Private health insurance provider knows if an unauthorised user tries to access its sensitive information
Varonis, the foremost innovator and provider of solutions for human-generated data, today revealed details of its work with St.LukesHealth. The Tasmania based private health insurance provider is using Varonis DatAdvantage to provide clear visibility across all its IT infrastructure, gaining a better understanding of who can and is accessing data and reduce risk by tightening its security controls. It is utilising the Varonis IDU Classification Framework to find, and lock down, specific data – such as credit card details — wherever it resides within the insurer’s file shares. The final element, Varonis DatAlert delivers real-time alerts on events that warrant immediate scrutiny and potential action. This combination has enabled St.LukesHealth to improve the security of its sensitive data and directories, reduce risks, plus address many of its PCI obligations.
Unlike many other classification solutions that tell you where sensitive data resides, Varonis DatAdvantage also shows where that data is overexposed, who can access it, and who is accessing it. This means St.LukesHealth can comply with PCI guidance in a timely manner by automatically locating and locking down PCI-related data without interrupting the business. Shaw Reid, CIO for St.LukesHealth explains, “We specifically wanted to test DatAdvantage with regards to our PCI compliance requirements. It came up with some very good results. We could see financial files being opened, modified and moved, while capturing who did it.”
Using the bi-directional permissions visibility feature in DatAdvantage, St.LukesHealth can quickly profile the access of the organization’s employees. Shaw adds, “We can now profile staff, identify their security privileges on the network and, once we get enough information on an individual and their work patterns, we can then talk to their management about any permissions that they have that they’re not using for a specific amount of time. This means I can start securing areas by asking, ‘Do you really need this? Is this the right place to store this data? Do we need to put it somewhere else? etc.”
St.LukesHealth has been able to focus efforts to secure its finance systems as Varonis DatAlert issues real-time warnings on any changes to important configuration files, access to sensitive data, access denied events and more. Shaw concludes, “Whenever anyone not working in the finance department attempts to gain entry, we know about it. That is worth the investment right there. Not only is DatAdvantage helping with our system administration processes, but it’s now integral to many of our security practices.”