Wealth management firm Baillie Gifford is targeting better data governance with an implementation of the DatAdvantage system from Varonis.
The firm, based in Edinburgh with offices in London and New York, employs 700 and manages £58 billion in wealth on behalf of clients throughout the world.
Baillie Gifford's IT environment comprises 250 servers - a mixture of both physical and virtual - containing 30TB (terabytes) of data that continues to double year on year. Of these servers, ten are identified as key file servers containing sensitive data incorporating client information and share portfolios, HR records and financial accounts.
A team of ten people, based in Edinburgh, is responsible for the day to day running, security and permission management of these servers and all its 700 employees across the organisation have access, albeit with different levels of permission.
Baillie Gifford had found that network permissions set five years ago, and those before that, were no longer valid. This raised concerns that problems may have existed within its security controls.
The company deployed Varonis' DatAdvantage system to help solve the problem of non-compliance with regulatory standards. Baillie Gifford needed to guarantee the security of all critical internal data by ensuring that access to it was limited and its removal from the firm was prohibited.
Colin Lennox, technical services manager at Baillie Gifford, said: "DatAdvantage covered all our requirements for data access and permissions auditing, plus the reports it produces means even a layperson can quite easily pick up, interpret and action them."
Inbuilt "traffic lights" in the software identify excessive permissions which can be tightened.
Lennox said: "DatAdvantage has enabled us to remove the risks associated with data permission changes within our IT environment. Employees with responsibility for sensitive and critical data now have confidence that there are no security exposures."
Corporate information stored on file servers and network attached storage (NAS) devices represents a major security risk, confirmed recent research. The Ponemon Institute said IT governance policies and access rules are incapable of dealing with a massive growth of unstructured data. It surveyed 870 IT professionals and found that only 23 believed unstructured data stored by their companies is properly secured and protected.