Cloud to organization scale - how Varonis can help build secure data sharing
Quite often in the modern world, people exchange information with each other. It should be noted that they can do this also within the framework of their official duties, often putting confidential information at additional risk.
There are several drawbacks to using the cloud:
Using Varonis DatAnywhere allows you to solve all the above problems. The cloud can be built within the existing file storage using existing access rights with minimal time for deployment and support.
Consider the work of Varonis DatAnywhere in more detail. The main purpose of creating a cloud is, first of all, the ability to exchange data within a department, organization or with third parties. Varonis allows you to do this without having to change the structure of the file storage or create a new one. DatAnywhere works with the file storage that already exists, based on the rights that the user has in AD and in DatAnywhere itself.
')
For users to work with Varonis DatAnywhere, all you need to do is create several groups in AD that are needed to differentiate roles in DatAnywhere — a user, an administrator, a user who has the ability to share external links, and a user who can create a workspace to share information with colleagues in this work area.
It should also be noted security when transferring data. Although the cloud works directly with the file server, external users first get to the server, which is located in the DMZ. No ports from the DMZ are open to the internal network and the server inside the network periodically polls the server from the DMZ for user authentication or data transfer.
The so-called “corporate dropbox” will be useful primarily for those who need to constantly upload or download data from / to the server, while not being in the office. It should be noted the flexibility to configure and the ability to support multiple platforms, like mobile and not. Varonis DatAnywhere does not assume the functions of an MDM solution and does not have the functions of managing mobile devices or protecting mail — it is just data exchange.
At the same time, the user can choose whether he wants to download data to his computer or mobile device, or wants the file to open each time anew when he accesses it. Synchronization can be selective - some folders can be downloaded all the time, and some can not. You can also choose the volume that can be synchronized with the device or specific files.
The important point is also the possibility of resolving collisions, that is, when users simultaneously work with the same file. DatAnywhere will indicate to the user that his file has been edited and will offer several options - to save both copies, or to save a newer copy. If the user uploads the document to the server and there already exists a document with the same name, then DatAnywhere will simply save this document with a different name (add an index). In addition, the system stores a log of the use of each file, and you can always find out who opened, modified the file.
It should also be noted the flexibility of the procedure for downloading or downloading files. A user can share a file with another user, if he has rights to it. At the same time, he can create both a public link to the file (by which anyone can download the file, if he has the link) and a private link — only a certain person can be sent the file to which the PIN code is sent. The link has a validity period or may be indefinite. It should be noted that when uploading a file, the system may be limited by both the file size and the extension. In addition, the person who created the link will receive a notification of its use.
Varonis DatAnywhere also has a great opportunity to customize the interface. The solution interface can be adapted to the floor any logos or corporate colors, also supported by the Russian language. First of all, it can be useful in those cases when you want to use DatAnywhere to exchange files with company clients. The client comes to the link to download something or lay out and see the logo and corporate colors of the company, on the site of which he enters.
It should also be noted the possibility of integrating DatAnywhere with third-party applications. Varonis provides ample opportunities to create additional features. Is there a need for a folder for the client to be automatically created by the information being downloaded from CRM, and after that a letter arrives to the client to upload documents to this folder? No problem - the possibility of such integration exists. Options you can think of many, the mechanism is quite flexible.
It should also be noted the special flexibility in the work itself - you can share files both through the client and without it, both of the mobile device and from a regular work computer. There is no need to build a VPN, for the user everything is very simple and clear. Installation of the product itself takes a short time, and there is no need to store the processed data somewhere - they are already stored on the file server.
At the moment, the need for internal secure data exchange is constantly growing. Organizations often have a distributed structure, interaction with customers often occurs only through the Internet. And here the “cloud inside the organization” from Varonis can be very useful.
There are several drawbacks to using the cloud:
- Storing critical company data outside of the country seriously increases the risk of misuse.
- Maintaining and maintaining your cloud storage is costly
- The cloud infrastructure is built in addition to the main corporate infrastructure and requires dual support.
- Duplication of data in the "cloud" creates additional difficulties in managing and additional risks associated with the disclosure of information.
Using Varonis DatAnywhere allows you to solve all the above problems. The cloud can be built within the existing file storage using existing access rights with minimal time for deployment and support.
Consider the work of Varonis DatAnywhere in more detail. The main purpose of creating a cloud is, first of all, the ability to exchange data within a department, organization or with third parties. Varonis allows you to do this without having to change the structure of the file storage or create a new one. DatAnywhere works with the file storage that already exists, based on the rights that the user has in AD and in DatAnywhere itself.
')
For users to work with Varonis DatAnywhere, all you need to do is create several groups in AD that are needed to differentiate roles in DatAnywhere — a user, an administrator, a user who has the ability to share external links, and a user who can create a workspace to share information with colleagues in this work area.
It should also be noted security when transferring data. Although the cloud works directly with the file server, external users first get to the server, which is located in the DMZ. No ports from the DMZ are open to the internal network and the server inside the network periodically polls the server from the DMZ for user authentication or data transfer.
The so-called “corporate dropbox” will be useful primarily for those who need to constantly upload or download data from / to the server, while not being in the office. It should be noted the flexibility to configure and the ability to support multiple platforms, like mobile and not. Varonis DatAnywhere does not assume the functions of an MDM solution and does not have the functions of managing mobile devices or protecting mail — it is just data exchange.
At the same time, the user can choose whether he wants to download data to his computer or mobile device, or wants the file to open each time anew when he accesses it. Synchronization can be selective - some folders can be downloaded all the time, and some can not. You can also choose the volume that can be synchronized with the device or specific files.
The important point is also the possibility of resolving collisions, that is, when users simultaneously work with the same file. DatAnywhere will indicate to the user that his file has been edited and will offer several options - to save both copies, or to save a newer copy. If the user uploads the document to the server and there already exists a document with the same name, then DatAnywhere will simply save this document with a different name (add an index). In addition, the system stores a log of the use of each file, and you can always find out who opened, modified the file.
It should also be noted the flexibility of the procedure for downloading or downloading files. A user can share a file with another user, if he has rights to it. At the same time, he can create both a public link to the file (by which anyone can download the file, if he has the link) and a private link — only a certain person can be sent the file to which the PIN code is sent. The link has a validity period or may be indefinite. It should be noted that when uploading a file, the system may be limited by both the file size and the extension. In addition, the person who created the link will receive a notification of its use.
Varonis DatAnywhere also has a great opportunity to customize the interface. The solution interface can be adapted to the floor any logos or corporate colors, also supported by the Russian language. First of all, it can be useful in those cases when you want to use DatAnywhere to exchange files with company clients. The client comes to the link to download something or lay out and see the logo and corporate colors of the company, on the site of which he enters.
It should also be noted the possibility of integrating DatAnywhere with third-party applications. Varonis provides ample opportunities to create additional features. Is there a need for a folder for the client to be automatically created by the information being downloaded from CRM, and after that a letter arrives to the client to upload documents to this folder? No problem - the possibility of such integration exists. Options you can think of many, the mechanism is quite flexible.
It should also be noted the special flexibility in the work itself - you can share files both through the client and without it, both of the mobile device and from a regular work computer. There is no need to build a VPN, for the user everything is very simple and clear. Installation of the product itself takes a short time, and there is no need to store the processed data somewhere - they are already stored on the file server.
At the moment, the need for internal secure data exchange is constantly growing. Organizations often have a distributed structure, interaction with customers often occurs only through the Internet. And here the “cloud inside the organization” from Varonis can be very useful.
Source: https://habr.com/ru/post/277115/
All Articles