Enterprise content management captures, manages, stores, preserves and delivers structured and unstructured content and documents related to organizational processes.
Solution Implementer: Condé Nast
Solution Provider: Varonis Systems
Condé Nast is home to some of the worlds most recognizable magazines and Web sites. With offices worldwide, the company delivers quadrillions of bytes of information to millions of readers on a weekly and monthly basis. Its assets take the form of electronically stored intellectual property: internal corporate data as well as the work of writers, editors, contributors and artists who fill their pages. With multiple file servers and thousands of contributors, Condé Nast requires global data governance that is comprehensive and adaptive to the companys dynamic access needs.
Granting and revoking permissions to data access is difficult to conduct expediently and accurately for any organization. The challenge is amplified within electronic publishing - Condé Nasts transient IT environment, especially. With a worldwide user base of more than 6,000 and stored data in the millions of terabytes, maintaining an accurate mapping of appropriate user to data-access needs manually is unfeasible. The result of dated file controls can mean that data access is either overly permissive, thus raising security concerns, or overly restrictive, which can cause disruption in business flow.
Contractors and freelance writers require access to the same file servers used by writers and editors. Traditionally, IT departments spent hours of time setting these permissions, and revoking them was even more complicated. Because freelance employees sometimes belong to the same groups as permanent employees, removing group level access meant cutting off legitimate users. What Condé Nast needed was a central place to see which users should have access to what data and for how long.
Condé Nast deployed the Varonis DatAdvantage solution for establishing an effective data control process worldwide. DatAdvantage showed us the existing access permissions as they had been defined and gave us full visibility into who is really using the data, how often and in what way. With the granular data use audit information, we can spot wrongful or inappropriate use. But the biggest benefit is that any one of our administrators knows exactly who should have access to what information, says Jerry Anzano, Condé Nasts security and identity management group manager.
After spending two weeks in the evaluation of Varonis DatAdvantage within the production environment, Condé Nast began to verify that the data authorization recommendations from DatAdvantage would indeed eliminate many unused or unwarranted data permissions.
Since the permanent installation of Varonis DatAdvantage Condé Nast, has redefined data control companywide. Permissions are granted and revoked as needed and, in the case of freelance employees, on a per-engagement basis. The solution lets the IT team respond more quickly to new access requests, and permissions are granted much more efficiently and in line with business objectives for strict data governance.
Regarding time to implement, Varonis solutions install within two hours in most environments. Customers recognize value immediately in the form of an audit or data permission as they are in the current environment. At the end of a 30-day evaluation period, customers also get detailed recommendations on who should be removed from having access to data.
All businesses with sensitive corporate data stored on file servers and more than a handful of employees accessing that data must address the question, Who should and should not have access to which data? While about 20 percent of enterprise data is structured - stored in databases, document management systems, etc., the majority is unstructured - documents, spreadsheets, presentations, etc.
Normally, organizations address the question, Who should and should not have access to which data? using a variety of manual management techniques and tools that are not informed by business process needs. Varonis has created a system that learns business process needs and uses that understanding to answer this difficult question as well as others.
As users access data, Varonis DatAdvantage solution applies patent-pending statistical models to understand the access patterns of users and how the users relate to each other and the data. This statistical modeling is wholly unique to Varonis and forms the core of the companys Intelligent Data Use (IDU) analytics engine.
This approach breaks from conventional ideas by creating an intelligent platform that can be used to manage todays pressing data access issues and serves as the foundation for addressing broader data governance challenges.
This technology gave Condé Nast a scalable solution that applied data controls to all worldwide locations, full visibility to the details of data use and access and adaptive authorization processes that are instep with highly dynamic user roles - something the company had never been able to realize.
Metrics for ROI.
- Time to conduct a data entitlement audit with and without Varonis. Specifically, the time it takes to create a report of each users permissions to data on given file servers manually and through the Varonis integrated reporting mechanism, which makes the task instant.
- Time to remove unwarranted permissions from a given data set or folder with and without Varonis. Specifically, removing access for individuals who no longer require privilege to view the data by calling the user and the data owner, and automatically through the Varonis recommendation functionality which identifies the individuals without human intervention.
- Time to identify inactive users with and without Varonis. Specifically, the time it takes to ascertain which users have not accessed data to which they have permissions (possibly indicated an unused account) manually by turning on Windows Server auditing during peak times (not advised per Microsoft best practices) or automatically through the Varonis integrated reporting mechanism.
DatAdvantage provided Condé Nast full visibility into data use and access. Given large amounts of data and an ever-changing user base, Condé Nast was challenged to provide timely and appropriate data access control. Lack of visibility into the existing data permission levels and the data use patterns made IT reluctant to revoke or modify permission levels for fear of denying access to legitimate users. DatAdvantage shows the existing access environment and data permissions, providing full visibility into who is really using data and how. Wrongful or unwarranted data access can be flagged and investigated.
The software also provided the company with effective data access control applied within a highly transient user community. Before DatAdvantage, Condé Nast had to manually infer a users access privileges. With DatAdvantage, the team gets precise recommendations on which users and data belong to the same group and which data authorizations should be removed.
Finally, DatAdvantage increased efficiency within the IT department. The IT staff of Condé Nast field a continuous stream of requests for access by permanent, contract and freelance magazine content contributors. The DatAdvantage solutions allows them to respond to these requests quickly and gives them the recommendations for implementing the appropriate levels of access and control. When permissions are no longer needed, DatAdvantage shows administrators where data authorizations should be removed and how to avoid impact to legitimate users.
DatAdvantage delivers actionable authorization recommendations that automatically adapt to any changes to the user or data landscape. This lets a company align data access with their organizational and business needs as they change. Granting or revoking permissions for data access is challenging because the user repository and data file server information are in constant flux. Moreover, once permissions are granted, they are rarely revoked because doing so may have unpredictable consequences on authorized use. This often results in overly permissive access rights for most data users.
In order to address this challenge, DatAdvantage gives full visibility into past data access patterns as well as an understanding of the business relationship between users and data. Because unstructured organizational data is so voluminous, this visibility and understanding cannot be attained manually. Varonis IDU Analytics identifies the true relationship between users and data, making it possible to establish effective data access controls by understanding who needs working access to what.
DatAdvantage provides multilevel reporting and auditing capabilities, affording coverage of all user activities across multiple user groups and shared-data repositories. With DatAdvantage reporting, IT departments can demonstrate long-term control over the data authorization process to business and external auditors as required by regulations and internal policies, thus sustaining its value.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access