Working to Prevent Being the Next WikiLeak? Don’t Forget the Metadata
Wikileaks is a hot topic at the moment as information continues to pour out of organizations and IT security teams scramble to find ways to protect their organization’s data. What’s really going on here and how do we deal with this phenomenon? Specifically, how could so many documents have been copied without authorization?
Varonis, a provider of data governance solutions for file systems, suggests that a key part of the solution is metadata — data about data (or information about information) — and the technology needed to leverage it. When it comes to identifying sensitive data, and protecting access to it, a number of types of metadata are relevant: user and group information, permissions information, access activity, and sensitive content indicators. A key benefit to leveraging metadata for preventing data loss is that it can be used to focus and accelerate the data classification process. In many instances the ability to leverage metadata can speed up the process by up to 90 percent, providing a short-list of where an organization’s most sensitive data is, where it is most at risk, who has access to it and who shouldn’t.
Each file and folder, and user or group has many metadata elements associated with it at any given point in time — permissions, timestamps, location in the file system, etc. — and the constantly changing files and folders generate streams of metadata, especially when combined with access activity. These combined metadata streams become a torrent of critical metadata. To capture, analyze, store and understand so much metadata requires metadata framework technology specifically designed for this purpose.
Despite all the news surrounding WikiLeaks and the immense amount of data stolen from the US government, little has been written about the organizational processes that contributed to the leaks, how the soldier who stole the data had access to such sensitive data in the first place, and how digital collaboration has increased to the point where these incidents will likely become commonplace unless root causes are identified and addressed.
“Organizations are becoming significantly more collaborative,” said Yaki Faitelson, chief executive officer, president and co-founder of Varonis Systems. “As a result, data is more widespread and vulnerable than ever before. For organizations to prevent loss of sensitive data while still enabling the collaboration needed to conduct business, they need to ensure that they have processes and automation in place for authorization and review of access to data, monitoring who is using data, and identifying sensitive data that is at risk.”
Unstructured and semi-structured data on shared file systems, NAS devices, SharePoint sites and Exchange mailboxes is a challenge to manage for any organization. According to analyst firm Gartner, all of the documents stored in these repositories – such as spreadsheets, presentations, documents, and multimedia files – account for roughly 80 percent of business data. By its very nature, this shared data is highly dynamic, and growing by about 50 percent each year. Another issue is that the relevance of data is constantly in flux, changing far faster than each user’s access rights. Users are often able to download or edit data they no longer need access to long after a project finishes or their role has changed.
“As the WikiLeaks fiasco has shown, it only takes one rogue staff member – or a malignant individual – to access and copy a set of critical data files, for the entire security system, and the integrity of the organization, to be severely compromised. Staff collaboration is why the data is open to begin with. But using manual methods to secure data in this era of digital collaboration is asking for trouble. It is astonishing that every file share, NAS device, SharePoint site and Exchange mailbox doesn’t have automated protection that prevents unwarranted access since this type of solution is readily available and the benefits are immediate,” Faitelson said.
“Organizations have to be aware they no longer have to manually manage permissions to ensure that only the correct users have access to the right data and that their permission can be revoked when they no longer need them. The previously impossible is now possible through the intelligent use of metadata and data governance automation. The instinctive reaction of many to these WikiLeaks is to try and lock down all data. That is not only impossible, it is unnecessary if you use the right technology,” said Faitelson.
According to Varonis, four types of metadata are critical for organizations looking to have more control over their data.
• User and Group Information – from Active Directory, LDAP, NIS, SharePoint, etc.
• Permissions information – knowing who can access what data in which containers
• Access Activity – knowing which users do access what data, when and what they’ve done
• Sensitive Content Indicators – knowing which files contain items of sensitivity and importance, and where they reside
Jimmy Sorrells, Senior Vice President at INTEGRITY Global Security and SecurityWeek columnist, emphasizes the importance of the ways organizations handle data. “The WikiLeaks exposure highlights a clear need for a change in the way many classified networks are architected and managed, the way organizations manage their most sensitive information, and should also be looked at as a red flag by enterprises,” Sorrells writes. “Technology that would enforce access policies around this type of information needs to be implemented to minimize a leak of this magnitude. Additionally, organizations should consider investing in new solutions that can enforce the separation of critical valuable data from users and networks that have no need to access this information, while still allowing access to those that do.”
