varonis datadvantage for sharepoint

40
Introduction to DatAdvantage for SharePoint © 2010 Varonis Systems.

Post on 19-Oct-2014

2.929 views

Category:

Technology


3 download

DESCRIPTION

Varonis® DatAdvantage® for SharePoint provides the visibility, auditing and recommendations necessary to properly control access to data in your SharePoint environment. DatAdvantage for SharePoint helps identify data owners, shows you who currently has access to information, tracks who is accessing data, and indicates who should have their access revoked.

TRANSCRIPT

Page 1: Varonis DatAdvantage for SharePoint

Introduction to DatAdvantage for SharePoint

© 2010 Varonis Systems.

Page 2: Varonis DatAdvantage for SharePoint

Unstructured Data Quantities – Present and Future

© 2008 Varonis Systems. Proprietary and confidential.

Unstructured and semi-structured data is exploding...

Source: Gartner Jan 2010

650% growth over the next 5 years

80% of all data is unstructured or semi-structured

Page 3: Varonis DatAdvantage for SharePoint

Data Explosion – Are We Ready?

91%

lack processes for determining data

ownership

76% unable to determine

who can access unstructured data

© 2010 Varonis Systems. Proprietary and confidential.

Page 3

DataCollaboration

Cross-Functional Teams+ Security Requirements

More ContainersMore ACLs

More Management

Source: Ponemon Institute

Can IT answer: Who has access to this

folder? Which folders does this

user or group have access to?

Who has been accessing this folder?

Which data is sensitive? Who is the data owner? Where is my sensitive

data overexposed? How do I fix it? Where do I begin?

---------More---------

Page 4: Varonis DatAdvantage for SharePoint

Varonis IDU Framework – Foundation for Data Governance

• Four types of metadata are collected, synthesized, processed, and presented:

Permissions information

User and Group Information

Access Activity

Sensitive Content Indicators

• Actionable data governance information is presented:

Who has access to a data set?

Who has been accessing it?

Which data is sensitive?

Who is the data owner?

Where is my sensitive data overexposed, and how do I fix it?

• Allows data owners to participate in data governance:

Automated Entitlement reviews

Authorization workflows

© 2010 Varonis Systems. Proprietary and confidential.

Page 4

Page 5: Varonis DatAdvantage for SharePoint

Varonis Data Governance Framework Components

© 2010 Varonis Systems. Proprietary and confidential.

Retention/Storage

Analysis & Modeling

Aggregation & Normalization

File System Meta Data Collection

User Data Collection

Commit Changes to

File Systems and

Directory Services

DatAdvantage DataPrivilege

Windows File

Systems

UNIX/Linux

SharePointMS Active Directory

LDAP NISLocal

Accounts

Data Content Classification

The Varonis IDU Framework creates and manages a meta-data layer that enables IT and the business to work together to protect unstructured data

Presentation

NAS

Access Activity

IDUIDU

Future

FUTURE

Page 6: Varonis DatAdvantage for SharePoint

IDU Multi-tiered Architecture

© 2010 Varonis Systems. Proprietary and confidential.

Page 6

Page 7: Varonis DatAdvantage for SharePoint

• Metadata and folder location don’t reveal ownership

• Time consuming and manual process to find owners

• Significant amounts “orphan” data–unknown business context or relevance, wasted storage

Unstructured Data – Operational Challenges

© 2010 Varonis Systems. Proprietary and confidential.

• As employee needs change, authorizations grow & grow

• Permissions are seldom revoked

• Tools are mostly manual: time consuming and error prone

Ensuring authorizations are based on business need

Identifying data business owners

• Native auditing impairs server performance, generates large volumes of difficult to decipher data

• Audit trail often enabled only after incident has occurred

• Most lack any audit information

Understanding who accessed data & how

• Searching through so much data takes a lot of time

• Data constantly changes – hard to keep current

• Results provide only the first step in the data’s protection

Finding/classifying sensitive content

Page 8: Varonis DatAdvantage for SharePoint

Risks, Controls & Regulations

• High Risk LevelsFile System data is at great risk for loss, theft, and misuse

Access configuration changes are untested

• File System Controls GapsMany access controls are “loose,” even broken

No audit trail exists

>50% of data has no known business owner

• Regulatory RequirementsHIPAA

CMS

Sarbanes Oxley

© 2010 Varonis Systems. Proprietary and confidential.

Page 8

Page 9: Varonis DatAdvantage for SharePoint

Varonis Solution

• Technological BreakthroughAutomatically Identify and Remediate Access Control Gaps

Provide a Usable Audit Trail of Data Usage

Identify Data Owners, Inactive Data, Sensitive Content

Automate and Enforce Access Control Processes

• Efficient, Effective Risk Reduction

• IT Data Protection Jumpstart

• Proven Operational Execution>600 customers

All Verticals

Page 10: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

DatAdvantage Functionality

Page 11: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Page 12: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Double-click any site…Double-click any site…

Page 13: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

…to see all of the users and groups which have access

…to see all of the users and groups which have access

Page 14: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Including SharePoint groups, which may contain AD groups

Including SharePoint groups, which may contain AD groups

Page 15: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Double-click any user or group…Double-click any user or group…

Page 16: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

…and see all accessible SharePoint sites and sub-sites

…and see all accessible SharePoint sites and sub-sites

Page 17: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Including what permission levels the user or group has

Including what permission levels the user or group has

Page 18: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

And where the permissions are inherited fromAnd where the permissions are inherited from

Page 19: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Right-click a site to see actual permissionsRight-click a site to see actual permissions

Page 20: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

See the effective permissions of combined levels

See the effective permissions of combined levels

Page 21: Varonis DatAdvantage for SharePoint

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 21

Page 22: Varonis DatAdvantage for SharePoint

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 22

Complete audit trail of file eventsComplete audit trail of file events

Page 23: Varonis DatAdvantage for SharePoint

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 23

Every open, create, move, modify and delete on the SharePoint system is recorded

Every open, create, move, modify and delete on the SharePoint system is recorded

Page 24: Varonis DatAdvantage for SharePoint

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 24

Record all SharePoint permissions changesRecord all SharePoint permissions changes

Page 25: Varonis DatAdvantage for SharePoint

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 25

Page 26: Varonis DatAdvantage for SharePoint

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 26

By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed

By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed

Page 27: Varonis DatAdvantage for SharePoint

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 27

List of users with red X’s next to their names can be removed from this group

List of users with red X’s next to their names can be removed from this group

Page 28: Varonis DatAdvantage for SharePoint

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 28

Page 29: Varonis DatAdvantage for SharePoint

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 29

With Varonis you can simulate permissions changes to your environment without affecting production

With Varonis you can simulate permissions changes to your environment without affecting production

Page 30: Varonis DatAdvantage for SharePoint

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 30

See what the results would have been if you’d made the changeSee what the results would have been if you’d made the change

Page 31: Varonis DatAdvantage for SharePoint

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 31

These users would have been affected by the changeThese users would have been affected by the change

Page 32: Varonis DatAdvantage for SharePoint

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 32

They can be added back to the ACL to avoid any interruption of service while reducing unneeded access

They can be added back to the ACL to avoid any interruption of service while reducing unneeded access

Page 33: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

Page 34: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

By analyzing audit activity, Varonis can help identify business data owners

By analyzing audit activity, Varonis can help identify business data owners

Page 35: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

Double-click a folder…Double-click a folder…

Page 36: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

View most active users…View most active users…

Page 37: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

The data owner is likely in this listThe data owner is likely in this list

Page 38: Varonis DatAdvantage for SharePoint

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

…or you’re one phone call away…or you’re one phone call away

Page 39: Varonis DatAdvantage for SharePoint

© 2008 Varonis Systems. Proprietary and confidential.

Common Use Cases for Varonis

• Access Control Cleanup – Identify & Remediate:“Global” Groups -(everyone, authenticated users, etc)

Redundant, Excessive Group Memberships

Orphaned SID’s, Individual User SIDS on ACL’s

• Find Lost & Deleted Files

• Identify Anomalous Behavior

• Track Permissions & Group Changes

• Ongoing Entitlement Reviews

• Automate Access Authorization & Revocation

• Identify Inappropriate File Activity (mp3’s, etc.)

• Enhance Other Data Protection Projects

Page 40: Varonis DatAdvantage for SharePoint

© 2008 Varonis Systems. Proprietary and confidential.

Common Use Cases for Varonis (cont’d)

• Efficient audit compliance - provide evidence of:

Effective permissions (preventive controls)

Usable audit trail (detective controls)

Authorization processes

Compliance with authorization processes

• SharePoint Migration

Stale Data Identification

Data Owner Identification