Commvault partners with Pure Storage » Cisco Live, Melbourne, AU and Tinton Falls, NJ: Commvault has announced the integration of its Commv... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTOR... » A treatise on pastoral jihadism, islamism, arabism and cultural imperialism in Nigeria (Ephesians ... Where was Aisha Buhari when idiot Kumapayi flagr... » "Clip-clip..clip-clip...Did you not hear when BABA DAURA say women's place is in the kitchen?" ... UKCloud launches Disaster Recovery to the Cloud se... » London: UKCloud has announced the launch of Disaster Recovery to the Cloud, a self-service replicati... ADG Holdings bolsters security protection with Tra... » SAN MATEO, CA : TrapX Security™ has announced that ADG Holdings, a provider of proprietary trading a... ExtraHop combines analytics and low-cost storage... » London, UK: ExtraHop has announced several major platform enhancements as part of version 6.2. These... DEFENCE MINISTER MEETS TEENAGERS TAKING PART ... » Defence Minister Earl Howe today met teenagers at the Army’s first ‘Supercamp’, a new initiative whi... SONG OF THE SEASON » Also, visit: www.scorpionnewscorp.com APC, SO-SO TALK-TALK, SO-SO MOTIONS-MOTIONS, NO ACTION ... EEMBC and prpl align to drive use of hypervisors t... » SANTA CLARA, CALIF: Recently the prpl Foundation and EEMBC announced a formal partnership to advance... Qognify helps Navi Mumbai in the making of a safe ... » Qognify has announced the successful implementation of its market-leading Safe City solution in Navi...

Our Guest Columnists

John Walker
Professor John Walker is the owner and MD of Secure-Bastion Ltd, a specialist Contracting/Consultancy in the arena of IT Security Research, Forensics, and Security Analytics. READ MORE >>


YORGEN EDHOLM
Yorgen Edholm is President and CEO of Accellion, a pioneer and leading provider of secure file transfer and collaboration solutions. READ MORE >>



Faitelson
Mr. Faitelson is responsible for leading the management, strategic direction and execution of the Varonis vision.
READ MORE >>

 


Mike Small

 

Mike Small has over 40 years experience in the IT industry. He is an honorary fellow analyst ....

READ MORE >>


Andy Cordial

Andy Cordial, managing director of secure storage systems specialist Origin Storage ...
READ MORE >>


Paul Steiner
Dr Paul Steiner joined Accellion in 2001 as Senior Vice President-Europe...
READ MORE >>


Durbin

Steve Durbin is Global Vice President of the Information Security Forum (ISF). He has served as an ...
READ MORE >>


David Gibson

David Gibson has been in the IT industry for more than fifteen years, with a breadth of experience in data governance, network management, network security, ..

READ MORE >>


Jane Grafton

Jane Grafton has more than twenty years experience in domestic and international sales, marketing and business development.

READ MORE >>


Mr Dimitriadis

Christos K. Dimitriadis, CISA, CISM, is the chief information security officer of INTRALOT S.A, a multinational supplier of integrated gaming and transaction processing systems based in Greece, ...

READ MORE >>


Philip Lieberman

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry.

READ MORE >>


Jon Mills

Jon Mills is the managing director and general manager of SEPATON for Europe, Middle East and Africa (EMEA).

READ MORE >>


Dr Rustom Kanga

Dr Rustom Kanga is co-founder and CEO of iOmniscient, one of the pioneers in the field of Video Analysis.

READ MORE >>

CLICK HERE TO

SOCIAL BOOKMARK

Varonis looks at the implications for organisations that get it wrongand gives advice on how to protect your information in a digital world.

Digital files are critical business assets. Organisations create more and more of them every day, in a widening variety of more sophisticated formats. As spreadsheets, presentations, images, audio and video files increase in capability and complexity they convey more information and tell more complete stories. As an example, a presentation can now contain graphics, charts, video, and audio—organisations use presentations to communicate their business plans, quarterly reviews, and internal processes. Files that can’t be used for collaboration are like financial assets that can’t be spent.

Not surprisingly, organisations now collaborate with digital files as part of almost every business process. They share them using core infrastructure components: File shares, email, and SharePoint. Collaboration via these infrastructure components has become so critical that organisations can scarcely function without them— even for an hour. If given a choice, most people would choose to have their phone service disrupted rather than their email.

And, while collaboration is essential, it introduces a lot of chaos. There is evidence of chaos in the sheer quantity of data being created-- the amount of data organisations need to manage and protect is growing at 50 percent year on year. Today we think in Gigabytes and Terabytes instead of Kilobytes and Megabytes; some organisations are grappling with Petabytes.

There is more evidence of chaos when examine how organisations try to manage and protect all this data; the number of data management elements—the folders, groups, and access control lists—is doubling every year. With dynamic, cross-functional teams accessing data sets in numerous locations on multiple platforms, it is difficult or impossible to determine who has access, needs access, does access, and “owns” the data.

The risks associated with this chaos turn grave when we consider that organisations now store countless files that contain information about their partners, their patients, their vendors, their clients, their customers, and even their client’s customers. Today it is difficult to find someone that hasn’t been notified at some point that their email or credit card information has been stolen.

When these digital assets are misused they can become a tremendous liability—reputation and client confidence suffers, intellectual property and competitive edge may be lost, or damages may be inflicted.

People and organisations will choose to conduct business with those organisations that have demonstrated that they can conduct secure collaboration, and organisations that continue to practice chaotic collaboration will eventually lose their ability to conduct business. Who will want to choose do business with a company that has demonstrated that they can’t protect their customers’ credit cards and email addresses? Who will want go to a hospital that can’t protect medical records?

How can you tell if your organisation is practicing secure collaboration?

Pick two people in your organisation at random, and pose the following questions to IT and data policy makers:

  • What data can these two people access? (Not what groups they‘re in, what actual data—what folders, files, SharePoint sites, mailboxes, etc.)
  • What have these two people accessed over the past week? (Not which servers; which actual files, folders and emails)
  • Of that data - which are sensitive and would cause problems if it were lost or released?
  • How did we decide what data these users should have access to? (Not what groups they‘re in, what data)
  • How will we decide when they should no longer have access to that data? (Other than when they leave the organisation).
  • If they suddenly decided to access everything they are able to, would we know and how?

If your organisation knows the answers to these questions, and it’s better than “I don’t know,” then you’re in reasonably good shape.

If not, then your organisation’s collaboration practices are uncontrolled, and not only are you at risk for a significant breach, but small-scale breaches are probably happening already.

The question you now need to answer is how to transform your chaotic collaboration into secure collaboration, to make it more ordered, manageable, and less risky, using the same platforms that you’ve already invested in and use so heavily—file shares, email, SharePoint.

How can You Achieve Secure Collaboration?

In order to tame the chaos, organisations first need to be able to quickly answer basic questions about data assets and the people that use them:

  • Who has access to what data?
  • Who is using what data?
  • Which data is sensitive?

Unfortunately, the answers to these questions change every day, so a snapshot of this information is not sufficient—this data about data, or metadata, needs to be continually updated through automated collection.

By continually collecting, aggregating, storing, and analysing metadata, organisations can then answer these more complex questions:

  • Who owns the data, or should be designated as its custodian?
  • Who should have access?
  • Where is data exposed?
  • Who is abusing their access?

Armed with these answers, organisations can then put procedures in place that enable secure collaboration. For example, all data has a designated owner or custodian, who reviews who has access to their data on a regular basis. Their reviews are enhanced through automated recommendations about which users have too much access, much like online shopping experiences are enhanced by recommendation algorithms. Data owners can easily review who has been accessing their data, which files contain sensitive content, and which are no longer used. No one is authorised to access data without correct approval.

Automation identifies and alerts on probable abnormal or abusive access, much like automation identifies and alerts on possibly fraudulent credit card activity.

Secure collaboration means that only the right people have access to the right data, and use of all data is monitored. It is a balance between the absence of access, where the asset cannot be leveraged, and excessive access, where the asset is a liability capable of causing damage.

If you didn’t trust a bank to safeguard your money you wouldn’t do business with them and the same is true for personal information. If you don’t trust an organisation to safeguard your data, you won’t do business with them, either. Controlling who is accessing your data and what they’re doing with it establishes a foundation of trust that everyone will feel happier about.

ABOUT YAKI FAITELSON

Varonis FaitelsonMr. Faitelson is responsible for leading the management, strategic direction and execution of the Varonis vision. Under his leadership, the company has established itself as the leading provider of data governance software and acquired an install base of over 1200 customers and over 4000 installations worldwide (April 2011).

Prior to Varonis, Mr. Faitelson held key leadership positions in the global professional services, product development and systems integration divisions of NetVision and Network Appliance. At Network Appliance he established the professional services team for the eMed region and the special deployment team for EMEA.

While at NetVision he lead their consulting and professional services division.

Leveraging his passion for technology and business, Mr. Faitelson honed his knowledge through years with disciplined strategic technological projects implementations and products development. Throughout his 15 years in business, Mr. Faitelson has developed expertise with technologies such as database infrastructures development, data mining, networking & storage architecture and data governance technology.

Who can be our Guest Columnist?