Varonis Enhances Software

Varonis Systems introduced new enhancements to its DataPrivilege data entitlement management software

August 27, 2007

4 Min Read
NetworkComputing logo in a gray background | NetworkComputing

NEW YORK -- Varonis Systems Inc. (http://www.varonis.com), the foremost innovator and provider of comprehensive, actionable data governance solutions, today introduced new enhancements to its DataPrivilege data entitlement management software. The solution enables data owners within an organization to respond to and address all aspects of user access requests to business information without involving the IT department, infrastructure changes or business disruption. DataPrivilege puts the responsibility and controls for data entitlement management where it belongs, with business owners. With the enhancements of the newest release, Varonis further expands the significant cost savings that can be realized by transitioning data permissions handling out of IT departments.

“Data entitlement management is currently a manual process for many organizations,” said Chris Christiansen, program vice president for IDC's Security Products and Services. “Innovative software solutions like Varonis’ DataPrivilege help IT administrators save a great deal of time by automating this process and cutting down on help-desk calls. Such solutions also put control of the data back into the hands of individuals with direct insight into who should have rightful access – its business owners.”

The latest version of DataPrivilege offers significant enhancements in permissions handling, group membership requests, entitlement handling and reporting for audits. Key enhancements include:

  • Detailed Permissions Handling: Data users can submit requests to data business owners to access folders or files, which the owners can either grant or deny. Requests are granted by assigning users to a group whose permissions already include access to the desired file or folder, or by defining explicit access privilege for that individual to the requested file or folder. The ability to grant permissions at such a detailed level – by an individual user – gives the authorizer the flexibility to control access in a very precise way. The requestor’s access, for example, can be assigned for a finite time period or with lesser privilege than what has been requested. The result is greater security and stricter adherence to business security policy.

  • Requests for Group Membership: A new level of request brokering enables users to ask to be added to specific Active Directory user groups. The group owners can grant or deny the membership request, add annotation as to why the decision was made and even push the membership change into the live environment. Requests to be removed from a group are also handled in a similar manner. DataPrivilege puts those who need group membership changes, such as contract employees, directly in touch with the business owners of that user group. By eliminating the need for IT personnel to broker this process, group memberships and revocations are handled more expediently, efficiently and with reduced probability for error.

  • Automated Entitlement Handling or “Automatic Rules”: “Automatic rules” automate the workflow for handling data entitlements. A data owner may define a rule stating that all requests to access the folder named “finance” will be approved with a “read only” grant for a period of one week. Automatic rules can be enforced in the live environment for all requests, regardless of requestor role, or they can remain on hand within DataPrivilege for application in the future. The ability to define rules for automating the handling of permission requests and revocations automates the workflow and the enforcement of access controls. These automatic rules reflect corporate and business policy for information and group membership handling and consistently enforce it. The result is more expeditious handling of access requests and greater compliance with business data controls.

  • Enhanced Reporting: Enhanced reporting capabilities include several detailed reports that outline data entitlement management tasks and participants. Report results can be tailored by selecting from a wide variety of filters that arrange the report data according to primary areas of interest. Administrators can subscribe to receive reports of interest via e-mail on a preset schedule, and with the desired format and frequency (hourly, weekly, monthly). DataPrivilege reporting provides a detailed audit record for data entitlement management rationale and outcomes. This information can be used in forensic analysis, audit reporting or process and security policy refinement. The reports Varonis offers can greatly increase an enterprise’s operational efficiency in the assignment and revocation of data entitlements.

Real-World Access Management

“Before using Varonis’ DataPrivilege software, we were challenged with establishing an infrastructure for comprehensive data management over a highly distributed data user base,” said John F. Baker Sr., director of IT infrastructure support services at DataPath Inc. “DataPrivilege has enabled us to manage a vast amount of valuable data, ensuring that the framework and process for data access control does not in any way impede our central mission of enabling and fostering the collaborative sharing of electronic information.”

Varonis Systems Inc.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights