News
Johnnie Konstantas, Varonis: 5 Things IT Should Do (but isn’t)
September 2008 by Johnnie Konstantas, vice president of marketing for Varonis
When it comes to protecting spreadsheets, documents, images and the like on file servers, today’s status quo is less than ideal. For most organizations following unstructured data protection “musts” is very challenging because the data is being generated far too quickly, so even if the organization is small the data it creates and preserves can quickly outpace the IT department’s ability to keep up with protections and access control lists. Ideally, organizations should seek to automate some of the management tasks outlined below so that these “musts” can scale with data and can be conducted as part of a daily data management routine. Nevertheless, here are the ten must-dos for maximizing unstructured data protection.
Must Do #1: Deletion or Archiving of Stale or Unused Data Not all of the data contained on shared file servers and network attached storage devices is in active use. By archiving stale or unused data to offline storage or deleting it, IT makes the job of managing the remainder simpler and easier, while freeing up an expensive resource.
Must Do #2: Identification of Data Business Owners IT should keep a current list of data business owners and the file share folders for which each has responsibility. By having this list “at the ready,” IT can expedite a number of the previously identified tasks, including verifying permissions revocations, user account deletions and data to be archived. The net effect is a marked increase in the accuracy of data entitlement permissions and, therefore, data protection.
Must Do #3: Preservation of All User Access Events in Searchable Archive Even for environments where the user-to-data permissions are current and accurate, it is important to maintain a searchable archive of all user access events. This will help organizations with triage and forensic analysis should data misuse or loss occur. IT should be able to search on a username, filename as well as date of interest and any combination thereof to ascertain who accessed what and how. This information can also help expedite helpdesk call resolution.
Must Do #4: Continuous Auditing of Key User Accounts Whether it is administrators or user groups with access to sensitive and valuable information, it is important to monitor access event activity to ensure that it is consistent with appropriate business access. An infected laptop, for instance, may register an inordinate number of file “deletes” for a given user. IT should have alerting mechanisms in place that identify anomalous access activity on file shares and send notification of the activity to the appropriate personnel.
Must Do #5: Continuous Auditing of Key Data Folders Folders that are known to contain sensitive or valuable information should be monitored for all access activity. Business owners should receive a daily or weekly report of user access to key folders they own, so that any activity deemed inconsistent with known business needs can be quickly identified and the risk mitigated.
GOLD SPONSOR
