Strive for IT Excellence

Data Insight - Security Use Case

Data Insight (DI) is a must-have strategic tool that is used for developing and maintaining your Information Governance strategy.  Many organizations struggle with quantifying and evaluating the business value of unstructured data.  Historically, it has always been easier to simply buy additional storage – “storage is cheap” is an often heard maxim.  However, organizations have realized that the aggregate of years of acquiring cheap storage has resulted in higher than expected storage management costs, data protection and recovery, loss of agility, more complex and costly refresh cycles, and intricate migration projects.  Despite these challenges, acquiring additional storage remains a viable tactical solution.  However, organizations now require higher efficiencies post-purchase, in both utilization and asset management.  Data Insight can provide valuable analysis to support these requirements.

With Data Insight, organizations can gather statistics on their unstructured data, and use this information to make informed decisions for a practical and precise Information Governance strategy.  An additional unique use case for Data Insight is its demonstrated value to security specialists as well.  Let’s consider the hypothetical situation of your best <insert position here> person abruptly leaving the company.  The circumstances may not be malicious, or even suspicious, however you may be apprehensive simply because of the tremendous amount of intellectual property the individual had access to.  You have the network traffic logs.  You know the person accessed the company file shares as recently as the day of their departure.  But you need to know which files they accessed and the operation performed on those files.

The Data Insight agent intercepts and records access events on the file servers that are being monitored by the DI server.  Data Insight also scans the configured file servers to collect permission information and other file system metadata.

A number of reports are available to the Data Insight administrator that can show, as in our example, access over time. The administrator would start with the summary report to gain an understanding, at a macro level, access trends of shares for the user in question.

Figure 1: Access Summary for Users / Groups Report

As you can see in our example, the user spent most of their time in the ‘files’ share and in their home directory.  Using this information, we can further examine those two shares first; they’re the likeliest to produce the most pertinent results for our investigation.  Other shares can be examined with subsequent reports.

We’ll examine the ‘files’ share first, and run the access detail report specifically targeting that share.  In this example, we see a full list of the paths and files the user accessed, and when.

Figure 2: Access Detail for Users / Groups – Target a Specific Share

Examination of the ‘Users’ share produced similar results.  With this information, the organization can determine the likelihood of a data loss event, and make more informed decisions accordingly.

This is just one of many use cases for Data Insight.  Please contact your dcVAST account manager for more information.

By Kurt S.