The Information Technology Department would like to respectfully request the courts approval on behalf of our IT Department Security/Operations Team to allow Varonis to be placed on our County Network the equipment and services required for the “Data Classification/Access Tool Review – 30 Day - Zero Cost Pilot”. Please see below memo from Varonis explaining in detail why the County should consider their product, services/equipment to be piloted and expected output. The original memo from Varonis is attached in e-Agenda.
____________________________________________________________________________
To: Information Technology Department
From: Jeremy Sweat, Account Executive
CC: Commissioner’s Court and Purchasing
Date: May 18th, 2017
RE: Varonis – Data Classification/Access Tool – Zero Cost Pilot
Varonis specializes in creating software that manages and protects enterprise data against insider threats, data breaches and cyberattacks by detecting and alerting on deviations from known behavioral baselines, identifying and mitigating exposures of sensitive data and automating processes to secure enterprise data. Enterprise data under our scope is typically comprised of sensitive information that is stored in spreadsheets, emails, word processing documents, presentations, audio files, video files, text messages and any other data created by employees. This data often contains an enterprise’s financial information, product plans, strategic initiatives, intellectual property and numerous other forms of vital information (CJIS, HIPAA, etc). IT and business personnel deploy our software for a variety of use cases, including data governance, security, management, archiving and information collaboration.
The Free Risk Assessment will last 30 days, ideally being initiated in June, and will summarize key findings, stack rank identified weaknesses in order of risk, and provide a detailed explanation of each finding.
The assessment is often used to scope and prioritize remediation efforts that, once completed, will significantly reduce the threat of data loss, theft, or misuse. Examples of Key Performance indicators include:
• Data exposed to inappropriate employees and contractors
• Widely accessible business, employee and customer data
• Broken Data Permissions
• IT Administrators with too much access
• Idle User Accounts that compromise security
• Recommendations about how to safely reduce risk
• Many more…
The reports that Varonis will generate for Collin County are theirs to keep.
There is absolutely zero cost or obligation associated with a Free Risk Assessment, for either services or the products leveraged during this time. The products to be installed are:
• DatAdvantage with Probe
• DatAdvantage for Directory Services
• DatAlert
• Data Classification
A conservative cost an organization could expect to incur if they had a 3rd party perform a similar assessment of their entire unstructured data sets looking for over-exposed access and sensitive data, broken permissions, and other security risks involving insider threats, ransomware, and more, would be $10,000. However, to reiterate, Varonis does not charge for any portion of the Free Risk Assessment.
Regarding the last few items listed in the memo instructions, Varonis confirms that criminal history checks have been performed on any and all employees accessing the network, that only certified and authorized personnel will be performing the work, and that the County data access will not be captured, utilized, stored or re-produced anywhere outside of their environment/network—All data stays within their premise.
|