Classification of data. Monitoring the use of critical information on file servers
In modern organizations, file servers accumulate a huge amount of information created by users in their work. It should be understood that the set of documents that may be on the file server contain important, often confidential information. And to find it, as well as to understand who has access to it, and who uses this information, is not always easy.
Varonis DatAdvantage together with the Varonis Data Classification Framework module helps to solve a similar problem and answer the following questions:
- where are important (confidential, personal, etc.) data on a file server or SharePoint resource?
- who has access to this data?
- who uses this data and how (copying, deleting, modifying, opening, renaming a document)?
- access to what important information is redundant?
Varonis not only allows you to understand the scale of the problem with the availability of confidential data on the file server, but can also give recommendations on how to change access to this data.
The data classification mechanism is as follows. The system user sets the rules by which he wants to search for confidential information. The search can be carried out not only by the content of the file, but also by its extension (if, for example, we just want to find where the file server contains music or video, which can take up a significant amount of disk space). You can also create various rules for searching content. You can search for a line in the document, load your dictionaries, which will also be reconciled, use the rules and templates already set in the system, or search for data using regular expressions (if we want to find passport data or social security numbers, for example). It should also be noted that when creating a rule, the user can always check whether it works immediately or not. The interface Data Classification Framework provides the ability to drive the desired set of words or characters and check whether the rule will work on it. For example, you created a regular expression that should search in documents for a series and passport number. You can immediately check whether the rule will work as you need, and - make sure that you have compiled the regular expression. You can also search for a match in pictures, but this requires integration with an external document recognition mechanism.
')
It should also be noted, and flexibility in scheduling settings. Since when searching within documents, the load on the file server may slightly increase, it is possible to search for matches according to the classifier rules at the time when the load is minimal (for example, at night). You can set the start time of the scan, its frequency (for example, every day, every week, every other day, etc.) and duration. In the event that the classifier does not have time to go through the entire file server in the allotted time, it will begin its next iteration from the place where it stopped, and will again go through the documents that have been changed since the last scan. It is important to note that the number of classification rules in no way affects the load on the file server, because all checks for the presence of certain information in the document occur on the server side Varonis. You can also limit the scale of the scan itself - for example, not the entire file server, but only a part of it (some specific folders). You can also change the priority of the scan. For example, you want the classifier to first look for data in documents that are available to all employees of the company or in documents that have recently been changed - the possibility of such a choice exists.
The longer the classifier works, the more statistics it accumulates - the more clearly the results of its work become visible. After a certain time, you already clearly understand where the file server contains important information for you, who uses it, what data is publicly available, and what actions you can take on the results of the classification. You can also right in the system place tags (or flags - in the terminology of Varonis) on the folders in which confidential data is not supposed to (or vice versa, they have the right place there). And then, if someone puts some important documents into certain folders, the system will signal you about it. As well as about what happened, for example, in a week in folders where confidential data should be kept.
It is important to understand that the Varonis Data Classification Framework does not block the process of copying or deleting important data. But Varonis will always be able to show if someone uploads, copies, deletes important data from the file server. You can give a specific example. If we know that a certain employee leaves the company, we would not really want him to take with him also some corporate information (the company's client list, financial statements, etc.). We can start personal control over this employee until his dismissal, in order to trace whether he will copy the information in order to carry it with him. In addition, we can always see if he has access to confidential information, and if so, perhaps he should take this access before he even has time to do something.
On the issue of data classification, one could not be too sure that the data "will not leak anywhere." Lots of remedies are not always a sufficient guarantee against human error. Many often think that this will not happen to them. Financial statements, payroll, or a list of company clients - in the public domain? The situation seems strange or even implausible. But in our practice is quite common. So, for the fact that there were fewer such errors, and to reduce the human factor, the Varonis Data Classification Framework is needed.
Varonis DatAdvantage together with the Varonis Data Classification Framework module helps to solve a similar problem and answer the following questions:
- where are important (confidential, personal, etc.) data on a file server or SharePoint resource?
- who has access to this data?
- who uses this data and how (copying, deleting, modifying, opening, renaming a document)?
- access to what important information is redundant?
Varonis not only allows you to understand the scale of the problem with the availability of confidential data on the file server, but can also give recommendations on how to change access to this data.
The data classification mechanism is as follows. The system user sets the rules by which he wants to search for confidential information. The search can be carried out not only by the content of the file, but also by its extension (if, for example, we just want to find where the file server contains music or video, which can take up a significant amount of disk space). You can also create various rules for searching content. You can search for a line in the document, load your dictionaries, which will also be reconciled, use the rules and templates already set in the system, or search for data using regular expressions (if we want to find passport data or social security numbers, for example). It should also be noted that when creating a rule, the user can always check whether it works immediately or not. The interface Data Classification Framework provides the ability to drive the desired set of words or characters and check whether the rule will work on it. For example, you created a regular expression that should search in documents for a series and passport number. You can immediately check whether the rule will work as you need, and - make sure that you have compiled the regular expression. You can also search for a match in pictures, but this requires integration with an external document recognition mechanism.
')
It should also be noted, and flexibility in scheduling settings. Since when searching within documents, the load on the file server may slightly increase, it is possible to search for matches according to the classifier rules at the time when the load is minimal (for example, at night). You can set the start time of the scan, its frequency (for example, every day, every week, every other day, etc.) and duration. In the event that the classifier does not have time to go through the entire file server in the allotted time, it will begin its next iteration from the place where it stopped, and will again go through the documents that have been changed since the last scan. It is important to note that the number of classification rules in no way affects the load on the file server, because all checks for the presence of certain information in the document occur on the server side Varonis. You can also limit the scale of the scan itself - for example, not the entire file server, but only a part of it (some specific folders). You can also change the priority of the scan. For example, you want the classifier to first look for data in documents that are available to all employees of the company or in documents that have recently been changed - the possibility of such a choice exists.
The longer the classifier works, the more statistics it accumulates - the more clearly the results of its work become visible. After a certain time, you already clearly understand where the file server contains important information for you, who uses it, what data is publicly available, and what actions you can take on the results of the classification. You can also right in the system place tags (or flags - in the terminology of Varonis) on the folders in which confidential data is not supposed to (or vice versa, they have the right place there). And then, if someone puts some important documents into certain folders, the system will signal you about it. As well as about what happened, for example, in a week in folders where confidential data should be kept.
It is important to understand that the Varonis Data Classification Framework does not block the process of copying or deleting important data. But Varonis will always be able to show if someone uploads, copies, deletes important data from the file server. You can give a specific example. If we know that a certain employee leaves the company, we would not really want him to take with him also some corporate information (the company's client list, financial statements, etc.). We can start personal control over this employee until his dismissal, in order to trace whether he will copy the information in order to carry it with him. In addition, we can always see if he has access to confidential information, and if so, perhaps he should take this access before he even has time to do something.
On the issue of data classification, one could not be too sure that the data "will not leak anywhere." Lots of remedies are not always a sufficient guarantee against human error. Many often think that this will not happen to them. Financial statements, payroll, or a list of company clients - in the public domain? The situation seems strange or even implausible. But in our practice is quite common. So, for the fact that there were fewer such errors, and to reduce the human factor, the Varonis Data Classification Framework is needed.
Source: https://habr.com/ru/post/322246/
All Articles