Shufersal, established in 1958 and part of the IDB Capital Group, is Israel’s largest retail chain, operating 270 stores nationwide, covering a total area of 540,997 square meters, and employing approximately 12,400 employees. Annual revenues in 2010 reached NIS 11.13 billion. Shufersal's Loyalty Club is the leading loyalty club in Israel with 1.4 million members. Club members enjoy cash coupons, accumulated bonuses, discounts and special offers.
THE CHALLENGE
Shufersal needed to bring its internal auditing functions into line with the Sarbanes–Oxley Act for it to be fully compliant. The company’s auditors had told them that they risked fines for non-compliance if they did not take immediate remedial action. The auditors also said that being compliant would help Shufersal avoid data breaches.
Shufersal wanted more control over the permissions which staff had on file servers and its Microsoft Exchange environment. Previously, it was almost impossible to see where global groups had access over the file servers and Microsoft Exchange environment.
The company began looking at Varonis’ solutions and was impressed with the transparency it gave to the users of the system. Shufersal CTO Mark Katz said: “We were looking for a data governance solution that could provide a clear snapshot at any time of any employee’s access rights, and identify areas of the organisation which may have too much access and too many rights. As well as this, we needed a way to know when content was moved or deleted, how it was being used, and by who. DatAdvantage gave that to us from the very beginning.”
Katz said: “Managing and protecting the information for a large company such as ours manually is time-consuming, ineffective and error prone. My team needed automated analysis of the organisation’s permissions structure so that we could ensure that the correct owners were assigned to the correct files. We also needed the facilities to analyse actual access activity to identify likely data owners and possible access breaches for compliance.”
EVALUATION PARAMETERS
Katz said “We liked DatAdvantage immediately since it was totally transparent, because it told us right away the access rights that certain folders had, which people accessed those folders, where the content was moving to and if that access needed to be tightened.”
Being a retail outlet Shufersal found it difficult to find out who needed access to specific files since staff members are widely distributed across the organisation. As the company expanded it became clear that this situation had to be addressed and a common solution provided.
As a result, Varonis DatAdvantage for Windows and DatAdvantage for Exchange were deployed across the retailer’s network.
THE SOLUTION
DatAdvantage provides Shufersal with an understanding of what data users are actually accessing and using, and offers recommendations about how to tighten access privileges without creating unnecessary or potentially damaging changes.
The company found that the system was very user-friendly and gave them all of the info they had been seeking (and much more). Varonis DatAdvantage allowed them to automate access and permission management for unstructured and semi-structured data on all their file systems, NAS devices and Exchange mailboxes and can even cover additional environments.
The software provides visibility into the existing access controls and data usage, and allows users to write their own rules for the memberships of each group. DatAdvantage gives the company the ability to test out, in a ‘safe’ sandbox, permissions and group membership changes before it decides to commit to them. This ensures that the correct groups and permissions are set with minimum impact on company productivity – testing ensures that the right parameters are applied without affecting the retailer’s operations.
The solution installed easily and with no problems.
Now, Shufersal can ensure that all file accesses are being captured and monitored. This means that every time any member of staff opens or creates, deletes or modifies a file the organisation has a complete view of what all users have done and allows Shufersal to speedily manage, if necessary, any suspicious activity around its sensitive data.
The company is planning on cleaning up all permissions for its global groups (i.e., everyone group) and to allocate data owners to all of its sensitive data