USE CASE BRIEF PROACTIVE ACCESS TRACKING AND AUDITING Always Know Who Accesses Which Files KEYS TO PROTECTING DATA FROM INTERNAL THREATS IT managers need better tools and methods to understand and analyze data access patterns across their organization. • Secure data sources from both internal and external threats. • Acknowledge that data security is often compromised even when access control is enforced by secure authentication. • Deploy data-aware storage for greater operational visibility and forensic auditing to identify and address security threats. Every Organization has Internal Security Risks As the threat of insider security breaches grows, organizations are looking for better ways to identify unusual user activity, whether by actual employees or through compromised credentials. Sensitive data like intellectual property, trade secrets, customer lists and customer or employee personal information is littered throughout storage environments, yet most IT managers cannot answer basic questions as to who is accessing what data when. Organizations who know and understand who is accessing their crown jewels, and what they are doing with them, stand a far better chance of preventing inadvertent exposures that lead to breaches, and overcome the enormous challenges most organizations face to discover and diagnose breaches when they actually occur. While many organizations are legally required to provide clear and documented proof of access control and audit trails, all IT environments would benefit from more effective tools to manage and monitor data access. With the unbridled growth of unstructured, file-based data, sensitive information is increasingly at risk of exposure and there’s a false sense of safety within the confines of an organization’s “secure” IT environment. To better address data security concerns, user access auditing is fast becoming a core requirement that can now be addressed by the underlying storage infrastructure for any organization. The Impact of Lax Internal Data Security Over 78% of data breaches occur from within the company – either employee negligence or maliciousness. • Sensitive data sprawls across IT environments by negligent employees • Impact of security incident on productivity, revenues, and reputation • Disrupted operations from malicious acts of disgruntled employees • Theft of intellectual property and trade secrets threatens profits, jobs, and corporate viability • Difficult discovery and diagnosis slows responsiveness to breach • Failed compliance audits and potential fines Simplify User Access Auditing and Reporting Classic methods of auditing data access require complex software that gets distributed across the infrastructure and negatively impacts server, network, and storage performance. For many organizations, this complexity and cost thwarts implementation leaving IT managers in a situation where they simply don’t know what they don’t know. The DataGravity Discovery Series is a revolutionary data-aware storage platform with built-in access monitoring that offers seamless, automated auditing without impacting your environment’s performance. Uncover unusual file activity, spikes in traffic, and wrongful access to confidential files, even within virtual machines, without experiencing a slowdown in your systems. “In a world of exponential data growth coupled with rampant security and litigation concerns, just throwing all of your content in one huge bucket may not make sense anymore. Data-aware storage solutions offer inline, real-time analysis on the data content housed within their architectures.” SCOTT SINCLAIR Analyst Enterprise Strategy Group MONITOR USER ACCESS TO YOUR SENSITIVE DATA Fully integrated with your user directory service, DataGravity storage systems record all users’ access to files within virtual machines, file shares, and file systems, as it happens, inline, and without impacting production. Activity histories can be filtered and searched by user and by time frame, and saved to exportable reports for use by IT, data forensics and auditing professionals to fully recreate and understand users’ access patterns and behaviors. DataGravity helps you: • Monitor all users’ access and activities, including privileged users • Quicken • Identify response time to security incidents access pattern irregularities via robust search and filtering tools • Meet compliance requirements with detailed access audit reporting • Enhance collaboration between security and IT teams with role-based access to audit information A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees. DataGravity helps organizations know what information is being accessed by whom by providing tools that simply monitor and understand to present usage patterns of the files they store, and correlate that data across people, time and activities. 94% of US organizations polled feel vulnerable to insider threats MITIGATE RISK WITH DATAGRAVITY To protect organizations from the increasing threat of data breaches, DataGravity provides: •Greater data security and protection, governed at the point of storage •In-depth visibility and understanding of user access patterns •Time savings with simplified compliance audits •Accelerated responsiveness to events and anomalies 100 Innovative Way, Suite 3410 Nashua, NH 03062 603.943.8500 [email protected] datagravity.com DataGravity provides the visibility you need to quickly identify and address data security issues threatening your organization. DATAGRAVITY @DATAGRAVITYINC DATAGRAVITY ©Copyright 2015 DataGravity, Inc. All Rights Reserved. DataGravity believes the information in this document is accurate as of its publication date. The information is subject to change without notice. All other trademarks used herein are the property of their respective owners. UC_accessaudit_20150402 FOR MORE INFORMATION, GO TO DATAGRAVITY.COM