Who is allowed to do what? And what type of data may they access? This issue is becoming increasingly important in companies because the number of identities and access rights within in IT Networks is growing constantly. The first thing to consider is whether staff members only access data they really need for their work. In reality, growing structures have shaped flexible access rights: Employees change departments, work in different teams, external staff gets access rights for certain projects and systems in branch offices are being interconnected. This makes it all the more important to know who has access to what.
Access-related risks must be recognized
The proliferation of permissions may entail significant operational and also financial risks for a company. Members of staff may be able to perform actions that they actually are not entitled to – without IT administrators or the management even knowing about it. Many a company boss will be quite surprised to see that a trainee might be familiar with the company’s balance sheets . The permission itself is not the problem if the people in charge know about it and are aware of the risks involved. Risk assessment, however, is not only an issue for the IT department, but increasingly concerns the technical departments. These, however, need current and reliable information for this purpose.
Permission analysis is a regular task
It is crucial to regularly analyze the permissions. In many companies, this task is postponed again and again because of the workload involved. Restructuring, acquisitions, and employee turnover constantly change the permission’s situation in an IT landscape and make the whole thing even more complicated. An accurate overview, however, is important for internal assessment, e.g. by IT auditors or the corporate management. In addition, there is an ever-growing number of legal regulations such as the German Federal Data Protection Act or the ISO 2700x family of standards. The problem for a company with a large Windows network is that Microsoft does not supply a tool for scanning file server and SharePoint architectures or the Active Directory for permissions. Professional software ensures that current and traceable permissions are always at hand at a click of the mouse.
For more on this topic: Professional permission analysis with Docusnap