Data classification. Monitoring the Use of Critical Information on File Servers

    In modern organizations, a huge amount of information created by users in their work accumulates on file servers. You must understand that many documents that can be located on a file server contain important, often confidential, information. And finding it, as well as understanding who has access to it and who uses this information, is not always easy.

    Varonis DatAdvantage together with the Varonis Data Classification Framework module helps to solve this problem and answer the following questions:

    - where is important (confidential, personal, etc.) data located on the file server or SharePoint resource?
    - who has access to this data?
    - who uses this data and how (copying, deleting, changing, opening, renaming a document)?
    - access to what important information is redundant?

    Varonis not only allows you to understand the extent of the problem with the availability of confidential data on the file server, but can also give recommendations on changing access to this data.
    The data classification mechanism is organized as follows. The system user sets the rules by which he wants to search for confidential information. Search can be carried out not only by the contents of the file, but also by its extension (if, for example, we just want to find where the music or video is located on the file server, which can take up a significant amount of disk space). You can also create different rules to search the content. You can search for a line in a document, load your dictionaries against which reconciliation will also take place, use the rules and templates already predefined in the system, or search for data using regular expressions (if, for example, we want to find passport data or social security numbers). It should also be noted that when creating a rule, the user can always check whether it works right away or not. The Data Classification Framework interface provides the ability to drive the desired set of words or characters and check if the rule works on it. For example, you created a regular expression that should look up the series and passport number in documents. You can immediately check whether the rule will work as you need, and - make sure that you composed the correct regular expression. You can look for a match in the pictures, but this requires integration with an external document recognition mechanism. which should look in the documents for the series and passport number. You can immediately check whether the rule will work as you need, and - make sure that you composed the correct regular expression. You can look for a match in the pictures, but this requires integration with an external document recognition mechanism. which should look in the documents for the series and passport number. You can immediately check whether the rule will work as you need, and - make sure that you composed the correct regular expression. You can look for a match in the pictures, but this requires integration with an external document recognition mechanism.

    It should also be noted the flexibility of setting the scan schedule. Since when searching inside documents, the load on the file server can slightly increase, you can search for matches according to the rules of the classifier at a time when the load is minimal (for example, at night). You can set the start time of the scan, its frequency (for example, every day, every week, every other day, etc.) and duration. In the event that in the allotted time the classifier does not have time to go through the entire file server, it will begin its next iteration from the place where it stopped, and will also go through the documents that have been changed since the last scan. It is important to note that the load on the file server in no way depends on the number of classification rules, for all checks for certain information in a document occur on the server side of Varonis. You can also limit the scanning scale itself - for example, not the entire file server, but only a part of it (some specific folders). You can also change the priority of the scan. For example, if you want the classifier to first search for data in documents that are available to all employees of the company or in documents that have recently been changed - there is a possibility of such a choice.

    The longer the classifier works, the more statistics it accumulates - the more clearly the results of its work become visible. After a certain time, you already clearly understand where the important information for you is located on the file server, who uses it, what data is shared and what actions can be taken based on the classification results. You can also place labels (or flags - in Varonis terminology) directly in the system on folders in which confidential data should not be located (or vice versa, they should be there). And then, if someone suddenly puts in important folders, important documents, the system will signal you about it. As well as about what, for example, happened during the week in folders where confidential data should be kept.

    It is important to understand that the Varonis Data Classification Framework does not block the process of copying or deleting important data. But Varonis can always show if someone uploads, copies, deletes important data from the file server. A concrete example can be given. If we know that a certain employee is leaving the company, we would not really want him to take with him what corporate information (list of company customers, financial statements, etc.). We can begin personal control over this employee until his dismissal, to track whether he will copy information in order to take it with him. In addition, we can always see if he has access to confidential information, and if so, perhaps he should take that access even before he has time to do something.

    On the issue of data classification, one could not be too sure that the data "will not leak anywhere." Many remedies are not always a sufficient guarantee against human error. It often seems to many that this will not happen to them. Are financial statements, payroll sheets, or a list of company customers in the public domain? The situation seems strange or even implausible. But in our practice it is quite common. So for the fact that there were fewer such errors and to reduce the human factor, we need the Varonis Data Classification Framework.

    Also popular now: