These days, computer drives are by far not the only place where companies tend to store their critical data. Applications, such as CRM or ERP systems, are known for containing copious amounts of confidential and personal data that require protection from unauthorized access. These data include customer information, sales figures, personal information and more.

What is “application security”?

The term “application security“ stands for all measures taken to protect applications from internal and external attacks. By implementing IT security hardware and software, you can significantly reduce the likelihood of such attacks. Furthermore, you can set measures to prevent data theft by internal offenders and minimize the possible damages caused by hackers. Cyber criminals might use employee accounts and the related access rights to access critical systems, such as SAP or Microsoft® Dynamics NAV. The consequences are vandalism, theft of intellectual property and fines for violating compliance policies.

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up for free

While you’re here – why don’t you sign up for our webinar?

“Top 5 Risks in Access Management” –
held by Helmut Semmelmayer, tenfold Software GmbH

Sign up now

How can I protect my applications?

Step 1: Involve data owners
Only data owners have the authority to decide which users should have access to certain applications. The first step is, therefore, to determine these data owners: select the persons from different departments whom you wish to be in charge of approving or rejecting access to applications. This guarantees that only persons who actually need access to certain data in order to perform their specific job tasks are actually given these access rights.

Step 2: Recertify access rights
A key part in protecting your applications is to keep those access rights up to date – constantly. Otherwise, your staff members will just gather privilege upon privilege, while obsolete privileges are never removed. Unfortunately, most companies lack a structured process for deleting those unneeded privileges. It is therefore key to establish such a process, which ensures that data owners regularly review and adapt application privileges accordingly.

Step 3: Keep track
Are you aware of who has access to applications in your company and who does not? If the answer is no and you feel that your access landscape is slowly overflowing into a sea of chaos, this is cause for alarm – and not just for security reasons! You are also disobeying legal regulations, like the GDPR. To counteract, you should immediately set up a reporting system in order to maintain a complete overview of all access rights.

Step 4: Use profiles
People who are part of the same group of users usually require the same access rights to applications. To simplify the process of assigning these access rights and also make the process more transparent, you can define so-called “access profiles”. Here, all access rights required by a certain user group are compiled into one profile. Users can then be assigned to one or more profiles (for instance the profiles “IT department“ and “Team leader”).

Step 5: Document processes
Once a data incident occurs, the search for causes soon begins. To be able to track precisely why a user has a particular access right to an application, you must ensure that all requests, approvals, and changes are documented in detail. This way, you will always be able to see why a user has been granted a certain permission and by whom.

Get it done

The question probably on your mind right now: how on Earth am I supposed to stay on top of all these tasks? Implementing and maintaining these measures is a highly time-consuming effort, not to mention the risk of errors involved in doing these types of tasks manually. Take the recertification process, for instance: first, your staff have to gain overview of the situation and all assigned privileges, secondly check the records to understand why certain access rights were granted, then mark obsolete rights and, finally, process them for deletion.
With an access management system such as tenfold, you can set the course right for application security: all of the processes outlined above are modelled and implemented in one simple software solution. tenfold supports more than 60 systems, including SAP, Microsoft® Dynamics NAV and Exchange.