposure in the shared area of the NPD file system, which is available to a changing pool of consultants. NPD’s system admins now have full visibility into who has access to data and who is accessing data. As a result, access controls have been improved, access to critical data is monitored, and data is better protected.
As part of meeting ISO 27001 requirements for access controls, NPD needed to have policies and procedures in place to restrict data to authorized users and to review users access rights on an ongoing basis. ISO 27001 also requires companies to monitor logs for file activity. With Varonis DatAdvantage, NPD enforce their access control policies by letting sys admin learn who is accessing files versus who should be accessing. By reviewing the log activity, system admins can spot unusual activities and thereby close any securities holes in realtime.