Introducing Varonis SaaS

January 27, 2023

By now you may have heard of Varonis SaaS, and if you haven’t, prepare to learn more. In this blog I will expound on this latest and welcome offering from Varonis. Essentially, Varonis has re-packaged its enterprise flagship Data Security Platform (DSP) as a SOC 2-compliant SaaS offering. Hosted in the cloud, Varonis delivers the same experience — but now in a more streamlined and scalable way—and brings all the benefits that come with SaaS. Users can take advantage of accelerated time to benefit, lowered TCO with reduced hardware and software requirements, and automated release updates.


This represents an expansion of Varonis’ SaaS offerings, which includes their DSPM product (called Varonis DatAdvantage Cloud). If you aren’t familiar with this product, I encourage you to take a few minutes and read my previous blog post that covers this in detail.


Varonis’ SaaS simplifies deployment and implementations while delivering the same data security achievements that Varonis is widely and well known for. This new SaaS platform brings a lot to the table. Deployments are now yielding dynamic updating of threat models and policy updates, as well as an even more proactive threat detection and response capability. Throughout this blog post I will cover some of these items. Varonis SaaS increases efficiency and enhances the effectiveness Varonis has long been providing.


In the sections ahead I’ll discuss what is available today in Varonis SaaS, and in a future post I’ll discuss what can be expected in 2023 and beyond.




As with any new platform, questions arise about key changes and differences from previous product iterations. In this section I’d like to discuss those as they stand today. Please realize that Varonis SaaS, due to its very nature, is constantly evolving as feature parity from Varonis’ traditional self-hosted platform improves, and as entirely new features are added.


Let’s first look at the architecture. Picture 1 below shows the high-level architecture for Varonis SaaS.


SaaS Partner Architecture_img1.png

Picture 1 – Architectural overview of Varonis SaaS


As shown above, the “Varonis SaaS” cloud represents nearly the entirety of what a traditional Varonis (self-hosted) environment would include. An organization will no longer need to host the core Varonis infrastructure or spin up numerous VMs. Gone are SQL license costs and the need to host the Varonis database.



What to Expect

With Varonis SaaS there are noticeable differences from the on-premises solution. For example, Varonis is simplifying à la carte products into one SaaS platform. Picture 2 below illustrates how the product modules available in the traditional Varonis (self-hosted) world will simply be a part of the new Varonis SaaS platform as features. There will now be Protection Packages that cover the scope of the previously à la carte products.


SaaS Partner Architecture_img2.png

Picture 2 – Self-hosted modules transitioned to Varonis SaaS features


Those Protection Packages are Windows/NAS, Microsoft 365, and Hybrid as shown in Picture 3 below.


SaaS Partner Architecture_img3.png

Picture 3 – Protection Packages available in Varonis SaaS


Below, Picture 4 is a breakdown of the protection packs. An organization would just need to decide which environment(s) they would like Varonis to protect.


SaaS Partner Architecture_img4.png

Picture 4 – Protection packs based on environment types


Additionally, Varonis is employing “Policies,” which are becoming major value points for Varonis SaaS — specifically for Microsoft 365. Policies are the Varonis SaaS version of their Automation Engine. If you’re not familiar, the traditional Automation Engine allows for streamlining the process of removing undesired global access groups from permission sets, as well as fixing certain permission issues such as permissions with broken inheritance. If you’d like to explore the topic further, you might review my blog post on the Automation Engine.


In similar fashion, what Varonis SaaS policies achieve is a method of automated remediation for over-exposed links throughout your organization’s Microsoft 365 environment. In addition to a library of out-of-the-box policies, here are some of the creative ways Varonis SaaS customers are leveraging the policy framework.


  • Removal of collaboration links that over-expose sensitive data

  • Removal of stale collaboration links

  • Removal of stale membership in collaboration links

  • Removal of stale permissions

  • Removal of collaboration links that intersect ethical boundaries (Ethical Wall Policy)

  • Daily removal of Critical Sensitive Data Collaboration (Strict)

  • Two Week Expiration of Sensitive Data Collaboration (Lenient)



What’s Right for You?

In contrast to the traditional Varonis (self-hosted) offering, nearly all the resource requirements are moved into the cloud. Only a Deployment Hub and a Collector must remain within the confines of an organization’s environment. If you are unfamiliar with the self-hosted offering, an organization typically hosts and manages the entirety of the Varonis infrastructure.


Essentially, Varonis SaaS would be a great fit if the below items match your organization’s criteria:


  • Cost Reduction - Easier and faster deployment that Varonis maintains

    • Minimal infrastructure, no SQL license, etc.

  • Automatic product updates

  • Require high availability and access to the platform from any device

  • Instant access to the latest platform features

  • Desire advanced automation features for protecting Microsoft 365

  • Anticipate significant data growth and need a scalable solution


If the above doesn’t match your situation, Varonis’ self-hosted platform might be a better match for your data security needs. Key markers that might indicate this being a better fit for you organization would be:


  • A preference to manage your own infrastructure and upgrade schedule

  • Specific requirements to host software in your own data center

  • Critical requirements for an integration or feature that may not yet exist in Varonis SaaS



Good to Know

Wondering if the latest Varonis SaaS offering is right for you? If your organization meets the following baseline criteria, then Varonis SaaS could be a potentially great fit to ensure your organization has a top-notch data security posture:


  • 10,000 users or below

  • North America based


These criteria will be expanding as Varonis continues to roll out Varonis SaaS across the globe and expands its capabilities and features. So, hang on to your hat, Varonis is rapidly expanding their ability to host in other regions of the globe.



How About an Assessment?

As you can imagine, assessments are a little different in the SaaS world. Assessment times are drastically improved. An organization can get an assessment off the ground more quickly due to there being limited resource requirements.


Varonis SaaS assessments yield meaningful results and can provide a snapshot of the health and protection of an environment — whether this be in Microsoft 365 or in an organization's on-premises data stores.


Let Optiv help. We can connect to and assess your data in minutes. The output of these assessments is eye-opening and leads to larger conversations around data, data security and compliance. Contact your Optiv client manager to inquire about an assessment for your organization.

Jeremy Bieber
Partner Architect for Varonis | Optiv
Jeremy is Optiv's Partner Architect for Varonis, specializing in understanding unstructured data, data governance/compliance and data protection.

With over 22 years of experience, Jeremy began professionally working with technology during the late 1990s at Electronic Data Systems and later at Hewlett-Packard. In 2016 he joined Varonis, consulting with clients and implementing the Varonis Data Security Platform to ensure client achievement of least-privileged access models and proactive threat detection, locating and ensuring sensitive-data compliance on-premise and in the cloud.

Over the course of his career, Jeremy has achieved a range of industry certifications including over a dozen Microsoft certifications, certifications from VMware, Hewlett-Packard, Smarsh and Varonis. He can pull from his lengthy experience including system administration, architecture, engineering and consulting to provide a seasoned focus on data security.

At Optiv, he uses this real-world experience to relate how the Varonis Data Security Platform will enhance the overall security goals for our clients, reduce risk, detect abnormal behavior and ensure compliance.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit