How Varonis Protects Your Cloud Data
Author: Beth Laws
Release Date: 30/01/2024
Lots of businesses have made the change to working with hybrid environments, and some even now operate solely using cloud platforms. Varonis is compatible with many cloud data repositories and platforms, including M365, Salesforce, Google Drive and more. Varonis can assist security teams to keep a keen eye on data access, monitor activity to provide governance and to build and maintain a strong cloud security posture.
Classify Sensitive Cloud Data
Varonis uses patterns and dictionaries along with proximity sensing to identify files that contain sensitive data. Not only that, it can actually tell you how data is sensitive, including whether the data is subject to regulations such as GDPR or PCI, or whether it has identified something specific in a file such as a National Insurance number or driving licence number.
It is worth noting that there is also intelligence included in the rules of the search, as the rules will also look for combinations of patterns, such as finding a bank sort code near to a bank account number, so that Varonis can distinguish any set of 8 numbers from a bank account number, to reduce false positives.
Simplified Permission Mapping and Data Access
Lots of cloud applications often have different permissions models, and with some cloud services, such as Salesforce, these can often be rather difficult to try and understand what level of access these permissions give a user. These permissions are normalised and mapped to a much easier to understand model, called the CRUDS model, where CRUDS stands for Create, Read, Update, Delete and Share.
This means, security teams can understand what level of access an employee has across multiple cloud platforms in one standard format. And, as Varonis monitors user and account behaviours, it’s a lot easier to answer the questions, has an employee accessed this data or have they modified it?
For those who are familiar with Sharepoint Online, they’ll know it can be hard to keep track of where data is stored, especially if Microsoft Teams is also used heavily within an organisation as this means multiple sites and subsites will be created for every ‘Team’ made. Varonis offers Data Access Intelligence pages, which provide visibility of who has access to which sites and documents and which of these hold sensitive information within Sharepoint Online.
Autonomous Remediation
Microsoft makes it super easy for employees to click and share documents and folders with people, internal or external to the organisation, via collaboration links. However, being able to use collaboration links so easily does mean that often sensitive information can be accidentally exposed to those people who shouldn't see it, every day. To help security teams keep on top of accidental overexposures, Varonis can set policies that remove or prevent sensitive data being accessible to the wrong people. Varonis’s autonomous remediation features could also allow ethical walls to be set up, by creating rules that remove any unnecessary access to the wrong department in an organisation. An example of a policy which could be put in place would be to remove any collaboration links in M365 which allow sensitive documents to be shared with external people.
Compliance
Varonis can assist with meeting compliance requirements for cloud data. Many regulations, such as GDPR, have tight restraints on who can access any data which falls under the regulation. In a world where collaboration links exist and employees can give anybody, even external users, access to documents without IT or Security teams granting permission to do so, maintaining compliance can be difficult.
As Varonis monitors user activity across cloud data stores and can also identify which files contain sensitive data which may be subject to regulations, organisations can then understand and confirm only the people who should have access are the ones who do.
Varonis also offers a specific Compliance dashboard, which provides high level statistics surrounding data compliance.
If you would like to know more about how Varonis can help with your own cloud environment, get started with a free Data Risk Assessment with Varonis and Somerford.
You can request a Data Risk Assessment from Somerford Associates here.
More Resources like this one:
Understanding Varonis SaaS and DatAdvantage Cloud
— Discover Varonis Cloud Security: SaaS Series
— Varonis Explained Short Video Series