Varonis, a provider of data governance software, has detailed how Nottingham Building Society is using Varonis DatAdvantage and DataPrivilege software to keep its critical and sensitive data secure. The Nottingham Building Society has been able to identify and assign ownership for over 90 per cent of its information with DatAdvantage, moving on-going management responsibility to these owners and giving them the ability to maintain permissions for their areas with DataPrivilege. The building society can identify and work with its data owners to protect its critical and sensitive data.
Ken Johnson, Senior IT Security Analyst, for Nottingham Building Society said: “For us, knowing who can access what data is the biggest challenge and practically impossible to do manually. Before we started this project, we could count the number of assigned data owners on one hand. Permissions were managed manually, using spreadsheets, and we knew it had to be better. We started with a relatively easy installation on a test server and let DatAdvantage run, monitoring progress, for about ten days. When we came back and looked at the results, they were very impressive. We could immediately see where our sensitive data was and who was accessing it.”
Nottingham Building Society has gone through several phases, the first to determine who has access to what. To do this, it uses DatAdvantage to aggregate Active Directory user and group details, ACL information and all data access events to build a complete picture of who can and who is accessing its data. DatAdvantage monitors access behaviour, identifies and assigns data owners, and then the IT team works with the data owners to get the permissions correct.
From this ‘clean’ stature, data owners use DataPrivilege’s self-service portal to perform entitlement reviews. Johnson added: “It is so simple, and the language straightforward so even those without a technical background can understand. Users are immediately able to start handling permissions and entitlement reviews for themselves, direct within its interface, with minimal IT involvement or support. In fact, it’s been so successful, that the data owners have automatically started moving the project forward by working with our end users to initiate permission requests within the DataPrivilege portal.”
Johnson concluded: “Everyone, right up to the CEO, is performing entitlement reviews using DataPrivilege on a quarterly basis, and they think it’s fantastic. Not only am I confident that data security has been tightened but it has also freed up IT so they can focus efforts on other areas of the infrastructure.”
