Microsoft Exchange is the most widely adopted messaging platform and semi-structured data repository in the world. By deploying an automated data governance program, administrators can ensure it remains responsive, available - and secure.
“Exchange data is a tremendous challenge to manage because permissions are not often well maintained, activity is not easily tracked or analysed, and ownership for mailboxes and public folders is unknown.” - Vivian Tero, analyst, IDC
Email suffers from the same management and protection challenges as every other unstructured and semi-structured data repository:
•Who has access to a mailbox or public folder?
•Who should and should not have access to them?
•Who has been accessing mailboxes or public folders?
•Who do they belong to?
•Which containers are stale?
•How do we remediate excessive access without disrupting workflows?
In addition, Exchange administrators face daily management and protection challenges, beyond making sure email is flowing, available and responsive. Some of these challenges include:
•Shared mailbox and delegation rights identification and clean-up.
•Public folder clean-up and ownership assignment.
•Message activity auditing/tracking.
•Identify spikes in email activity.
•Stale public folders and mailbox identification.
Many organisations have already discovered that to effectively manage and protect folders and SharePoint sites, they require metadata and automation to collect, normalise, and analyse that metadata. Exchange isn’t any different. Organisations also need Exchange metadata collection and automation if they’re to manage and protect Exchange mailboxes and public folders.
There are three primary types of Exchange metadata that need to be collected and presented:
•Exchange permissions information
•User and Group information from Active Directory
• A record of each message sent, received, and accessed
With these metadata streams automatically collected, normalised, and analysed, organisations will be able to determine who has access to which mailboxes or public folders and which mailboxes and public folders any user or group has access to, who should and should not have access, who has been accessing these containers, and how to remediate excessive access without disrupting end-user activity.
Identification and clean-up
With users making changes to their own mailbox permissions and potentially exposing their own data, clean-up can be challenging because it is difficult to determine which users or processes are making legitimate use of this access. Analysing all mailbox and sharing permissions, capturing all permissions changes and actual access activity, and flagging excessive permissions enables administrators to quickly spot excessive rights, test permissions changes prior to committing them so that changes will not disrupt end-user productivity, and then commit them.
Exchange Public folders often suffer from the same challenges common to file shares: many are stale, permissions are not well maintained, activity is not easily tracked or analysed, and ownership is often unknown. Administrators can easily analyse and report on stale public folders, permissions, spot permissions errors and improperly delegated access, and identify data owners through actual activity and other metadata. Once data owners are identified, they can receive scheduled reports about their data automatically.
Auditing and tracking
Organisations face challenges simply collecting and analysing Exchange activity as an enormous amount of messages are sent and received every day throughout a distributed infrastructure. A detailed audit trail with highly granular filtering and sorting is required so administrators can easily see when email was sent, from and to whom it was sent, and when it was opened. In order to keep the data for any period of time and make use of it, it needs to be normalised, processed, and analysed so that it can be searched and sorted quickly, with actionable information distilled.
It is difficult for Exchange administrators to identify changes in user access and transmission activity, whether due to workflow changes, configuration error, malicious activity, or malware. Spikes in activity can degrade system performance as well as signal possible security issues. By analysing the access activity for statistical deviations in normal access patterns, you will be able to spot likely worm and virus activity, and other abnormally high message activity.
Many public folders and mailboxes have a shelf life - after a certain period of time, they stop being used. By creating a record of actual access, you can determine which mailboxes and public folders are not being accessed, and/or have not been accessed by a non-automated process. These stale mailboxes and public folders may then be archived and locked down to reduce Tier 1 storage costs and risk.
Automation versus manual collection
Manual management and protection tasks that Exchange administrators perform on a daily basis are cumbersome, prone to errors, take a considerable amount of time, and Exchange administrators don’t often get to do all the tasks they’d like to. When you take into account all the time spent - adding people to distribution groups, figuring out what happened to someone’s missing email or calendar invite, tracking down who a public folder (or mailbox) belongs to and who has access to it - there is a sizable opportunity for operational savings and reducing risk through automation.
“With traditional approaches, it was very difficult to understand access to mailboxes and public folders across all the Exchange servers, effectively audit email access and communication, and find owners for public folders and mailboxes,” said Bernard Besohe, local mail and system administrator for the Publications Office of the European Union.
“With Varonis DatAdvantage for Exchange, we have significantly reduced our Exchange access and data management workload for tasks that we do many times every day. We now have a single console with a complete map to our ever-growing Exchange environment that has enabled our staff to identify and proactively manage and protect this data.”
IDC’s Tero points out: “Email systems contain a rapidly-growing set of critical data that is very hard to protect and manage. By bringing the power of their widely-used data governance system and Metadata Framework to the Exchange platform, Varonis is significantly increasing the control and efficiency that IT administrators have over this extremely important set of semi-structured data.”
The same operational workflows that organisations have been using for several years to automate management and protection of folders and SharePoint sites now must also be applied to the mailboxes and public folders that act as data containers in Exchange. Organisations need to be able to analyse permissions, identify excessive access, identify owners for public folders, identify stale containers, and have a complete audit trail of every email sent, received, and accessed, in the same searchable interface that they have been using to find lost files, perform forensics, and spot anomalous activity on the rest of their semi and unstructured data. By doing so they will ensure that Exchange is secure, responsive, and constantly available.