Enterprise content management captures, manages, stores, preserves and delivers structured and unstructured content and documents related to organizational processes.
Solution Implementer: Condé Nast
Solution Provider: Varonis Systems
Business Pain
Condé Nast is home to some of the world’s most recognizable magazines and Web sites. With offices worldwide, the company delivers quadrillions of bytes of information to millions of readers on a weekly and monthly basis. Its assets take the form of electronically stored intellectual property: internal corporate data as well as the work of writers, editors, contributors and artists who fill their pages. With multiple file servers and thousands of contributors, Condé Nast requires global data governance that is comprehensive and adaptive to the company’s dynamic access needs.
Granting and revoking permissions to data access is difficult to conduct expediently and accurately for any organization. The challenge is amplified within electronic publishing - Condé Nast’s transient IT environment, especially. With a worldwide user base of more than 6,000 and stored data in the millions of terabytes, maintaining an accurate mapping of appropriate user to data-access needs manually is unfeasible. The result of dated file controls can mean that data access is either overly permissive, thus raising security concerns, or overly restrictive, which can cause disruption in business flow.
Contractors and freelance writers require access to the same file servers used by writers and editors. Traditionally, IT departments spent hours of time setting these permissions, and revoking them was even more complicated. Because freelance employees sometimes belong to the same groups as permanent employees, removing group level access meant cutting off legitimate users. What Condé Nast needed was a central place to see which users should have access to what data and for how long.
Successful Solution
Condé Nast deployed the Varonis DatAdvantage solution for establishing an effective data control process worldwide. “DatAdvantage showed us the existing access permissions as they had been defined and gave us full visibility into who is really using the data, how often and in what way. With the granular data use audit information, we can spot wrongful or inappropriate use. But the biggest benefit is that any one of our administrators knows exactly who should have access to what information,” says Jerry Anzano, Condé Nast’s security and identity management group manager.
After spending two weeks in the evaluation of Varonis DatAdvantage within the production environment, Condé Nast began to verify that the data authorization recommendations from DatAdvantage would indeed eliminate many unused or unwarranted data permissions.
Since the permanent installation of Varonis DatAdvantage Condé Nast, has redefined data control companywide. Permissions are granted and revoked as needed and, in the case of freelance employees, on a per-engagement basis. The solution lets the IT team respond more quickly to new access requests, and permissions are granted much more efficiently and in line with business objectives for strict data governance.
Regarding time to implement, Varonis solutions install within two hours in most environments. Customers recognize value immediately in the form of an audit or data permission as they are in the current environment. At the end of a 30-day evaluation period, customers also get detailed recommendations on who should be removed from having access to data.
Innovation
All businesses with sensitive corporate data stored on file servers and more than a handful of employees accessing that data must address the question, “Who should and should not have access to which data?” While about 20 percent of enterprise data is “structured” - stored in databases, document management systems, etc., the majority is “unstructured” - documents, spreadsheets, presentations, etc.
Normally, organizations address the question, “Who should and should not have access to which data?” using a variety of manual management techniques and tools that are not informed by business process needs. Varonis has created a system that learns business process needs and uses that understanding to answer this difficult question as well as others.
As users access data, Varonis’ DatAdvantage solution applies patent-pending statistical models to understand the access patterns of users and how the users relate to each other and the data. This statistical modeling is wholly unique to Varonis and forms the core of the company’s Intelligent Data Use (IDU) analytics engine.
This approach breaks from conventional ideas by creating an intelligent platform that can be used to manage today’s pressing data access issues and serves as the foundation for addressing broader data governance challenges.
This technology gave Condé Nast a scalable solution that applied data controls to all worldwide locations, full visibility to the details of data use and access and adaptive authorization processes that are instep with highly dynamic user roles - something the company had never been able to realize.
Quantitative Results
Metrics for ROI.
- Time to conduct a data entitlement audit with and without Varonis. Specifically, the time it takes to create a report of each user’s permissions to data on given file servers manually and through the Varonis integrated reporting mechanism, which makes the task instant.
- Time to remove unwarranted permissions from a given data set or folder with and without Varonis. Specifically, removing access for individuals who no longer require privilege to view the data by calling the user and the data owner, and automatically through the Varonis recommendation functionality which identifies the individuals without human intervention.
- Time to identify inactive users with and without Varonis. Specifically, the time it takes to ascertain which users have not accessed data to which they have permissions (possibly indicated an unused account) manually by turning on Windows Server auditing during peak times (not advised per Microsoft best practices) or automatically through the Varonis integrated reporting mechanism.
Be the first to comment on this post using the section below.