Varonis: Working to Prevent Being the NExt WikiLeak? Don’t Forget the Metadata
December 2010 by Varonis
Despite all the news surrounding WikiLeaks and the immense amount of data stolen from the US government, little has been written about the organizational processes that contributed to the leaks, how the soldier who stole the data had access to such sensitive data in the first place, and how digital collaboration has increased to the point where these incidents will likely become commonplace unless root causes are identified and addressed.
“Organizations are becoming significantly more collaborative,” said Yaki Faitelson, chief executive officer, president and co-founder of Varonis Systems. “As a result, data is more widespread and vulnerable than ever before. For organizations to prevent loss of sensitive data while still enabling the collaboration needed to conduct business, they need to ensure that they have processes and automation in place for authorization and review of access to data, monitoring who is using data, and identifying sensitive data that is at risk.”
Unstructured and semi-structured data on shared file systems, NAS devices, SharePoint sites and Exchange mailboxes is a challenge to manage for any organization. According to analyst firm Gartner, all of the documents stored in these repositories, such as spreadsheets, presentations, documents, and multimedia files, account for roughly 80 percent of business data. By its very nature, this shared data is highly dynamic, and growing by about 50 percent each year. Another issue is that the relevance of data is constantly in flux, changing far faster than each user’s access rights. Users are often able to download or edit data they no longer need access to long after a project finishes or their role has changed.
A key part of the solution is metadata - data about data (or information about information) - and the technology needed to leverage it. When it comes to identifying sensitive data and protecting access to it, a number of types of metadata are relevant: user and group information, permissions information, access activity, and sensitive content indicators. A key benefit to leveraging metadata for preventing data loss is that it can be used to focus and accelerate the data classification process. In many instances the ability to leverage metadata can speed up the process by up to 90 percent, providing a shortlist of where an organization’s most sensitive data is, where it is most at risk, who has access to it and who shouldn’t.
Each file and folder, and user or group, has many metadata elements associated with it at any given point in time - permissions, timestamps, location in the file system, etc. - and the constantly changing files and folders generate streams of metadata, especially when combined with access activity. These combined metadata streams become a torrent of critical metadata. To capture, analyze, store and understand so much metadata requires metadata framework technology specifically designed for this purpose.
"As the WikiLeaks fiasco has shown, it only takes one rogue staff member - or a malignant individual - to access and copy a set of critical data files for the entire security system, and the integrity of the organization, to be severely compromised. Staff collaboration is why the data is open to begin with. But using manual methods to secure data in this era of digital collaboration is asking for trouble. It is astonishing that every file share, NAS device, SharePoint site and Exchange mailbox doesn’t have automated protection that prevents unwarranted access since this type of solution is readily available and the benefits are immediate,” Faitelson said.
“Organizations have to be aware they no longer have to manually manage permissions to ensure that only the correct users have access to the right data and that their permission can be revoked when they no longer need them. The previously impossible is now possible through the intelligent use of metadata and data governance automation. The instinctive reaction of many to these WikiLeaks is to try and lock down all data. That is not only impossible, it is unnecessary if you use the right technology," said Faitelson.