Menu

Tuesday, December 1, 2015

Data Governance & Security Solution to Prevent Internal Data Leakages

When your company expands, its is must to protect your company sensitive data without being stolen. Implementing security policies are indeed, however monitoring the policy violation would be impossible respective to the company growth. Even you bought the super firewall, it facilitates internet security from outside attackers, however minimum security for the internal data leakage.

Due to that facts, it is must to think about a complete internal data security solution rather risking your company sensitive data collection. Obviously, the question comes to your mind would be if company data has not been organized and categorized how should I start implementing such a solution?

Answer is simple, go for an enterprise solution which provides, complete data analyzing, modelling, permitting, auditing and recommending best resolutions. By considering these facts, Varonis is one of the powerful software solution which provides actionable data governance solutions for financial services, healthcare, energy, manufacturing and tech companies.

According to Varonis specification, it provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration.

Following is the summary of Varonis tools, functionalities and respective features.

Varonis Tools
Functionalities
 Features
Remark
DataAdvantage Data audit and protection Bi-directional permissions view User permission view for each access point such as sharepoint, AD, mail, etc
Audit trail IO operations (open, create, delete, etc) in each access points
recommendation & modelling Based on who has permission & auditing, provide recommendations to control access
Data ownership identification Top access users for each access point
Content classification Anayze sensitive information (credit card No, Social security no, etc) and provide details on who has accessed and who is accessing those.
Multiple platform supportiveness Windows Severs, Unix, NAS devices, Exchange and public folders
DataAlerts User behaviour analytics Priviledge escalations
Critical file, folders, sites are accessed or deleted
Permissions are changed
Change is detected outside control hours
DataPrivilege Access governance Provide priviledge for business users to approve access requests No IT team support required
DataAnswers Enteprise search and eDiscovery Search folder and intranet for specific file or file metadata such as who created, opened, modified and who has access
DataAnywhere Enteprise file sync and share Turn your file share into a private cloud Private cloud features:-
- Access from mobile
- share with external parties
- Set permission
- Backup/ ID management / encryption / data classification
IDU Classification Framework Data classification Where in file system sensitive data resides
Who has accesss
Who should and shouldn’t have access 
Who uses it
Who owns it
Calculate risk percentage on data
Set prority for data based on risk
Alert on statistical deviation or spike in email/file access
Data Transport Engine Retention and migration Migrate live data  - Filter based on any criteria before migration
- Choose destination
- Set permission at the destination
- Schedule the migration
Migrate between two domains
Migrate data between windows to filshare or vice versa
Simulate migration

Are you satisfied with the above overall solution on data prevention?

I would still say no. Because even how depth it provides protection on analyzing and auditing data transfers still I could get a photo of your sensitive data collection or create a PDF version and send it to anybody. Major cons of Varonis is, it still not supporting image and PDF processing in order to governor the data content.

In that case, I would prefer to go for a solution such as NeoKami which is an Artificial Intelligent solution for governing data includes image and PDF processing as well. Comparatively, NeoKami doesn't provide all functionalities of Varonis. However, it is a powerful trainable AI solution facilitates advanced resolution for Data classification which Varonis provides.

Cheers..