CISO Bulletin: Using the Enterprise File Fabric to Understand Who is Accessing Your Data

Initiatives to deploy the Enterprise File Fabric™ are often driven by infrastructure managers who need a way to give WFH workers frictionless access to the organisation’s on-premises and on-cloud data.  This is great use case for the File Fabric and we endorse it wholeheartedly.  At the same time we think it is also important for the enterprise’s information security professionals to understand the File Fabric’s security features, both so they can ensure that the File Fabric’s configuration aligns with the organisations information risk management standards and also so they can realise operational benefits provided by the File Fabric’s rich security oriented feature set as they go about their work of managing information security risk.

One of the many ways that the File Fabric can be of use to infosec professionals is to help them keep tabs on ‘who’ is accessing enterprise data.  The File Fabric can assist with this both in real-time as access is attempted or occurs and also on a historical basis when it is necessary to research who has accessed certain files when and from where.  Two File Fabric features, Audit Watch and Audit Event Logging contribute to these capabilities.

Audit Watch

Audit Watch can be activated by an administrator for any folder that is shared between File Fabric users (“Shared Team Folders” in File Fabric parlance).  The principle of Audit Watch is simple: When any user takes a certain kind of action on a file with a certain kind of name in the Shared Team Folder, the specified users are notified:

Here is an example of a notification email sent by AuditWatch:

Audit Event Logging

The File Fabric maintains a comprehensive record of every action that it performs such as file uploads, file downloads, creation of sharing links, logins and many others.  These events can be filtered and searched by an administrator.  They can also be exported in a variety of formats. Section 5 in this document describes how to filter and export Audit Event Logs.

Here is an example of an Audit Log entry for a file download:

And here is one for an unsuccessful login attempt:

Audit Log Events are an important source of forensic information for analysts investigating security incidents.  Audit Log Events can also be streamed directly into syslog (integration details here ), Splunk or whatever logging and notification engines your organisation uses.  The Audit log is also available as an event stream and so can be consumed by solutions such as Apache Kafka. This lets you use the File Fabric’s event stream in realtime as part of your incident prevention and detection strategy.

This brief post describes only two of the Enterprise File Fabric™’s many policy-driven multi-cloud information security capabilities, all of which extend seamlessly across whatever different kinds of on-premises and on-cloud storage your organization uses.  To learn more about how the File Fabric can complement your information security strategy please contact sales@storagemadeeasy.com

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
Dan has been working with Storage Made Easy's founders since the company was launched.