How Varonis DatAdvantage Gives Rabobank Full Control Over Data Access and Permissions, and Enables Regulatory Compliance
At Rabobank we have several compliance requirements to meet because we deal with a lot of confidential data from financial transactions. Without DatAdvantage, we wouldn’t be able to fulfill a lot of these regulatory demands because it would take a huge amount of time to collect the information – even if we could, it would already be outdated. With DatAdvantage, we can automatically trigger reports rather than do the work manually.
Sebastiaan Van Putten – Technical Engineer, Rabobank
Rabobank had already been using DatAdvantage for Windows − when the time came for the bank’s Windows and SharePoint teams to merge, Sebastiaan van Putten, technical engineer for Rabobank, knew it would make sense to continue using Varonis DatAdvantage to manage all of its data within both Windows and SharePoint for 10,000 users and 12,000 users, respectively.
“With all kinds of sensitive, unstructured data mixed up in one location, we needed to determine who initiated this data, who was responsible for this data, who was using it, and which user should and shouldn’t have access,” said Van Putten. “Varonis DatAdvantage provides us with actionable intelligence on which excess file permissions and group memberships can be safely removed without affecting business processes.”
Full Visibility into Data Ownership, Full Control over Permissions Management: According to Van Putten, “Varonis DatAdvantage has greatly helped us identify owners of unstructured data because of its bi-directional view on permissions − all necessary information like groups, users, and folders are available. DatAdvantage presents this data in a useful way so that we can easily share the results with the business and determine the best way to organise and control our unstructured data.”
Van Putten elaborated, “From time to time questions come in from the business about activity on file servers and SharePoint, such as, ‘Who did what at which moment?’ These sort of questions are hard to answer without having a solution that keeps track of all events. Varonis DatAdvantage provides us with what we need to make those events visible and easily retrievable. Previously we lacked this insight, which made it impossible to answer business questions and troubleshoot urgent situations. DatAdvantage also automatically generates regulatory driven reports, which are required on a monthly basis as part of the financial industry in which we operate.”
DatAdvantage has also helped Rabobank IT automatically create permissions reports which they can easily provide to the business. Before Varonis, a great deal of time went into recertifying folders, but now, Rabobank IT can spend more time on other important projects.
Reduced Risk and Full Compliance with a Least-Privilege Access Model: Logical access control objectives are based on the principal of least privilege; access should be granted to only those resources that are required to perform a user’s function. Many audit regulations now focus on proper controls around access and auditing of unstructured data on file systems and SharePoint servers.
“At Rabobank we have several compliance requirements to meet because we deal with a lot of confidential data from financial transactions,” said Van Putten. “Without DatAdvantage, we wouldn’t be able to fulfill a lot of these regulatory demands because it would take a huge amount of time to collect the information – even if we could, it would already be outdated. With DatAdvantage, we can automatically trigger reports rather than do the work manually.”
Global Approach to Data Control: Rabobank manages Varonis DatAdvantage for Windows and DatAdvantage for SharePoint internally across its 15-20 datacentres serving hundreds of locations worldwide. With over 500 departments with their own data, controlling data access is no easy feat. By using DatAdvantage, Rabobank has been able to significantly reduce the time it takes to find out who is accessing, using and deleting information from its Windows and SharePoint environments. This helps improve security as well as decrease the time it takes for auditing and reporting.
Improved Productivity: Van Putten also remarked on how DatAdvantage has drastically improved efficiency, especially when it comes to SharePoint’s more complex security architecture, “We often receive inquiries as to who can access what data, and if they’re having trouble accessing it, why is that? To answer those questions, our chief personnel previously had to manually create queries by browsing through lists and putting the results in Excel files. Now, with DatAdvantage, we can easily and efficiently create a report within just a few seconds.”
Van Putten added that DatAdvantage has “helped his team identify incidents faster when users gain access to files to which they shouldn’t have access. Before Varonis, no one knew which users had permission to which data. With DatAdvantage, we are capable of reporting on specific file structures and which files can be accessed.”
According to Van Putten, “We’re considering using Varonis DataPrivilege to further optimize data permissions management tasks by giving the business more control, without altering the approval workflows required from a security perspective. We’re also looking at Varonis DatAlert, which applies user behavior analytics to help detect data security breaches in real time.”