Varonis Strengthens Control over Unstructured Data
May 24, 2011 Alex Woodie
Preventing unauthorized users from accessing semi-structured and unstructured data on stored on shared folders (including IBM i shops’ IFS) should be easier using the latest release of Varonis‘ Data Governance Suite, which gains new automation and visualization features.
The job of preventing unauthorized access to data is getting more difficult for several reasons. First, the sheer volume of data continues to grow at an exponential rate. Of particular concern is the growth of unstructured and semi-structured data, such as e-mail, Excel spreadsheets, PDFs, image files, and SharePoint files, which represents 80 percent of all data and is doubling every 18 months, according to Gartner.
Secondly, today’s highly collaborative business culture encourages people to share and benefit from the information housed in files, whether through semi-structured formats such as SharePoint and Exchange, or simply over the Wild Wild Web.
Balancing these opposing forces requires extreme diligence, especially considering new data security regulations in place at the state and federal levels. The desire not to sully one’s reputation by being the next big data breach covered on the evening news is another factor that can help drive secure behavior.
The problem is that establishing and maintaining secure permissions on shared file stores is not an easy thing to do. The folks at Varonis argue that existing access control tools, such as Microsoft‘s Active Directory, don’t provide the level of granularity and intelligence needed to keep up with the addition of new data, the influx of new users, and users’ changing roles. As a result, too many users have access to too many files, thereby damaging an organization’s security posture, Varonis says.
Varonis addresses this shortfall by adding another layer of visibility and control on top of the file systems of Windows, Linux, and Unix servers. The company’s flagship software, called DatAdvantage, features a file classification framework that can “learn” which files particular users need to do their job, and identify areas where permissions are too lax. The software also enables customers to restrict users and allow them to only access the files that they need to do their job.
The software doesn’t work with IBM i, which mostly deals with structured data (and has extremely tight controls for that). But Varonis’ software can be used to help control files stored on the IFS, which could originate from Web or Domino applications.
The version 5.6 release of the Data Governance Suite, which includes DatAdvantage and DataPrivilege, brings enhancements in several areas. The user interface for DataPrivilege, a self-service portal that lets users define access rules that are enforced by DatAdvantage, has been enhanced, and is now more configurable.
Administrators using DatAdvantage for Windows version 5.6 will see new interfaces designed to help them visualize their data access rules, including the capability to view both logical and physical permissions, or to view restrictions by file system hierarchy or by logical share.
Other features in DatAdvantage 5.6 should boost automation, such as the new bulk upload feature that makes it easier to assign owners to data containers, and the new data owner cloning and replacement feature with eliminates manual data entry. The suite’s metadata classification framework has also been bolstered with new verification routines for DatAdvantage’s algorithms, and new analysis tools that allow administrators to inspect the content of files without compromising the integrity of the access control system. Version 5.6 also features integration with RSA‘s Data Loss Prevention (DLP) suite.