Case Study: Axa Wealth installs access control and data permission infrastructure from Varonis

By Neil Ainger | 29 July 2013

Axa Wealth has been able to identify and control its internal data permissions more effectively after installing data governance, security and monitoring software from Varonis, reports Neil Ainger.

The financial services company, Axa Wealth, has simplified its network sharing system with Varonis DatAdvantage, gaining visibility into every file opened, created, modified and deleted by every user accessing its file servers. The associated DataPrivilege access control software has also been introduced to provide an automated permissions procedure at the investment and wealth management firm where users can request access to a group. The data owners are now automatically involved in the decision to either grant or revoke access without IT intervention at Axa Wealth.

Speaking about the benefits of the project, Serena Lee, a senior security analyst and project manager at Axa Wealth, said that as soon as the firm installed DatAdvantage they were able to answer many previously elusive questions and track internal computer usage much more easily and securely. Internal auditing, reporting and oversight procedures are all expected to be easier thanks to the new software installed by Varonis.

“We can now simply check DatAdvantage to see which groups grant access to any given folder, or which folders a group can access, to make the appropriate permissions allocation,” continues Lee. “By utilising DatAdvantage’s automated recommendations we could identify excessive group memberships and remove users from the groups they no longer needed to be in. It didn’t take long for us to get all our permissions sorted out.”

With a complete, bi-directional view into the permissions structure of its unstructured and semi-structured file systems Axa Wealth’s service desk can now immediately answer the question of who has access to any given folder. As it aggregates active directory user and group details, the access control list (ACL) information and all previous data access events can now be tracked - without requiring native operating system (OS) auditing.

Project benefits
Thanks to the installation Axa Wealth now has clear visibility into every file open, create, modify and delete functioned undertaken by every user. Monitoring this intelligence allows Axa Wealth to identify who the correct data owners are, and then get them involved in making sure the right access and usage is assigned.

Thanks to the introduction of Varonis’ DataPrivilege software suite, the investment and wealth management firm, which is aligned with the considerable pension and life insurance holdings of its parent group, can now operate a self-service authorisation process. Like many organisations, the company had a traditional file server procedure in the past, where ACL access control lists contain active directory security groups. In its case, each security group has an owner, and the owner manages access to that security group to authorise access to the shared directory.

Manual Processing Eliminated
One full-time person spent an entire day manually collating and circulating lists to the group owners, under the old system. Owners then had to review and take people out who did not need access, and add others who did. The inefficient process has now been automated and efficiency improved.

Today, using DataPrivilege, staff resources and time can be spent more productively on other tasks. According to Serena Lee, the senior security analyst and project manager at Axa Wealth: “Today users can request access to a group, and the data owners are automatically involved in the decision to either grant or revoke access without IT intervention. This not only speeds the process up, but also frees up IT to perform value-add tasks.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development