Home / Our Services / Enterprise Services / Data Compliance and Governance
Data Compliance and Governance

Purpose of Service

  • To help companies of all size to comply with law, regulations, and corporate governance in the access control of unstructured data sharing.
  • Automate collection of evidence of data access control and user operation on files for audit reporting.
 

Benefits and Values

  • Reduce significant amount of time IT staff spends on producing evidence for audits
  • Discover abnormal file access behavior
  • Data entitlement and data ownership review; set up access on an as-needed basis
  • Re-design of folder hierarchy to improve manageability
 

Scope of Service

  • Report on existing access control and ownership
  • Business user interview
  • Design new file sharing hierarchy
  • Correct information access control
  • Migration and consolidation of unstructured data
 

Approach and Methodology

  • Fix by Level Approach
    • File share hierarchy and its ACL can be complex owing to uncontrolled granting of access permission to users and user groups, ex-employees’ files, lots of files generated periodically by applications, and so on.
    • In order to remove excess permission to access files, it is necessary to review with business users the existing access control in order to confirm its accuracy and to identify data owner. A complex file share hierarchy often presents too much information (a few hundred thousand lines is normal) for a thorough review to be possible. ITC adopts a fix-by-level approach to remove this obstacle from the review process.
    • Using Varonis, we generate a whole file share tree report of ACL of each file and folder, their history of access, and the most possible data owner. Such information will then be grouped by each level of the file-share tree and reviewed by the business users level by level, starting at the top level. The design, data owner, proper permission, and its inheritance of folders at each level will be determined and then fixed. The same process will be repeated at the next level and up to a level where permission of all lower level folders can be inherited.
  • Change Simulation and Fixing ACL
    • When proper access control and data owner is determined at a level of the file-share tree, the change of the new access right will be simulated for a period of time by using Varonis. By analyzing the simulation result, the risk and impact of the changes can be analyzed and remedied. After the analysis, the changes will be committed, again, simply by using Varonis.
 

Vendor Partner and Products

  • Data Advantage
  • Data Privilege
  • IDU Data Classification
 

Supported Technology

  • File Shares and Semi-structured Data
    • Windows 2003/2008 file servers
    • Netapp and EMC (Celerra) NAS
    • Unix/Linux – NFS, SAMBA
    • Sharepoint
    • MS Exchange
  • Directory Service
    • Active Directory
    • LDAP v3
    • NIS
 

References
Copyright © 2012. IT Channel (Asia) Ltd. All rights reserved.