Western Precooling

How Western Precooling locks down overexposed data.

PDF download

The Customer

Location: Fremont, California

Industry: Commerce

Products: DatAdvantage for Windows, Data Classification Framework

For nearly 70 years, Western Precooling has been the partner of choice for growers and shippers to get fresh, healthy produce from the field to their customers. Western Precooling was founded in 1942, when top icing was the universal cooling method. Over the years, Western Precooling has continued to refine the precooling processes, culminating in the HydroVac system to help deliver the freshest, healthiest produce to customers throughout the world. Western Precooling and their associate companies provide equipment, facilities, and services at over 100 sites in the West’s primary growing regions.

The choice for Western Precooling to go with Varonis was an obvious one. For the price of the DatAdvantage Suite versus the cost of Professional Services we had originally budgeted for the project, we not only gained more value and functionality, but we will also see a ROI in 6 months. That’s pretty amazing.

– Brian Paine, Director of IT, Western Precooling

The Challenge

Western Precooling needed an efficient way to lock down folders open to global access groups, as these folders would be accessible to the entire organization. Some of these folders contained sensitive information and therefore it was imperative to restrict access only to users who needed it.

In addition, they wanted to have a more detailed record of access activity that would efficiently allow them to find out what data employees were accessing and what they were doing with the data. Furthermore, since the organization foresees moving several applications and services to the Public cloud, and had recently bought a NetApp NAS device, the clean-up of permissions became of great importance.

Evaluation Parameters

Brian Paine, Director of IT, started looking for a solution that could clean-up excessive permissions and provide granular auditing capabilities. He considered bringing in a team of consultants to correct the problem, but was concerned that this approach wouldn’t solve the problem of how to maintain the environment after the clean-up process, and a team would not provide the auditing he needed.

One of Brian’s concerns was the impact the clean-up process might have on business activity; he needed solution that could allow him to clean up permissions without affecting the daily operations of the company. Since Western Precooling is preparing to move several applications and services to the Public cloud it is necessary to have permissions in order prior to the migration; otherwise it would become a problem to fix them later on. It was also important to identify which data was stale so it could be archived instead of migrating it. Finally, Brian was looking for a solution that could support their newly acquired NetApp device.

The Solution

Varonis DatAdvantage automates access and permissions management on both NetApp devices and file servers, providing visibility into existing access controls, data access auditing, and recommendations for tightening up access and group membership.

With DatAdvantage, Western Precooling has the ability to identify folders open to the “Everyone” group, and they see which of these folders are accessed the most so they can prioritize accordingly. DatAdvantage simulation capabilities provide the ability to model, or sandbox, permissions and group membership changes before committing them to production. This is a key feature to clean up permissions without disrupting regular business processes.

“So far we have put about 2 hours into clean-up and we have cleaned up 75% of home drives,” Brian said. DatAdvantage also provides the ability to commit changes to production as well as rollback functionality. This allows Western Precooling’s IT Department, to incrementally clean up the permissions and closely monitor the response they get from production.

DatAdvantage’s complete audit trail provides Brian’s team the granular record of access activity when they need to know what data has been accessed by each user. Now, if someone leaves the organization Brian can be certain he knows exactly what data they accessed and what they did with it.

In fact, with DatAdvantage alerting capabilities, he will be able to identify any anomalous access patterns and take appropriate action prior to an employee’s departure. The automated analytics and execution capabilities within DatAdvantage have allowed Western Precooling to ensure that permissions are both accurate and up to date, and that sensitive data is locked down. Brian no longer has to worry about data being exposed to the entire organization.

Business Benefits

Visibility of Data Permissions

DatAdvantage gives Western Precooling a complete, bi-directional view into the permissions structure.

Prioritize the Remediation Process

Western Precooling can now identify folders open to the “Everyone” group that are accessed the most and contain the most sensitive data. This allows them to prioritize the remediation process accordingly.

Simulation of Permissions Changes

DatAdvantage allows Western Precooling to model permissions changes without affecting production environments, and commit those changes when they’re ready.

Lock Down Overexposed Shares

With DatAdvantage, Western Precooling can incrementally commit changes to their production environment and monitor the response from the field.

Full Auditing Capabilities

DatAdvantage allow Western Precooling IT Department to have a complete record of access activity. They can now see, in detail, what data is being accessed by any user of their organization.

Stale Data Identification

With DatAdvantage complete audit trail, Western Precooling can now identify what data is stale. They can make informed decisions that will help accelerate and simplify their migrations.