Location: Tasmania, Australia
Products: DatAdvantage for Windows, DatAlert, Data Classification Framework
St. LukesHealth has been providing private health insurance to Australians since 1952. Headquartered in Tasmania, it has a large network of offices and agents throughout the region and employs 55 people. It also has a comprehensive range of electronic and online services that make claiming and paying easy for its members. As you’d expect with an organisation of its longevity, it has migrated systems a number of times over the years. Currently, it’s predominantly Microsoft environment houses approximately 15 terabytes of data (when compressed for backup) within 60 servers, of which 45 are virtual. In addition, it replicates a significant proportion of its data to its disaster recovery site.
Whenever anyone not working in the finance department attempts to gain entry, we know about it. That is worth the investment right there.
— Shaw Reid, CIO, St.LukesHealth
St. Lukes Health wanted clear visibility across its IT infrastructure to better understand data access and reduce risk by tightening security controls.
To test its viability, St. Lukes Health gave some conditions to the Varonis team who focused it specifically on the financial services environment. Shaw adds, “We specifically wanted to test Varonis’ DatAdvantage and IDU Classification Framework with regards to our PCI compliance requirements.”
Varonis’ IDU Classification Framework can perform content scans looking for specific character chains – in St. Lukes Health’s case, patterns that match credit card numbers, stored in directories there were almost certainly secured, but may have been forgotten about over the lifespan of the company. Unlike many other classification solutions that tell you where sensitive data resides, Varonis DatAdvantage also shows where that data is overexposed, who can access it, and who is accessing it. This means St.LukesHealth can comply with PCI guidance in a timely manner by automatically locating and locking down PCI-related data without interrupting the business.
Shaw recalls, “It came up with some very good results. We could see financial files being opened, modified, moved, while capturing who did it so we knew DatAdvantage was what we’d been looking for.” From this point, Shaw was able to build a business case identifying the various functions and benefits. Varonis, with assistance from Shaw, was invited to perform a live online education session for the Managing Director and General Manager so they could see it work and approve the project.
A key requirement was tightening security to sensitive data and directories. Using the bi-directional permissions visibility feature in DatAdvantage, Shaw was able to quickly profile the access of the organization’s employees. Clicking a directory highlights all users that can access its data. Similarly, clicking a user displays everything they have access to. In parallel, DatAdvantage monitors and collects every touch of every file on the file system in a database that can be sorted and searched.
Shaw explains, “We can now profile staff, identify their security privileges on the network, and once we get enough information on an individual and their work patterns, we can then talk to their management about any permissions that they have that they’re not using for a specific amount of time. This means I can start securing areas by asking, ‘Do you really need this? Is this the right place to store this data? Do we need to put it somewhere else?, etc.” St. Lukes Health can now better focus its efforts to secure its finance systems.
To do this, Shaw has enabled another Varonis Product – DatAlert, to receive real-time alerts on any changes to important configuration files, access to sensitive data, access denied events, and more. He continues, “Whenever anyone not working in the finance department attempts to gain entry, we know about it. That is worth the investment right there. Not only is DatAdvantage helping with our system administration processes, but it’s now integral to many of our security practices.” DatAdvantage has also allowed St.LukesHealth to be much more efficient in issue diagnosis. Where Shaw and his team would have spent a number of hours identifying and diagnosing problems, they’re now often down to minutes.
Shaw explains, “We’d designed and set up a unique business to business transaction profile, working directly with the National Australia bank. We’d got to a point where it was deemed secure, efficient, and traceable. All the transactions were traveling back and forth and it was going great. However, when we implemented and went live, it quickly became apparent that there was a delay with the schedules for transmitting the data. Once the files are authorised by individuals within the company they then go into a scheduler and await their turn to be picked up and sent off, but for some reason the timing was off. We used all the traditional methods we could think of, over several hours, trying to determine why it wasn’t working correctly, not only in terms of National Australia’s requirements but also our internal policies, but we couldn’t work out where the problem lay.
We decided to try the Varonis suite and within about 20 minutes we’d isolated a permissions issue, had it cleaned up and were back on track. That was critical because this was financial details that we were trying to insure the integrity of.” DatAdvantage reports have also been useful for external audits, helping to answer requests and ultimately getting St.LukesHealth across the line for compliance. Shaw concludes, “There are a lot of requirements within the PCI compliance criteria that need to be satisfied and Varonis gives us the opportunity to comply quickly. It certainly sends us a long way down the PCI compliance path.”
Varonis’ IDU Classification Framework performs content scans looking for specific patterns that match credit card numbers, which allows St. Lukes Health to control access to sensitive data and reduce risk.
St. Lukes Health can now profile staff, identify their security privileges on the network, and collect enough information to determine work patterns. The intelligence facilities a discussion with an employee’s line manager to remove defunct permissions, securing sensitive areas.
DatAdvantage is instrumental in issue diagnosis reducing time spent identifying and diagnosing problems, down from hours to minutes to diagnose and fix issues.
Varonis DatAlert flags activity that deserves immediate scrutiny.