Varonis Data Governance Suite
The Varonis integrated product suite delivers immediate time-to-value through two software applications, Varonis DatAdvantage and Varonis DataPrivilege, which provide IT administrators and data owners with the vital intelligence they need to control access to business data. Varonis DatAdvantage and DataPrivilege will transform your permissions management and data governance practices by delivering the detailed information that IT staff needs, as well as the workflow management required to ensure rightful access to data.
Once you identify data owners in DatAdvantage, DataPrivilege automatically builds entitlement management workflow policies for those data owners. When access requests are made by data users, they go directly to the proper data owners. And, DatAdvantage supplies DataPrivilege with recommendations about whose access to data should be revoked, making it easy for data owners to review and reduce access so that it is based on business need.
- Automatically creates data entitlement management policies
- Automatically generates and distributes business intelligence to data owners
- Automatically enforces your data authorization process
The IDU Framework
The Varonis solution for comprehensive data governance is a highly scaleable software framework built with extreme ease of installation and use in mind.
The multi-tiered architecture, which can be implemented in under an hour, allows Varonis to aggregate information from user directories and file servers regardless of number and physical location. Once installed, DatAdvantage gives full visibility into the unstructured data access environment, showing exactly who has access to which folders and how those permissions were set or inherited.
The Intelligent Data Use (IDU™) platform is at the core of Varonis data governance solutions. It determines via rigorous computation not only who is accessing data and how, but who should have access, and clearly presents those recommendations for dissemination to the live access environment.
Most businesses keep user information and data in repositories. Users are grouped by job function on directories, and data (unstructured data) is "grouped" in folders on file servers. The two become linked when there is an access event (opening a spreadsheet, deleting a file etc.). These events are recorded on the file servers. It is the case that under rightful use conditions, members of a particular group in the organisation frequently access the same data sets (i.e. the legal group accesses legal data). It can be said therefore, that users in a group "behave" similarly and their access patterns inherently reveal them to be a group. This fact when expressed as a matrix of activity establishes the basis for a mathematical model by which to derive business context. The Varonis Intelligent Data Use (IDU) platform analyzes user, data and access event information arranged in such a matrix to determine the groupings of users and data that belong together based on business need. The platform computes the relationships to show exactly who has appropriate group membership and who does not. This simple and elegant premise, which is executed by very complex and patent worthy statistical modeling, is wholly unique to Varonis and forms the core of the company's comprehensive platform for data governance.
The components of the Varonis solution for data governance are:
Probes
Probes collect data organisational structure information as well as access event information from Windows file servers, UNIX file servers and network attached storage devices. The probes then provide updates to the Varonis analytics engine as changes are made to file repositories. This communication, which is completely unintrusive to file systems, allows Varonis to stay in lockstep with any changes in the data access environment. In this way, DatAdvantage continually visualises the current access control situation and makes the recommendations that ensure timely and rightful access to data through scalable effective controls.
Analytics Engine
Analytics engine - this centralised application brings together the information about user and group memberships as well as the organisation of data for the purpose of visualising who has access and how their permissions were designated. The engine also determines the business owners of data as well as rightful data use based on business need so that it can recommend who should be removed from having access. Finally, the application provides a sand box environment in which to conduct what if scenarios, so that users can see the impact of changes to permissions prior to committing them in the live environment.
Commit Engine
In addition to recommending Varonis provides the mechanism for enacting user permissions to data so that they may be enforced on the file servers. Users of DatAdvantage and DataPrivilege can ensure that the desired data entitlements take effect by a point and click activity taking only seconds.
