Pandemic-driven increases in work from home initiatives along with incidents such as the recent Solar Winds data breach have increased the security imperative for data auditing.
Access to structured data is, for the most part, audited via database logs and application audit trails. On the other hand, for access to unstructured data, the fastest growing component of corporate data, there exists little to no unified access logging. This problem is compounded because organizations of even moderate size typically deploy storage across multiple data platforms – on premises NAS and windows filers, cloud applications such as MS OneDrive, Google Drive, SharePoint and, DropBox, to native cloud data stores as S3, Azure and GCP.
As noted above, organizations rarely audit all access to unstructured files. Existing storage platforms rarely build-in the capability to audit all access. Moreover, the audit logs vary from platform to platform, so even if an audit log is available on one platform, the log is not likely to be available on other platforms.
In addition, even companies that deploy a single sign-on strategy, rarely deploy an SSO across all data platforms, so a given user may have multiple IDs to access various platforms. This prevents security teams from determining all of a given user’s data access across platforms, or determining what files were accessed from say a given IP address.
What is needed is a way to link unstructured file access to users’ existing identity management systems, across multiple file storage platforms – regardless whether the data is on premises, in a private cloud, or a public cloud. This approach enables security and audit staff to query the audit trail by user/data platform/file type/access time or any other parameter regardless of the platform or user. This identity-linked, cross platform audit trail serves as a multi-cloud file activity monitoring system. It provides a comprehensive system for security audits, data breach investigation and regulatory compliance in addition to being able to provide an early warning and mitigation for Ransomware attacks.
The Enterprise File Fabric has these capabilities built-in when enabling single pane of glass access to over sixty unstructured file systems.
User access to any or all these systems is managed by a company’s existing identity and access management systems ie. it integrates and leverages the existing authentication system (or it can be federated across multiple company authentication systems).
Regardless of the platform, the File Fabric tracks all data events as the occur. This includes file/object access, user, time/date, IP address and the application used to access the data.
The File Fabric provides a query and reporting mechanism to allow administrators and security personnel to quickly filter and narrow a query to generate a report with just the data needed.
The system allows for easy data exports was well as integration with SIEM and log management systems such as Splunk and Logstash.
The Enterprise File Fabric uniquely fulfils the requirements as a system of record for remote workers who work with multiple company data sources and also as a system of record for multi-cloud unstructured data access which is essential to facilitate the increasing cybersecurity, governance, and compliance requirements that companies have.
If you would like to arrange a demo then please contact us.
Thumbnail Image: (c) Can Stock Photo / emeraldraindropsby
Latest posts by Ron Kaplan (see all)
- Unified Multi-Cloud Audit Logging for Unstructured File and Object Data - January 29, 2021