Access Management for Microsoft and Other Systems

Why do we need access management? The answer is simple: Every company holds various types of information, from confidential to secret to top secret. Thanks to the GDPR (General Data Protection Regulation), companies are now no longer merely advised to protect their sensitive data, they are required to do so by law.

The question is: how can businesses guarantee their data is sufficiently protected, both against internal and external attacks? In this article, we are going to examine the advantages of access management as well as the requirements a potential access management software must be able to fulfill.

What Is Access Management?

There is, in fact, no universally accepted definition of what access management actually is and what it must encompass. The term access management itself is interchangeable with access rights management, permission management or just rights management. What all access management solutions available on the market have in common, however, is that they automate reporting processes for Active Directory (Microsoft), for file servers (Windows, Linux, SAN/NAS system) and for other products, such as Exchange or SharePoint.

Tools for managing access rights do not only deliver compliant reports, they also help to minimize administrative efforts. Systematic access management solutions can usually be rolled out quickly and are suitable for uncomplicated daily use.

Did you know that…

  • more than half of all users have access to sensitive data?

  • admins spend more than half of their work hours documenting things manually?

  • data gets lost in companies every day?

Access Management – What For?

What we envision when we think of a potential data threats is the notorious, hoodie-wearing hacker, who sits in his parents‘ basement in front of 6 screens and codes his way past security systems. Firewalls are important, yes. They keep hackers out.

However, in many cases the threat is not sitting in your neighbor’s basement – it’s sitting next to you! It is your employee, your co-worker, your buddy. This doesn’t necessarily mean that your colleague is intentionally trying to steal data (although, who knows – he or she might be!). More often than not, data breaches happen by accident because users have too many access rights.

Access Management Prevents Data Theft

Let’s take ransomware attacks as an example. According to phonixNAP, the average amount of losses incurred by companies as a result of a ransomware attack is about 130,000 US dollars. But how does the ransomware get in in the first place? It doesn’t take much, unfortunately. Just combine a phishing email containing a malicious link with a user who has not had proper cyber security training and boom – the Trojan is immediately unleashed upon all files the user has access to and encrypts them. You can probably imagine what this means if the user has access to many, many files across multiple systems.

While an access rights management software cannot prevent the fatal click from happening, it can considerably limit the extent of damages incurred. If you can ensure that users only have access to files they need to do their jobs, the Trojan will only be able to encrypt those files. It’s still a pain, of course, but it does prevent extensive data breaches.

How Does Access Management Work?

As mentioned above, a firewall protects your data from external threats. An access management solution takes an entirely different approach by safeguarding confidential information within the network. The software works on three levels: Person level, folder level and decision level:

  • 1

    WHO? (Persons)

  • 2

    WHERE? (Folders)

  • 3

    Who SHOULD have access and to WHAT? (Qualification/data owner concept)

Manage Permissions, Save Resources

If done manually, documenting permissions consumes disproportionate amounts of resources. Without the appropriate software, admins are forced to conduct processes such as user creation, assigning rights and managing user accounts individually for each user.

Every single modification, no matter how small, must be precisely documented – including details such as date/time, type and place of modification as well as who made it and why.


Best Practices for Access Management In Microsoft® Environments

An in-depth manual on how to set up access structures correctly, including technical details. Also includes information on reporting and tips for implementation.

Outsource Responsibilities

What’s more, admins are often completely unaware of where important data is stored and who actually needs access to it.

As part of an access rights management solution, the task of assigning privileges is delegated to the appropriate department or person aka data owner. Data owners (e.g. department heads) must decide who will be granted access to the data they are responsible for and who is not. Professional access management saves resources because it:

  • standardizes and simplifies processes
  • reduces the workload for admins
  • automates reporting processes

Are Access Rights Management and Identity & Access Management the Same Thing?

The terms access rights management and identity & access management are often used synonymously, though they are not, in fact, the same thing. As outlined previously, an access management software typically consists of tools used to simplify reporting and rights administration for certain products and file servers by creating group and role structures and by standardizing processes.

The problem is that these software usually will not support extra features you might want or need. That is why organizations who require their software to model more complex processes or who wish to integrate additional systems into their workflows will quickly reach their limits with these solutions.

More Features for Identity and Access Management

That’s where IAM comes into play. It is especially designed to meet the demands of larger organizations. Identity & access management solutions support complex workflows and allow the integration of different systems via predefined interfaces. However, it often takes a great deal of effort to put these interfaces into operation in concrete customer environments.

Read our post Access Rights Management vs. Identity & Access Management to learn more about the difference between the two approaches and how tenfold manages to combine the best of both worlds.

Free Trial

Sign Up for a Free Trial to Discover tenfold’s Full Range of Features

About the Author: Nele Nikolaisen

Nele Nikolaisen is a content manager at tenfold. She is also a book lover, cineaste and passionate collector of curiosities.