Over the last few years I thought I had seen just about every (well, maybe not every but most) automated eDiscovery, data classification, data management, data preservation and search engine technology on the market. But the introduction of today’s Data Insight technology from Symantec into Data Loss Protection (DLP) software seeks to address possibly one of the most basic data classification questions of them all: Who owns the data?
Enterprise organizations consistently do the following as they manage their unstructured file stores:
- Consolidating the files of multiple network attached storage (NAS) devices onto one NAS system
- Migrating files from aging NAS systems to new NAS systems
- Giving permission to files of employees who have left the company to other employees in their department or business unit.
The problems that these actions create are not necessarily ones of data classification, data preservation or eDiscovery (though these may certainly be problems that are created when these tasks occur). Rather they create a more practical problem for organizations and the systems administrators: data ownership.
The tasks of data consolidation and migration are complicated enough without getting into the finer details such as who owns what files on network file servers. Yet what can and does occur is that as files are moved from one filer to another, file permissions are inadvertently changed or lost.
This can be for reasons as simple as a file or folder being migrated belonging to a person who no longer works at the company or the administrator setting the wrong permissions on a folder into which files are migrated. As a result, the metadata associated with these files assumes the security permissions that the administrator assigns it or of the folder into which they were migrated.
On one hand, from a data access perspective, these changes in permission may not sound like a big deal. If migrated files and folders are given the most permissive access allowable, both the application and user can continue to work. But from a data security and management perspective, this can create an untenable situation as it can inadvertently expose sensitive corporate data to external or internal network intruders.
This is what the introduction of Symantec’s Data Insight technology into its DLP software is intended to begin to address. DLP can already perform tasks such as:
- Monitoring how data is being used. DLP can determine if data is going across the corporate network, how people are using it on their PCs, if they are copying it to USBs or even sending it to their personal email accounts hosted by Google, Yahoo and other providers. Based on what files that DLP identifies as “sensitive”, it creates an exception report that lists which ones are being accessed and by whom.
- Stopping the loss of confidential information. The incident report is then used by administrators to create policies within DLP that will block email transmissions, printing and storage to external storage devices.
On the surface, the logic behind how DLP works sounds fine. However Symantec began to find out in conversations with its customers that they were often not able to take this second step – stopping the loss of confidential information – because it was unclear to them who owns the data. Because their customers did not know how the data was being accessed or even who was accessing the data or for what purpose, they were reluctant to encrypt or restrict access to the data for fear of negatively impacting some production activity.
This is where Data Insight comes into play. Data Insight starts the process of remediation – identifying what individuals or applications are accessing files and for what purposes. It identifies who is accessing the files, how often they are accessing files, and then from that information, DLP with Data Insight is used to identify the top users of a particular file to begin to infer ownership.
Symantec’s Senior Product Marketing Manager, Robert Hamilton, explains that without having this ownership information that Data Insight provides, taking full advantage of DLP can be very intimidating for many of its customers. Customers found that DLP was very good at finding data and creating the incident reports but when it came to taking the next step and closing the security gap, they were hesitant to take action since they were not confident they could fix the problem and may actually make it worse.
Now using Data Insight, organization have a means to fix identify and quantify who the most active users of the data are before making any changes to file permissions. This information gives them the confidence that they need to take action.
Early feedback that Hamilton has received from the field is that the most significant risk reductions occur when organizations have mechanisms in place that get the end-users (those who own the data) involved before making any changes to security permissions on files or folders.
Sometimes the most powerful technologies that come to market are those that solve the most basic of problems confronting end-users. I put Symantec’s DLP with its new Data Insight technology in that category for two reasons. First, it provides organizations with a simple, non-obtrusive method to begin to get their arms around a significant problem that many probably just gloss over. Second, and maybe most importantly, adding Data Insight to DLP enables it to solve tactical problems for both the security and storage teams within organizations that should make it much easier for organization to justify the deployment and/or expand the use of this software within the company.