July 12, 2019
The other day at an appointment: The customer and I look at Docusnap’s authorization analysis together to determine the access rights. During the interview, I ask my question, which has proven its worth in many appointments: “Do you have trainees in your company who wander through different departments in the course of their training? Confirming nod of all involved. “Do they get the necessary access rights in the respective departments to be able to work in the department?” Again affirmative nod. “And how do you control whether access rights are completely revoked after leaving the department?” No nodding, but big eyes and helplessness. “Then you have to assume that your trainees have more access rights at the end of their training than your management.”
With too many authorizations, the risk factors in IT rise sharply. In this example, trainees can access all company data. Sensitive (also person-related and thus GDPR-relevant) information can quickly become a fatal disaster due to incorrect or badly set access rights.
Analyze network permissions with Docusnap quickly and easily
Access rights are another security component that can be handled more carefully with Docusnap. After the authorization analysis with Docusnap, you can start to adjust the access rights more granularly and thus determine who is allowed to do what in your organization – and where. This is not only relevant for the GDPR. It is also advantageous for the smooth running of your organization per se if employees are not distracted by files, information or content that do not affect them and their access rights in the first place. The German Federal Office for Information Security (BSI) offers very good support here.
Our recommendation: When assigning access rights, get other departments and persons responsible on board at an early stage in order to secure yourself as IT. The verification of access rights is actually a matter for the boss – actually. In fact, it is often customary for this task to be delegated to department heads who often know nothing about it and think that this is the task of IT. But how should IT know which access rights each employee in a department should have?
This is why Docusnap allows you to completely cover access rights by sending user and folder reports of the Docusnap authorization analysis to department heads and other responsible persons – about once a month and fully automatically.
In general, you can act prudently if you consider the need-to-know principle (Chapter S 2.8 Assignment of access rights) when assigning access rights. This way you save smart resources.