Reading Time: 5 minutes As you know, cybercriminals employ deceptive tactics to commit crimes. How about your employees? Could you have bad actors in your midst? Or how about just people who make mistakes?
Well, know this: The Audit tier in Panzura Data Services turns CloudFS logs into meaningful information that can help you rapidly find and investigate events. It searches through syslog events, including the list below, and returns clear and comprehensive trails of an individual’s actions.
Copy
Create file
Create folder
Lock file
Write file
Move file
Read file
Remove file
Remove folder
Remove permissions
Rename
Set attribute
Set permissions
Admins can search on any known unstructured data identifiers, such as filename, extension, or last-known location, and then further refine the search by the actions above, the age of the file, or by user. The results are based on a very rapid query of millions of files. Here are 3 examples (true detective stories) of how this feature can be used to save the day and fight the good fight for business continuity and suspicious behavior discovery and investigation.
The Case of Mass File Deletion
One day, our hero, IT administrator Tom, discovered that his employer had 6 million files deleted overnight. Did Tom panic? No! He knew that with the right facts, he could quickly restore the files from the relevant CloudFS snapshots . He also knew he had to ID the perp.
Tom knew that if he could find one filename that had gone missing in the mass deletion, he could locate it, then view its audit trail to reveal the deletion action, when it took place, and the user responsible. The user and time parameters could then be used to filter for all files deleted by that user within the specified timeframe. Childs play for Tom, the sleuth.
But alas, Tom couldn’t find the details he needed, though all was not lost. He reasoned that the volume of files removed suggested that directories were deleted. He applied a filter to identify directory deletions during the hours he suspected the perpetrator was perpetrating.
Using those results, he further refined the search to show files within those deleted directories. The audit trails of individual files revealed the time of deletion and the responsible user. Then, all he needed do was filter to show all files deleted by that user within the timeframe, and he had not only a complete list of files affected, but the name of the deleter, and the company used the Data Services search results to prosecute him.
The Case of GDPR Fine Avoidance
You know Europe's General Data Protection Regulation (GDPR), the foremost privacy law in effect since 2018? Yeah, you do: The regulation that calls for levying fines for revealing personal data without permission, including any information relating to a living identified or identifiable person — including their name, SSN, other identification numbers, location data, IP addresses, online cookies, images, email addresses, and content generated by the data subject.
The GDPR fine framework is complicated, and you can read this long webpage if you want to, but suffice it to say that it can add up to a whole bunch of money, up to €20 million (US$21,133,100), or in the case of a broad endeavor, up to 4% of total global turnover of the preceding fiscal year, whichever is higher. Wow.
And the Europeans are serious. In 2023, Meta (formerly Facebook) was fined over €1.2 billion , nearly reaching the combined total of all GDPR fines issued up to January 28, 2022, approximately €1.64 billion.
But that’s just gossip. On to the case.
As it turns out, if you self-disclose that data you were holding could have been accessed, but you caught your own error in time so that it was not accessed , you don’t have to pay the fine!!!!!! And how do you prove that it wasn’t accessed? Yes, you are a fast learner! Panzura Data Services Audit tier. Bingo!
Here’s what happened in the case of GDPR fine avoidance:
An international firm headquartered in France with offices and customers throughout Europe and the US, created two CloudFS rings. One global ring is based in Europe, the other in the US. Each ring allows offices from within their respective regions to work from an authoritative dataset; each works off a mapped drive available in their region.
Well guess what, humans work in these offices, and European client files were accidentally saved to a mapped drive accessible from within the US. As soon as that save was made, the firm was out of GDPR compliance.
But this firm, a Panzura customer, is way smart, as is its IT admin Dan, our hero. Dan regularly used Data Services Audit tier to track file creation on nodes in both CloudFS rings, and he was checking for this type of file movement.
Dan first removed the European files from the US-accessible drive, then used the audit trail to show that the files had not been accessed and were deleted before any effective breach occurred. Using the audit feature, the firm submitted the incident as proof of its ongoing compliance and avoided paying a fine.
A very happy story, especially if you're a Panzura customer. Here’s one more:
Shift the balance of power in the fight against ransomware.
The Case of the Easy Legal Hold
Due to pending litigation, a company received instructions to collate and preserve specific data created within a certain date range.
For an enterprise using traditional storage, regular backups, and offsite archiving, this hold would entail finding and recovering data from multiple backups, then sorting through it to figure out if it was relevant. The older the data, the more time-consuming and inefficient it is to retrieve data and accurately assess it. This is because backups tend to be weekly, monthly, or even yearly, and backup date ranges don't necessarily align with the date ranges you’re looking for. The time and effort needed to find and collate the relevant data—and nothing but the relevant data—is substantial for both IT and subject-matter experts. Plus, submitting more data than requested exponentially increases the firm's exposure in both this and future litigation. It’s difficult to estimate the potential impact of getting it wrong.
By contrast, a firm using CloudFS and Data Services can find all (and only) the requested data, precisely within the date range and the relevant file paths, all within minutes.
This company’s admin Steve, our hero, would use Data Services’ Audit filters to set the date range, and the software’s free-text search field to specify the file path that data is or was held on. He could also search for the users who worked on the relevant data. The results would produce a definitive list of files that met the requested criteria. If required, Steve could also use Data Services' recovery feature to restore files to their earlier state within the specified timeframe. Pretty cool; modern, really.
Regardless of its current location, Steve can recover all the data in a new directory and make it available to the in-house legal team, and eventually to an external legal team, if needed.
This process takes minutes, not countless hours of searching, verifying, and risking potential legal repercussions.
That’s how you spot and correct unusual activities, such as vindictive or accidental file deletions; find the data you need in minutes, like a potential regulatory problem; and make your IT people heroes with precise and lightning-fast file search and compilation to fit required criteria. Learn more about how data management is driving the future of your business, then get a demonstration of Panzura Data Services .