Dashboard Insight recently spoke with Johnnie Konstantas, who explained how the Varonis Data Governance Suite ensures rightful access to data - and more.
Dashboard Insight: Tell us about the history of Varonis Systems.
Johnnie Konstantas: Varonis started shipping its software for unstructured data governance in mid-2006. The company’s founders began their careers in the development and implementation of large-scale networks and data centers. They were able to leverage their expertise in file system control and protection to create software for automating tasks that were highly manual and error prone. The solution was built to have broad applicability and scalability to virtually any environment with user directories and file systems in place. End users have validated those early go-to-market decisions by adopting the software at a dazzling pace with over 500 Varonis customers worldwide as of now.
DI: What areas of the B.I. stack do your GRC solutions cover?
(JK responds with these examples):
- Discovery and integration – we identify data and its controls.
- Analytics – based on data-use pattern analysis, we determine which users have access to which data and who should have permissions revoked
- Reporting – we report on all aspects of data use including file touches, most-active data, least-active users and data business owners.
DI: As massive layoffs continue in 2009, businesses are faced with the challenge of protecting their valuable data assets from misuse and unauthorized access by unhappy employees. How does the Varonis Data Governance Suite deliver the information that managers need to ensure rightful access to data?
JK: This is where Varonis’ data governance solution is particularly applicable. Varonis automatically identifies the permissions to data that should be eliminated or revoked. The product continually analyzes user activity on data, in order to ensure that access is warranted, appropriate and meets mean levels of activity that are reasonable and expected.
With Varonis, excess access is automatically flagged. Data owners can revoke access to their data with the click of a button on the Web-based user interface (UI). Given this level of automation, even the most resource-constrained IT operations departments are able to ensure continuous least-privilege access enforcement.
DI: In your recent version 4.0 release of Varonis DatAdvantage and Varonis DataPrivilege, you integrated the two applications to increase an organization's unstructured data-protection capabilities. Can you elaborate on how this release represents a step forward in innovation for unstructured data management?
JK: Because all of the major steps to data protection have been automated, a business using Varonis 4.0 can essentially get up and running with a framework for managing, protecting and monitoring file share data within hours. This new software suite more tightly couples the functions of DatAdvantage and DataPrivilege so that IT operations personnel and data owners can be linked by a guided process for effective data entitlement decision making.
DI: What’s the process if someone wants to evaluate your solutions?
JK: Anyone may evaluate our software for free for 30 days. Within that time, evaluators will get a free audit of their file systems and recommendations on which employee permissions to remove. There is no obligation to acquire the software and in most cases a guided installation is conducted over the Web. Those interested can sign up for a free evaluation here.
DI: What are the biggest mistakes companies make when employing a GRC system?
JK: Most companies understand the need for a good GRC foundation but don’t necessarily know how to start or which tools to use. While initiatives to consolidate, migrate and/or index and classify data make sense at face value, they are not the natural starting point for companies with a lot of unstructured data sitting on file systems. This is because some of the data in these storage devices may no longer be business relevant or important, so spending time categorizing it doesn’t make sense. Also, without knowing who the data owners are and not having them involved in the process will result in an incomplete data governance effort. Those who create the data have the most knowledge as to what to do with it and who should have access to it.
DI: What are the biggest success factors?
JK: A key to implementing a good governance framework is to start with these relatively simple steps, most of which is automated with Varonis’ solution:
- Profile all data use for a few weeks to a month
- Identify data business owners – they’ll be needed for all projects
- Identify orphan and stale data – good candidates for deletion/archiving
- Remove excess access – this will reduce the risk to data while other GRC planning takes place
DI: Have the recent economic troubles affected your industry and the demand for your products?
JK: Recent events have further highlighted the need for Varonis’ Data Governance Suite. During economic downturns companies want transparency to resource use and are focused on doing more with less. Since Varonis automates almost the entire unstructured data access and entitlement-management process, companies not only save on operations but get full transparency to data use and permissions handling.
DI: Tell us about your customers, what key clients are using your solutions?
JK: Varonis customers span every industry. Leading businesses in industries such as energy, manufacturing, telecommunications, insurance, networking, healthcare, advertising, publishing, pharmaceuticals and material science use Varonis’ software to control and monitor thousands of servers and hundreds of thousands of users. A complete list of our real-world use cases can be found here.
DI: What new products or developments can we expect from Varonis in future months?
JK: We will have a product announcement in the coming months. Stay tuned.
Johnnie Konstantas has more than 16 years of experience in the network-security and telecommunications fields. As Vice President of Marketing for Varonis, Ms. Konstantas champions data governance for the company’s worldwide markets.
Ms. Konstantas is a popular speaker at shows like Interop and SecureWorld Expo. She has been quoted on CNET Radio and in trade and business press, such as BusinessWeek online and The Wall Street Journal online.
Prior to joining Varonis, she held various senior roles in marketing, product management and engineering with start-up companies Neoteris (acquired by Juniper) and RedSeal Systems, as well as industry leaders Check Point Software, Juniper Networks and Motorola. She holds a B.S. degree in electrical engineering from the University of Maryland.