File Share Entitlement Review: Finding the Owner

One thing top of mind for information security professionals in 2012 is understanding who has access to what and being able to provide clear, concise reporting around it. We call it Access Governance or Data Governance and it consists of entitlement reviews, access reviews, or audit reporting. The terms overlap and the complete superset of product features around this challenge can seem overwhelming and difficult to comprehend. At STEALTHbits, we simplify things. We’ve developed quick-win solutions that get you from where you are today to the next step with a proven and pragmatic methodology.

Data Owners

One small example is how we’re able to identify owners of file shares and other resources. First, we have an algorithm that provides a list of probable owners based on a number of factors – who has rights, who is doing what, etc. The algorithm is adjustable to meet specific requirements, but we know that there isn’t an algorithm on earth that could determine ownership with 100% accuracy across large scale environments. So, we leverage the STEALTHAudit Platform survey modules to reach out to probable data owners to ask them if we’re right.

If we are, we provide a set of instructions on what we need them to do. If they’re not, we move on to the next probable owner to see if we can track down the right people. Each step of the way, we report on where things stand: which shares are high-risk, which have owners, which are still awaiting response, etc.

In large scale environments, there is no easy button. But there is experience and expertise. Experience counts. If you’re trying to figure out who owns your content, let’s chat and we’ll let you know what we’ve learned about this challenge as we’ve helped a number of the world’s largest organizations solve it.

Open File Shares: A Pragmatic Approach

A number of STEALTHbits’ customers have reported that their #1 audit challenge boils down to open file shares. Auditors are clearly concerned with access and while it’s difficult to understand access rights across millions of individual files, it’s immediately apparent when there are file shares that are open to anyone.

But, how do you approach a problem that spans across thousands of servers? Do you implement a monitoring solution for three months? Manually sift through each one? Well, you could do either of those things. And if you’re interested in activity monitoring, we’ve got the best solution on the market. But, I’d argue that the best way to deal with open shares is to move through a quick, pragmatic process that scopes resources, identifies high-risk, and automates cleanup without significant infrastructure or investment.

STEALTHbits has developed a step-by-step approach to closing down open file shares and has proven it out at a number of the world’s largest organizations. It’s simple to deploy, uses a just single server, can scan remotely, and it works. We’re able to provide real results in about one week. Give us 5 days, and we’ll have your arms comfortably around the problem and your mind at rest.

If there were an award for Supersleuth Marketing Team of the year, STEALTHbits' would be on the short list. We've crept around corridors and hid out in conference rooms to bring you the latest buzz on groundbreaking products that'll be out soon. Earlier this year, we brought you a first look at StealthINTERCEPT, a game-changing real-time Active Directory solution. Now, we've cornered Dave Bullas, Product Manager for Active Directory, and convinced him to answer just a few questions about the latest thing to be coming through STEALTHbits' doors in the near future.

Daria: We saw "StealthMAINTAIN for Active Directory" written on a whiteboard in Conference Room B the other day. What can you tell us about it?

Dave: Absolutely nothing. It's classified, eh?

Daria: But the blogosphere wants to know! Is it a new product?

Dave: I can't give you a lot of details, but if you think about the name, StealthMAINTAIN, maybe it'll become a little clearer.

Daria: Maintain – like maintenance? Maintenance and clean-up?

Dave: Exactly – this product will be an extension to our existing SMP for Active Directory solution, and will allow users to perform remediation and provide them with insight into AD groups, users, and computers.

Daria: How is that different from what we have today?

Dave: It will give admins information from across their environments, allowing them to make decisions about changes much quicker. Since AD is a critical part of the File System, Exchange, SharePoint, and more, this solution will really provide visibility beyond what they can currently see, like effective rights and circular nesting across various data repositories.

Daria: Sounds cool!

Dave: We think so. But I have to head to meeting now.

Daria: But we have more questions!

Dave: This conversation never happened.

Managing user access within SharePoint is a chore, but reducing permissions sprawl (way too many people having access) and keeping access organized and up-to-date is critical if you want to really understand what SharePoint resources are being used, and who is using them.

Unfortunately, due to a variety of reasons, SharePoint is often out-of-date when it comes to permissions.

Factors like:

1. Lots of users with management permissions having the rights to change permissions and assign permissions to other users

2. No native reporting tools within SharePoint that allow admins to detect effective rights to head off problems

both contribute to the SharePoint "zoo."

At the very least, admins need a tool that allows them to baseline permissions, certify ownership, evaluate effective rights, and take immediate action to fix security holes. But wouldn't it be nice if SharePoint admins / users had a "self-service" model for SharePoint clean-up?

SMP for SharePoint, STEALTHbits' solution, features a comprehensive, 4-step workflow to do just that:

1. We baseline the permissions.

2. We identify the probable owners of sites.

3. We talk to the probable owners to get answers to permissions questions.

4. We analyze the results and recommend next steps based on them.

And it's all done from within a single tool.

If you want to learn more about the SharePoint governance challenge, as well as our Self-Service features, check out our STEALTHsession on SharePoint Self-Service. (Please note - you must be logged in to view extended videos).

Every day Administrators are constantly asked to answer seemingly simple questions like Who? What? When? Where? and even How? users have access to systems and data within the infrastructure. STEALTHbits Technologies, Inc. takes a unified view on the IT world to bridge the gaps between Active Directory domains, systems, key applications, and shared data repositories to provide a single, comprehensive approach to assessing and securing the environment.

The StealthAUDIT Management Platform is designed to give the administrators who manage the environment a powerful toolset capable of providing the highly scalable, high-speed data collection, analysis, reporting, and remediation facilities needed to satisfy auditors and fulfill the continually evolving list of audit and compliance requirements. Embracing the undeniable fact that every organization has very different requirements, StealthAUDIT doesn't force administrators into adopting a generic or pre-defined process, but allows the flexibility to fulfill these objectives while catering to existing processes and procedures. Contrary to single-threaded point solutions or product suites of disengaged tools loosely banded together, the StealthAUDIT Management Platform rises above and extends beyond to serve as an integrated and fully functional infrastructure management and compliance solution set to help organizations in desperate need of tools to establish comprehensive systems and data governance programs that satisfy compliance requirements, reduce risk of data exposure, and can quickly be implemented without a long, costly, and complex roll out to the organization.

StealthAUDIT insight starts with Active Directory as the center of the Microsoft-based infrastructure. Simple transactions in AD, like adding a user to or removing a user from a Group, have far reaching implications of granting or revoking access to all of the IT assets within the infrastructure. Controlling which AD administrators have this power to grant or revoke privileges, monitoring who is responsible for the changes that are taking place, as well as cleaning up directory objects that have gone stale over time are critical pieces to maintaining a healthy environment.

Lying beneath the AD umbrella are the actual systems within the infrastructure. Systems Administrators ultimately have the authority over the applications and data residing on their systems and can even create Users and Groups outside the view of the Domain. StealthAUDIT provides the consistency to provide the same insight on permissions, activity, and configuration at the system level required to maintain the stability and security desired.

Finally, information is the ultimate asset; as well as being the largest and most challenging area of risk to organizations these days. The data housed within an organization's infrastructure ranges from proprietary to confidential, personal, healthcare, financial or otherwise government regulatory related. Data is constantly generated by internal users, partners, external customers, and even by automated systems. The volume of data is easily in the Terabytes at most organizations and spans many applications from Messaging (Exchange, Public Folder, and SharePoint) to the largest and most problematic area, the Distributed Shared File System. StealthAUDIT helps mitigate the risk of financial loss resulting from inappropriate access to (or storage of) privileged data spread across your Microsoft infrastructure with a proven workflow to effect change that ultimately reduces risk, reclaims storage capacity, and answers the age old questions around the Who? What? When? and Where? of your critical systems and data.