from zero to data governance hero
Post on 19-Oct-2014
529 views
DESCRIPTION
The Varonis Data Governance suite helps organizations manage and protect their unstructured and semi structured data—the documents, spreadsheets, presentations, media files and other business data in file servers, NAS devices, SharePoint and Exchange.TRANSCRIPT
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
FROM ZERO TO DATA GOVERNANCE HEROA PLAYBOOK FOR SUSTAINABLE DATA PROTECTION
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
AGENDA
What is sustainable data governance?
Overview of the Varonis Operational Playbook
A deeper look at the 5 steps:
How can we take action today?
Takeaways
Questions
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Here’s some software…good luck!
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
QUESTIONS WE AIM TO ANSWER:
WHO has access to a data set?
WHO should have access to data set?
WHO has been accessing it?
WHICH data is sensitive?
WHO is the data owner?
WHERE is my sensitive data overexposed, and
how do I fix it?
…so how do we do it? Sign up for a free evaluation
GOVERNANCE OPERATIONAL OVERVIEW
• Enable Audit Trail• Inventory Permissions
Profile Data Use & Authorization Structure
• Classify and Tag Sensitive, High Profile DataIdentify Critical Data
• Global Access Groups• Excessive Group Membership
Reduce Excess Access
• Perform Entitlement Reviews• Formalize and Enforce Existing Processes
Identify Key Users & Owners
• Authorization• Recertification• Handling Policies for Sensitive Data
Define & Implement DG Policies
Risk Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Profile data use & authorization structure
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHO CAN ACCESS DATA?
Users / GroupsACLs
AccessActivit
yContent
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHO DOES ACCESS DATA?
Users / GroupsACLs
AccessActivit
yContent
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHAT TO LOOK FOR IN AN AUDITING SOLUTION
Speed
Completeness
Scalability
Usabilityflickr: olfiika
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
NATIVE AUDITING SYSTEMS
System Method
Windows Event auditing
Solaris BSM
AIX Audit
Linux Auditd
NetApp fpolicy
EMC VNX CEPA
Exchange Journaling & Diagnostics
SharePoint Event auditing
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Identify critical data
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHERE IS MY SENSITIVE DATA?
Users / GroupsACLs
AccessActivity
Content
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
QUOTE FROM A CIO ON DLP
“Yesterday I had one problem: where’s
my sensitive data?
Today I have 193,000 problems.”
Sign up for a free evaluation
WHERE IS SENSITIVE DATA OVEREXPOSED?
Varonis Systems. Proprietary and confidential.
Users / GroupsACLs
AccessActivity
Content
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
NOW YOU HAVE A STARTING POINT
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Reduce excess access
Sign up for a free evaluation
Permissions Creep
flickr: basheertome
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHO SHOULD HAVE ACCESS TO DATA?
Users GroupsACLs
AccessActivity Content
Magic
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
RECOMMENDATIONS AND MODELING
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Identify owners
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHY DATA OWNERS?
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
HBR ON DATA OWNERS
You don't manage people assets the same way you manage capital assets. Nor should you manage data assets in the same way you manage technology
assets. This may be the most fundamental reason for moving responsibility for data out of IT.
http://blogs.hbr.org/cs/2012/10/get_responsiblity_for_data_out.html
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHO USES DATA THE MOST?
Users / GroupsACLs
AccessActivit
yContent
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
WHICH FOLDERS NEED OWNERS?
• Identify the topmost unique ACL in a tree where business
users have access.
• If that ACL’s permissions allow write access to users outside
of IT, it’s considered a “demarcation point.”
• For what’s left, identify highest-level demarcation points
where non-IT users can only read data.
• For each demarcation point, identify the most active users
• Correlate active users with other metadata, such as
department name, payroll code, managed by, etc.
• This way, every folder where the business can read or write
data has an owner Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Define &implement policies
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
THE MENTOR NETWORK
Following the introduction of DataPrivilege [in Minnesota], the
workload for our team managing the shares for that state has decreased
by 50%.
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
Takeaways
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
ZERO
Before you start:
Access is a mystery – lots of excess
Activity is a mystery – who knows?
Owners are unknown and not involved
Preventive controls are in rough shape, no detective
controls – recipe for disaster
Processes are likely manual
Sign up for a free evaluation
VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.
HERO
After you finish:
Access is known
Use is audited
Owners review access, with intelligence
Abuse is flagged
Preventive controls are optimized, detective controls are in
place
Processes are automated
Sign up for a free evaluation