The University of Liverpool has started using Varonis’s DatAnywhere file sharing system after worries that the unmanaged use of consumer cloud storage services such as Dropbox by staff and students was generating unmanageable security risks.
In the early post-pilot stages of its rollout, the University set a target of reaching a user base of 1,500 within a year in an effort to counter the population of 3,000 unsecured Dropbox accounts in use among its 4,700 staff and 32,000 researchers and students.
In the event, the target was met within a single week, with 1,366 registering to use DatAnywhere in a matter of days. This has since risen to more than 4,000.
A key objective of the University was to replicate and extend the features on offer from Dropbox-like services while gaining the ability to secure, monitor and eventually de-provision file sharing. DatAnywhere gives the ability for University users to access files on a range of PC and mobile platforms from any location while ensuring that confidential documents are always stored on its servers.
DatAnywhere integrates with the University’s Windows Active Dircectory, which manages authentication and file permissions.
“No one now has access to shared data, unless they already had it or are provisioned access,” commented the University of Liverpool’s systems manager, Andy Williams.
“IT still retains control over who can and can’t access files, particularly those deemed confidential. We can also revoke access centrally, and it will replicate across everything at once, saving time and reducing complexity.”
Users get personal ‘home’ folders on departmental servers, offering external file sharing by policy, including of extremely large files that would normally require physical media to move around.
“[DatAnywhere] has proven to be an excellent resource for uploading and storing medical images, which are a central part of our EUFP7 funded clinical trials … it is essential for the proper functioning of our trial. If we didn’t have access to this, we would have to devise some other way to receive files from our collaborative centres,” said a professor working within the University’s Ageing and Chronic Disease Institute.
The University has taken a pragmatic stance on migrating people using other systems to the new secure environment, starting with a written policy outlining the principle that confidential documents should never be stored on non-approved platforms.
Interestingly, it isn’t so far insisting that Dropbox and other file sharing users stop using data for non-confidential documents but the hope is that use of these will wither over time.
Varonis recently reported another win for DatAnywhere when Ipswich Hospital started using the same system.