A private health insurance provider is using software to provide visibility across its IT, gaining a better understanding of who can and is accessing data and reduce risk by tightening its security controls. It is using the Varonis IDU Classification Framework to find, and lock down, specific data – such as credit card details — wherever it resides within the insurer’s file shares. The final element, Varonis DatAlert delivers real-time alerts on events that warrant immediate scrutiny and potential action. This combination has enabled St.LukesHealth based in Tasmania to improve the security of its sensitive data and directories, reduce risks, plus address many of its PCI obligations.
Varonis says that its DatAdvantage product shows where that data is overexposed, who can access it, and who is accessing it. This means St.LukesHealth can comply with international PCI guidance in a timely manner by automatically locating and locking down PCI-related data without interrupting the business. Shaw Reid, CIO for St.LukesHealth says: “We specifically wanted to test DatAdvantage with regards to our PCI compliance requirements. It came up with some very good results. We could see financial files being opened, modified and moved, while capturing who did it.”
Using the bi-directional permissions visibility feature in DatAdvantage, St.LukesHealth can profile the access of employees. Shaw adds: “We can now profile staff, identify their security privileges on the network and, once we get enough information on an individual and their work patterns, we can then talk to their management about any permissions that they have that they’re not using for a specific amount of time. This means I can start securing areas by asking, ‘Do you really need this? Is this the right place to store this data? Do we need to put it somewhere else? etc.”
St.LukesHealth has been able to focus efforts to secure its finance systems as Varonis DatAlert issues real-time warnings on any changes to important configuration files, access to sensitive data, access denied events and more. Shaw adds: “Whenever anyone not working in the finance department attempts to gain entry, we know about it. That is worth the investment right there. Not only is DatAdvantage helping with our system administration processes, but it’s now integral to many of our security practices.”
To read the case study in full click here: http://www.varonis.com/customers/customer-success/stlukeshealth.html
For more on Varonis, visit www.varonis.com.
