Inventory and analyse the access permissions of critical applications
Various statutory regulations, data privacy, mandatory security standards, and company certifications require that IT managers constantly keep track of and have precise control over the permissions assigned in a network. Central keywords in this context are BSI-Grundschutz, ISO 27001 certification, and, of course, the extensive requirements for data privacy. The complexity and the amount of information to be considered and processed for a correct IT documentation are enormous and variable alike. But executives, data security officers, and administrators need meaningful and up-to-date reports about the effective state of permissions in the corporate network at any time.
Docusnap is the perfect software solution to meet these requirements. The Docusnap Permission Analysis module creates permission analyses in an automated way, covering the Windows file system, shares and Microsoft SharePoint. Supported Windows file systems include all systems which are based on shares and NTFS file systems. This module supports file systems compatible with Microsoft Windows (e.g. NetApp, EMC², Samba, etc.) on the basis of CIFS or SMB. The permissions configured for Microsoft Exchange environments and Active Directory are also scanned and documented.
The Permission Analysis module relies on the automated inventory of the network done by Docusnap. Docusnap stores the data resulting from the inventory scan in a Configuration Management Database (CMDB). The features of the Permission Analysis module access the data stored in the CMDB and create clear and transparent evaluations of the effective permissions as required by the users.
Visualization of the origins of permissions
With permissions, groups and their nesting play an important role. Docusnap visualizes how permissions are nested and also allows you to export these evaluations, e.g. to Microsoft Visio.
In practice, the task of determining the effective permissions, which altogether make up the set of permissions valid for a user, is highly important. By applying filters, these issues can be mapped in an interactive analysis.
If the analysis reveals that individual permissions were assigned erroneously, you can have Docusnap visualize the origin of such permissions. This enables you to immediately identify the group through which the erroneous permission was assigned and subsequently correct its configuration.
Both the inventory process and the evaluations can be scheduled and consequently be automated.
A department manager receives a monthly e-mail including a PDF attachment, listing the users who currently have access to the respective department drive.