Why do we need access management? The answer is simple: Every company holds various types of information, from confidential to secret to top secret. Thanks to the GDPR (General Data Protection Regulation), companies are now no longer merely advised to protect their sensitive data, they are required to do so by law.
The question is: how can businesses guarantee their data is sufficiently protected, both against internal and external attacks? In this article, we are going to examine the advantages of access management as well as the requirements a potential access management software must be able to fulfill.
What Is Access Management?
There is, in fact, no universally accepted definition of what access management actually is and what it must encompass. The term access management itself is interchangeable with access rights management, permission management or just rights management. What all access management solutions available on the market have in common, however, is that they automate reporting processes for Active Directory (Microsoft), for file servers (Windows, Linux, SAN/NAS system) and for other products, such as Exchange or SharePoint.
Tools for managing access rights do not only deliver compliant reports, they also help to minimize administrative efforts. Systematic access management solutions can usually be rolled out quickly and are suitable for uncomplicated daily use.
Did you know that…
Access Management – What For?
What we envision when we think of a potential data threats is the notorious, hoodie-wearing hacker, who sits in his parents‘ basement in front of 6 screens and codes his way past security systems. Firewalls are important, yes. They keep hackers out. However, in many cases the threat is not sitting in your neighbor’s basement – it’s sitting next to you! It is your employee, your co-worker, your buddy. This doesn’t necessarily mean that your colleague is intentionally trying to steal data (although, who knows – he or she might be!). More often than not, data breaches happen by accident because users have too many access rights.
Access Management Prevents Data Theft
Let’s take ransomware attacks as an example. According to phonixNAP, the average amount of losses incurred by companies as a result of a ransomware attack is about 130,000 US dollars. But how does the ransomware get in in the first place? It doesn’t take much, unfortunately. Just combine a phishing email containing a malicious link with a user who has not had proper cyber security training and boom – the Trojan is immediately unleashed upon all files the user has access to and encrypts them. You can probably imagine what this means if the user has access to many, many files across multiple systems.
While an access rights management software cannot prevent the fatal click from happening, it can considerably limit the extent of damages incurred. If you can ensure that users only have access to files they need to do their jobs, the Trojan will only be able to encrypt those files. It’s still a pain, of course, but it does prevent extensive data breaches.
How Does Access Management Work?
As mentioned above, a firewall protects your data from external threats. An access management solution takes an entirely different approach by safeguarding confidential information within the network. The software works on three levels: Person level, folder level and decision level:
- WHO? (Persons)
- WHERE? (Folders)
- Who SHOULD have access and to WHAT? (Qualification/data owner concept)
Manage Permissions, Save Resources
If done manually, documenting permissions consumes disproportionate amounts of resources. Without the appropriate software, admins are forced to conduct processes such as user creation, assigning rights and managing user accounts individually for each user.
Every single modification, no matter how small, must be precisely documented – including details such as date/time, type and place of modification as well as who made it and why.