Symphony Hunts Down, Monitors, and Automatically Fixes File Permissions, Slashing Risk Exposure and Laying Groundwork for AI Initiatives in the Enterprise
SAN FRANCISCO – Panzura has introduced Access Control List (ACL) analysis and automated remediation to the Symphony data services platform, addressing the trillion-dollar global crisis of permission sprawl that affects 58% of enterprises and hinders artificial intelligence (AI) readiness.
This first-of-its-kind capability, which no other provider offers, significantly expands Symphony’s comprehensive “any to any” data management and orchestration across the broad array of modern enterprise file and object storage environments.
Unlike currently available file data security tools that simply react to incidents, Symphony continuously tracks down, monitors, and automatically fixes bloated permissions before they can be exploited by malicious actors. This slashes risk exposure and allows IT teams to report on and prove compliance with regulations, service level agreements (SLAs), and board-level mandates.
Permission sprawl is a real and present epidemic that reaches into every corner of the enterprise, with 74% of data breaches involving privileged credential abuse. Because sysadmins and security teams can’t see – nor easily resolve – overly permissioned files, the average organization has more than 802,000 data files at risk due to oversharing. This figure is accelerating year-over-year by 34%.
A recent report revealed the staggering scale of the problem with 91% of employees still having access to company files since offboarding. The financial impact is also alarming, with the average cost per insider incident reaching $16.2 million. These issues stem from multiple factors including the proliferation of shadow IT, inability to control excessive or unrevoked access, shared credentials, and complex organizational changes from mergers, acquisitions, and restructuring.
The stakes have never been higher as AI exponentially amplifies the problem. While files buried deep within directory structures may be challenging for users to locate, large language models (LLMs) can surface sensitive data to users with inappropriate permissions in seconds. Analysts estimate that 80% of organizations seeking to scale their digital business will fail without modern data governance.
“Manual permission audits are a nightmare – teams are constantly chasing inheritance chains, investigating anomalies, and trying to resolve violations. Automated remediation is the difference between organizational chaos and strategic control. It delivers the precision that separates leaders from the 80% that will fail,” said Sundar Kanthadai, Chief Technology Officer, Panzura.
Revolutionary Approach to Data Governance
Symphony now identifies and remediates anomalous permissions across entire file system estates regardless of the underlying infrastructure, providing full visibility into who can access what and enabling fast resolution of problematic access. The platform enables automated detection and mass permission changes, eliminating the need to deploy another limited toolset while reducing tool sprawl that creates IT friction and operational budget pressures.
Beyond ACL remediation, Symphony provides the ability to apply custom metadata to files, enabling advanced policy automation and fueling AI pipelines based on file attributes without content scanning. Support has been extended to Windows Alternate Data Streams (ADS) and Extended Attributes (EA) for greater visibility and automation.
Symphony provides actionable metadata insights, automating data movement between file systems, object stores, and cloud storage for petabyte-scale data orchestration, storage cost optimization, and AI workload placement. The platform uses and preserves metadata during data movement while simultaneously addressing challenges in permission hygiene and compliance – crucial for preparing the data landscape for AI initiatives.
It ensures organizations are always audit-ready and compliant with regulations like GDPR, CCPA, SOX, and HIPAA. Unlike solutions that merely provide a global namespace without true access governance, Symphony orchestrates and optimizes file and object data across any infrastructure while ensuring data quality, accessibility, and proper categorization, delivering proactive security and compliance with clean, well-governed data.
Features and Capabilities for Better Data Control
In complex enterprise environments, managing file permissions – including Discretionary Access Control Lists (DACLs) and System Access Control Lists (SACLs) – has become a challenge for IT administrators and security teams. The core problems are orphaned files from deleted users, overly permissive ACLs, broken inheritance, and shadow IT. These issues create security risks, trigger compliance violations, and undermine operational efficiency.
This latest Symphony release addresses challenges like broken permission inheritance, over-privileged access, and compliance blind spots. By adding rich metadata that can later be interpreted – including ownership and comprehensive ACLs – across the entire data environment, Symphony brings much-needed structure to unstructured data, offering a level of fine-grained control and automation often missing in legacy data movers.
“Security through obscurity is no longer an option. The latest capabilities of Symphony specifically address the daily challenges sysadmins face in maintaining secure and compliant data storage and preparing data for AI workloads including agentic AI,” said Kanthadai.
Administrators can access the platform through the Symphony AdminCenter – a centralized web-based interface for policy management, task scheduling, server monitoring, and file reporting. Alternatively, integration is straightforward with comprehensive ReST API, JDBC database support, and webhooks for seamless DevOps workflows. It also enables enterprises to crawl their systems, tag their data, report on the veracity of potential large language model (LLM) data, and offer categorized data for specific enterprise functions.
See the Problem with Interactive ACL Analysis
Interactive ACL Analysis in Symphony enables administrators to identify exactly where permissions change in the directory tree. This capability provides:
- Clear, drill-down views of complex permission inheritance
- Human-readable DACLs and SACLs with adjustable detail levels
- Change tracking from previous scans to spot potential suspicious activity
- Export to database, CSV, or JSON for further analysis
Moving beyond identification, Symphony has introduced the capability to automatically remediate ACL anomalies with the Repair ACLs Policy. The system analyzes and repairs broken ACL inheritance for both DACLs and SACLs automatically using administrator-defined policies. This saves hundreds of hours of manual remediation while eliminating human error and is vital for maintaining permission symmetry where granted access rights precisely match actual business needs. Proactive remediation is a crucial differentiator for Symphony, moving beyond visibility to actual problem resolution that other solutions lack.
Moreover, the platform retains previous report versions, improving auditing and historical analysis with clear records of permission states over time. This versioning capability allows each ACL scan to be compared to a previous scan, enabling trend analysis and supporting security audits and investigation while helping teams to demonstrate policy adherence.
Enhancements Include Windows ADS & EA Management
Symphony delivers enhanced handling of named metadata – like Windows ADS and EA – ensuring metadata preservation during data movement and enabling advanced policy automation through named metadata rule matching. It also provides flexible options for setting and managing EA values. Advanced metadata management provides a deeper level of data insight and control than found in solutions focused mostly on high-speed access.
- Dataset selection based on metadata presence or content
- Comprehensive EA reporting in Scan Policies
- Export to database, CSV, and JSON formats
- Set or remove EAs
- Set EA values directly from database and catalog sources
New support for NetApp FlexGroup Volumes expands Panzura Symphony’s capabilities for large-scale, high-performance file system environments. This support enables Symphony to work with NetApp’s scale-out Network Attached Storage (NAS) solution, providing enhanced performance and scalability for enterprise file workloads. This increased scalability and performance directly supports the data demands of future AI workloads.
The platform also includes support for IBM Storage Deep Archive for cold data, enabling on-premises archiving of massive datasets using an S3 Glacier compatible interface, saving customers on expensive cloud fees and egress charges. Moreover, policy-based data lifecycle management intelligently tiers and moves data based on business rules, regulatory mandates, and named metadata, ensuring data resides on the most cost-effective and resource-efficient storage infrastructure.
These New Features are Available Now
Symphony is immediately available to existing customers for both Enterprise and Insights editions of the platform through standard updates and to new customers through direct sales and Panzura’s global partner network. Comprehensive migration services and training programs ensure rapid time to value. Special “prep and production” pricing is available to reduce initial hurdles and allow organizations to lay the groundwork for their AI initiatives.
Organizations seeking to transform their unstructured data governance posture can schedule a personalized demo of Symphony to see ACL analysis and automated remediation in action. Contact Panzura to speed up your journey toward intelligent, automated data security, and a foundation for AI innovation.
About Panzura
Panzura empowers modern enterprises to unlock the full potential of their unstructured data, aligning it with strategic business goals. Our solutions ensure data visibility, accessibility, and control, seamlessly preparing organizations for a digitally transformed, AI-driven future. With Panzura, organizations can enhance data resilience, optimize costs, and deliver data instantly to users and processes – anywhere, anytime. Discover how Panzura can drive your success at panzura.com.
Panzura is a trademark or registered trademark of Panzura LLC in the U.S. and/or other countries. All other trademarks, registered trademarks and/or logos are the property of their respective owners.
