Rabobank

How Varonis DatAdvantage Gives Rabobank Full Control Over Data Access and Permissions, and Enables Regulatory Compliance

PDF download


The Customer

Location: Utrecht, Netherlands

Industry: Financial Services

Products: DatAdvantage for Windows, DatAdvantage for SharePoint

Rabobank is a Dutch multinational banking and financial services company.

At Rabobank we have several compliance requirements to meet because we deal with a lot of confidential data from financial transactions. Without DatAdvantage, we wouldn’t be able to fulfill a lot of these regulatory demands because it would take a huge amount of time to collect the information – even if we could, it would already be outdated. With DatAdvantage, we can automatically trigger reports rather than do the work manually.

 Sebastiaan Van Putten – Technical Engineer, Rabobank

Business Requirements

  • Determine Data Owners: With so much unstructured data, including application data and departmental information, Rabobank needs to ensure it is only accessible by the people who should have access, and that data owners are formally assigned.
  • Easy Control Over Data Access and Permissions: Without a logical or optimal permission structure in place it was nearly impossible to identify who was working with the data and to which department it belonged. Once Rabobank had Varonis in place to help establish data ownership, the bank also needed to ensure the right departments and persons had access to the appropriate data.
  • Ensure Regulatory Compliance: Rabobank needed to prove it could control access to corporate and customer data as part of the financial industry’s many regulatory requirements. Also, with a presence in over 70 countries, Rabobank required a solution that would be capable of managing data access and control across a global organization.

The Varonis Solution

Rabobank had already been using DatAdvantage for Windows − when the time came for the bank’s Windows and SharePoint teams to merge, Sebastiaan van Putten, technical engineer for Rabobank, knew it would make sense to continue using Varonis DatAdvantage to manage all of its data within both Windows and SharePoint for 10,000 users and 12,000 users, respectively.

  • Varonis DatAdvantage for Windows and DatAdvantage for SharePoint ensure that only the right people have access to the right data at all times, all access is monitored, and abuse is flagged.
  • DatAdvantage makes it easy to see who’s doing what by tracking and monitoring file activity, analyses user behavior and reports on all activity happening on file servers, and makes permissions management straightforward.
  • With DatAdvantage, Rabobank can intelligently identify and govern who owns and can access which data, and receive alerts and reports that satisfy all regional compliance regulations.
  • Varonis DatAdvantage combines user and group information taken directly from Rabobank’s SharePoint and Windows Active Directory with the permissions metadata on its file shares to deliver a complete picture of the organisation’s access control landscape. Combining this with access activity and User Behaviour Analysis, DatAdvantage can automatically highlight users and groups that are inactive, redundant, or unnecessary and highlight areas where permissions can be safely reduced. This allows Rabobank to quickly troubleshoot problems, reduce risk, and answer questions about who can and should access data – questions that are pertinent in the financial sector where adhering to regulatory compliance is crucial.

“With all kinds of sensitive, unstructured data mixed up in one location, we needed to determine who initiated this data, who was responsible for this data, who was using it, and which user should and shouldn’t have access,” said Van Putten. “Varonis DatAdvantage provides us with actionable intelligence on which excess file permissions and group memberships can be safely removed without affecting business processes.” 

Results

Full Visibility into Data Ownership, Full Control over Permissions Management: According to Van Putten, “Varonis DatAdvantage has greatly helped us identify owners of unstructured data because of its bi-directional view on permissions − all necessary information like groups, users, and folders are available. DatAdvantage presents this data in a useful way so that we can easily share the results with the business and determine the best way to organise and control our unstructured data.”

Van Putten elaborated, “From time to time questions come in from the business about activity on file servers and SharePoint, such as, ‘Who did what at which moment?’ These sort of questions are hard to answer without having a solution that keeps track of all events. Varonis DatAdvantage provides us with what we need to make those events visible and easily retrievable. Previously we lacked this insight, which made it impossible to answer business questions and troubleshoot urgent situations. DatAdvantage also automatically generates regulatory driven reports, which are required on a monthly basis as part of the financial industry in which we operate.”

DatAdvantage has also helped Rabobank IT automatically create permissions reports which they can easily provide to the business. Before Varonis, a great deal of time went into recertifying folders, but now, Rabobank IT can spend more time on other important projects.

Reduced Risk and Full Compliance with a Least-Privilege Access Model: Logical access control objectives are based on the principal of least privilege; access should be granted to only those resources that are required to perform a user’s function. Many audit regulations now focus on proper controls around access and auditing of unstructured data on file systems and SharePoint servers.

“At Rabobank we have several compliance requirements to meet because we deal with a lot of confidential data from financial transactions,” said Van Putten. “Without DatAdvantage, we wouldn’t be able to fulfill a lot of these regulatory demands because it would take a huge amount of time to collect the information – even if we could, it would already be outdated. With DatAdvantage, we can automatically trigger reports rather than do the work manually.”

Global Approach to Data Control: Rabobank manages Varonis DatAdvantage for Windows and DatAdvantage for SharePoint internally across its 15-20 datacentres serving hundreds of locations worldwide. With over 500 departments with their own data, controlling data access is no easy feat. By using DatAdvantage, Rabobank has been able to significantly reduce the time it takes to find out who is accessing, using and deleting information from its Windows and SharePoint environments. This helps improve security as well as decrease the time it takes for auditing and reporting.

Improved Productivity: Van Putten also remarked on how DatAdvantage has drastically improved efficiency, especially when it comes to SharePoint’s more complex security architecture, “We often receive inquiries as to who can access what data, and if they’re having trouble accessing it, why is that? To answer those questions, our chief personnel previously had to manually create queries by browsing through lists and putting the results in Excel files. Now, with DatAdvantage, we can easily and efficiently create a report within just a few seconds.”

Van Putten added that DatAdvantage has “helped his team identify incidents faster when users gain access to files to which they shouldn’t have access. Before Varonis, no one knew which users had permission to which data. With DatAdvantage, we are capable of reporting on specific file structures and which files can be accessed.”

Looking Ahead

According to Van Putten, “We’re considering using Varonis DataPrivilege to further optimize data permissions management tasks by giving the business more control, without altering the approval workflows required from a security perspective. We’re also looking at Varonis DatAlert, which applies user behavior analytics to help detect data security breaches in real time.”