With data growing at a rate of 50% per year and the demand for access to data from employees, partners and customers at an all time high, it’s no secret to IT that the complexity of managing and protecting their data is growing faster than their available resources. David Gibson, director of strategy at Varonis www.varonis.com guides us through the growing trend to implement software automation to identify, manage and protect access to sensitive data.
Certainly there is some benefit to “quarantining” some sensitive data—taking it off the network entirely or restricting access to only a very few people. However, there is an enormous amount of data that resides in file servers and other unstructured repositories because it’s needed for execution of business processes, and can’t be quarantined—some level access is required by business units and collaborative teams. Secure collaboration with valuable digital assets requires optimizing and automating authorization, and proactive monitoring of authorized use. New technologies are needed to keep up with the explosive growth of unstructured data and collaboration requirements.
Tools of the Race
While there are a number of software solutions focused on data management and protection, only a select few effectively employ metadata framework technology, which can identify sensitive data 90% faster than traditional classification methods. Data governance software that provides dynamically available metadata allows IT to answer questions like:
When considering software automation that leverages metadata framework technology, measuring the effectiveness of a solution is simplified by ensuring the following critical data protection features are facilitated by the solution.
Any solution for data management and control must provide a clear visual representation of data access controls (permissions) as they are currently defined in the existing file system hierarchy. This visual must show, in an aggregated and searchable fashion:
Any solution for unstructured data management must include all mechanisms to define, test, update and reverse file and folder permissions changes. Specifically the system needs to provide:
Paper: Preventing Data Los
A detailed audit trail must be provided for all aspects of data use (opens, creates, deletes, moves, email sent, received, etc., modifications to content, permissions, or group membership etc). The presentation of the information should be easily comprehensible, sortable, searchable and available as on-demand and scheduled reports.
A system for unstructured data governance needs to provide an automated means for the revocation of data permissions. Specifically the system should: Identify by name all users whose access to a given data set should be revoked, re-compute revocations as changes to Active Directory and file servers occur, provide the means to test the recommended revocations prior to enacting on the servers for enforcement, provide recommendations with accuracy greater than 3 nines (99.9%).
Any proposed solution for unstructured data management should not impede the performance of file servers, the user access experience or business traffic flow. Specifically, the system should not require native operating system auditing on traditional distributed systems (Windows auditing, UNIX/Linux auditing) in order to deliver its core functionality for data control.
Because most organisations add additional file servers over time and unstructured data grows very rapidly, the system has to provide room for growth. A data governance solution should be able to scale to accommodate unstructured data growing by more than 50% volume every 12 months.
Ease of Installation
A practical data protection solution cannot disrupt business operations or traffic flow. A solution should install quickly (e.g., within 5 business days), without the need for specialized professional services, and without assigning dedicated IT staff.
Ease of Use
A solution should not require specialised off-site training in order to operate. Any necessary training should be simple, and something the vendor can deliver on-site. Of course, the user interface should be intuitive and consistent across each platform. Managing permissions comes down to users, data, and level of access—whether on windows or UNIX file shares, SharePoint sites and libraries, or Exchange mailboxes and public folders—the interface should provide a clear, unified view over all platforms.
Ease of Integration
Data protection solutions need to support a range of file servers and storage devices including Windows Servers, UNIX/Linux servers, SharePoint, Exchange, and network attached storage (NAS) from leading NAS vendors.
Low Total Cost of Ownership
A solution for data protection has to demonstrate quantifiable benefits in time and resource savings. Be sure to look for automation in the following areas, which are often the most manually intensive: Data permission revocations, permissions reporting, data audit report generation, data entitlement review, stale data identification, data business owner identification, data migration.
Winning the Data Security Race
With over 23 million records containing personally identifiable information (PII) (source: privacyrights.org) leaked in 2011 alone, it is more important than ever for organisations to have proactive and repeatable processes in place for identifying and protecting critical data. Leveraging data governance software that employs metadata technology not only secures sensitive data, but it also provides a speed and scale that traditional data protection methods cannot achieve – ensuring organisations are always in the position to win the race against hackers.