In virtually every organisation or university, data is stored on multiple file servers throughout the network, often in a somewhat haphazard or random structure. Access to the data is likely just as unstructured and may put the organisation at risk by allowing employees access rights where none are required. Managing access to this unstructured data is incredibly difficult, resulting in a significant challenge when the time for an IT audit rolls around.
There are methods to bring order to this madness and maintain an audit trail, resulting in all access permissions being visible, and obtaining recommendations about how to structure and restrict access for optimal security. Software technology exists to allow for monitoring of all file actions and can maintain an audit trail of all the actions a user performs on the file server. For example, when a user modifies a file, deletes it, copies it, or moves it, a detailed record of who carried out what action in the file system and when can be made readily available.
This technology can provide an overview of all access rights, including what rights a user has or conversely, details on the users who have access rights to a particular file and how often, if ever, they exercise those rights. Finally, with the technology, it is possible to regularly collect and categorise all unstructured data and access rights per user. It is then possible to make a recommendation about what access rights should be cleaned up to keep the network structured and compliant.
Gartner estimates that more than 80 percent of business information is stored in an unstructured manner. The risks associated can be devastating if the wrong person accesses sensitive information for nefarious purposes. Authorisation management technology drastically reduces the complexity of access management protocols. Without it, it is impossible to guarantee that data is effectively secured.
Authorisation management software provides direct insight into access privileges relevant to the file system through the group memberships in Active Directory, ACLS and direct access. Likewise, it provides an audit trail of the actions that each employee has performed on what file, in which directory and at what time. Further, the technology also allows manager to determine how a user received access to a folder or file – was it through a Active Directory group or via some other method that may not be appropriate.
Authorisation management is really the latest component of the complete access governance, or identity and access management, umbrella. In regards to security, automating operations and managing compliance and audits through access governance is now more vital to an organisation’s survival. In a sense, the visibility provided into an organisation through identity management solutions simply is not there across all systems and the authorisation management component provides that visibility.
You can easily spot accounts where cases excessive access, or access creep have occurred and have the information needed to resolve potential issues. IT leaders or departmental can perform periodic account reviews and to make informed decisions about who should retain, lose or be granted access to applications or data sets. Access governance also shows you an overview of every system available, and then the information can be drilled down to the granular level.
In so doing, you can review accounts on particular systems or applications and you can examine individual employees and review their access to various resources. Access governance protocol takes on stale accounts, orphan accounts, and shared accounts with no one individual that can take ownership and responsibility for their use.
Access governance, when enhanced with authorisation management, allows IT leaders to conduct on demand security audits to ensure the network resources are only accessible by people with a bonafide reason to do so. As access governance and authorisation management continue to become integrated, organisations gain the ability to easily peer into every aspect of their network operation, creating unprecedented visibility to protect company data and defend it from the threat of outside hackers or employees with less than honourable intentions.