Wendy Yale, Senior Director of Worldwide Marketing, Varonis provides some good advice for anyone on a budget or drawing one up – she shows you how to make your resources go further and keep your IT secure – all at the same time. These top ten tips will help you polish off your budget planning and keep on the right side of the boss.
The methods we use today to protect spreadsheets, documents, images and similar information on file servers are, frankly, out of date and not very 21st Century at all. Unfortunately, IT personnel – rather than the people that own the data – are the ones that have the job of keeping these growing mountains of data safe. This, of course, creates a problem since IT isn’t privy to what a user’s business need is for specific data sets. So until organisations start to shift the responsibility to business data owners, it is IT that has to enforce rules for who can access what on shared file systems and keep those strictures current through data growth and user role changes.
There are, of course, best practices that when repeated often and consistently can ensure nearly optimum mapping of users to data since least-privilege access can significantly reduce the risk of data loss. However, for most organisations following unstructured data protection “musts” is very challenging because the data is being generated far too quickly, so even if the organisation is small the data it creates and preserves can quickly outpace the IT department’s ability to keep up with protections and access control lists. Ideally, organisations should seek to automate some of the management tasks outlined below so that these “musts” can scale with data and can be conducted as part of a daily data management routine. Nevertheless, here are my top ten must-do actions for maximising unstructured data protection.
Top Ten IT Must Do’s for More Resources
1: Data Entitlement (Access Control List) ACL Reviews
Every file and folder on a Windows or Unix file system has access controls assigned to it which determine which users can access the data and how (i.e. read, write, execute, list). These controls need to be reviewed on a regular basis and the settings documented so that they can be verified as accurate by data business owners and security policy auditors.
2: Revocations of Unused and Unwarranted Permissions
Users with access to data that is not directly relevant to their jobs constitute a security risk for organisations. Most users only need access to a small fraction of the data that resides on file servers. It is important to review and then remove or revoke permissions that are unused.
3: Removal of Global Group ACLs like “Everyone”
It is not uncommon for folders on file shares to have access control permissions allowing “everyone” or all “domain users” (nearly everyone) to access the data they contain. This creates a security risk because any data placed in that folder will inherit the permissions. Global groups may be an easy default setting but they constitute a security risk because those who place data in these wide-open folders may not be aware of the lax access settings. Global access to folders should be removed and replaced with rules that give access to the explicit groups that need it.
4: Deletion or Archiving of Stale or Unused Data
Not all of the data contained on shared file servers and network attached storage devices is in active use. By archiving stale or unused data to offline storage or deleting it, IT makes the job of managing the remainder simpler and easier, while freeing up an expensive resource.
5: Deletion of Unused User Accounts
Directories may at times contain user accounts for individuals that are no longer with the company or group. These accounts constitute a security hole. Those with a working knowledge and access to user directories may retrieve information under someone else’s name. Organisations should routinely identify inactive users and verify that the need for the account is still there.
6: Identification of Data Business Owners
IT should keep a current list of data business owners and the file share folders for which each has responsibility. By having this list “at the ready,” IT can expedite a number of the previously identified tasks, including verifying permissions revocations, user account deletions and data to be archived. The net effect is a marked increase in the accuracy of data entitlement permissions and, therefore, data protection.
7: Preservation of All User Access Events in Searchable Archive
Even for environments where the user-to-data permissions are current and accurate, it is important to maintain a searchable archive of all user access events. This will help organisations with forensic analysis should data misuse or loss occur. IT should be able to search on a username, filename as well as date of interest and any combination thereof to ascertain who accessed what and how. This information can also help expedite helpdesk call resolution.
8: Continuous Auditing of Key User Accounts
Whether it is administrators or user groups with access to sensitive and valuable information, it is important to monitor access event activity to ensure that it is consistent with appropriate business access. An infected laptop, for instance, may register an inordinate number of file “deletes” for a given user. IT should have alerting mechanisms in place that identify anomalous access activity on file shares and send notification of the activity to the appropriate personnel.
9: Continuous Auditing of Key Data Folders
Folders that are known to contain sensitive or valuable information should be monitored for all access activity. Business owners should receive a daily or weekly report of user access to key folders they own, so that any activity deemed inconsistent with known business needs can be quickly identified and the risk mitigated.
10: Continuous Auditing of Security Settings to Data
IT should have the ability to capture and report on access control changes to data -- especially for highly sensitive folders. If access is incorrectly assigned or changed to a more permissive state without good business reason, the data business owner will be able to quickly identify and mitigate the situation by reporting the inconsistency to IT.
These are ten things you can do within a short timescale which will not only secure the data in your organisation but secure your place in the organisation if someone gets a hold of information they shouldn’t have access to.