THE CUSTOMER
Isis Pharmaceuticals is the leader in anti-sense drug development with a broad pipeline of drugs that are applicable to many different disease targets including cardiovascular, metabolic, severe and rare diseases, and cancer. Its anti-sense technology provides a direct route from genes to drugs with the opportunity to dramatically improve industry drug discovery productivity.
THE CHALLENGE
Like any organization, Isis was finding it increasingly complex and frustrating to keep track of its permissions infrastructure.
All too often groups in Active Directory did not correlate to the names of the folders on its file servers. This made it difficult to determine exactly what file shares groups had access to. Equally, if a user were added to a group they may be able to see more than they should, or not get the access that they needed.
Shannon McVeigh, responsible for infrastructure support, explains, “Sometimes I would need to mirror permissions for one user to another but this was easier said than done.”
When a user requested access to a folder Shannon would have to complete a lengthy process of steps before the request could be authorised and the user provisioned. Shannon outlines, “In honesty I didn’t have an easy way to determine exactly who had access to what. When a request came in I would first have to get it approved by the supervisor, then I would need to go into Active Directory and take a screen shot of the groups, then go into each group and make sure they had access to the folders that they needed access to. I would then have to map these for the new user. All in all, it would take about 20 minutes to provision a request.”
EVALUATION PARAMETERS
Varonis DatAdvantage aggregates Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. Shannon confirms, “Varonis demonstrated the capabilities of DatAdvantage and the results spoke volumes. It does what it claims to do.”
THE SOLUTION
Using the intelligence collected by DatAdvantage Isis is able to determine who has access to any particular folder. Conversely it can also be used to discover which folders a user or group has access to. Now when Shannon gets a service request from a user that needs access to a folder, she can see instantly what needs to be changed with the process reduced to just five minutes. Shannon details, “If I want to add any user to a group I can see exactly what they will have access to on the file shares when the change is made. I can also see which permissions each user has, and even which permissions he does or does not inherit. Without DatAdvantage I had no way to find this out.”
Isis has used DatAdvantage to monitor when a user, who is leaving the organization, copies, deletes or moves a folder so that any remedial action can be taken.
Using DatAdvantage, Isis can determine which users have been added, or even removed, from any group and exactly when it was completed. Using these reports can help it to demonstrate compliance with Sarbanes-Oxley requirements.
A happy side effect since deploying DatAdvantage is that Isis can use the statistics collected to determine who is accessing what files the mo
st, or reversely which are not being accessed at all. This will help with its clean up efforts, and subsequent archiving of stale data, in the future.
BUSINESS BENEFITS
Easily provision users
Using the intelligence collected by DatAdvantage Isis is able to determine who has access to any particular folder. Conversely it can also be used to discover which folders a user or group has access to. Now when a service request is received that a user needs access to a folder, it can see instantly what needs to be changed with the process reduced from 20 to just five minutes.
Easily produce reports to confirm Isis is satisfying Sarbanes-Oxley requirements
Isis can use DatAdvantage to track when a user is added or even removed from any group and exactly when it was completed.
Monitor file access activity in the period before a user leaves the organization
Isis has used DatAdvantage to monitor when a user, who is leaving the organization, copies, deletes or moves a folder so that any remedial action can be taken