Protecting your company’s priceless data means making sure of two things: that the right people have access to the correct files and applications, and that the wrong people don’t have access to anything they shouldn’t. This practice is called access governance.
There are many ways you can take advantage of software to ensure proper access rights for your employees and authorized consultants and vendors, including using role-based access control (RBAC), automation and workflows.
RBAC is becoming an increasingly important network safety tool for corporate information technology infrastructures. RBAC allows you to set things up so your human resources and payroll teams are the only ones with access to payroll and personnel data, so your finance team is the only one that can access customer payment information (e.g. credit card data) and so on.
RBAC also lets you extend permissions to individual users on a case-by-case and temporary basis. For example, perhaps some employees are filling a particular role within your organization that requires them to have access rights to another part of your organization’s folders, files or application.
Without an RBAC system in place, having your IT team manage everything themselves can cause issues due to human error or a lack of information or understanding about all the roles and access rights that individual users should have.
Another way to manage access rights and remove the possibility of human error is through automation. Automation lets you mechanize tasks such as user creation, user updates (including permissions), user disables, user purges and more.
Automation handles your local Active Directory environment and can push these changes into different downstream systems, such as Blackboard, Google Apps and file systems. Having your IT team divorced from the actual process saves time and reduces the possibility of a system that poses a security risk for your network being missed.
And, last but not least are workflows, which are great if you have a system that requires one or more levels of approval to provide an employee with access rights. For example, managers can use workflows to request access to a Google Drive share for one of their employees. That request can subsequently be approved by the IT team and then approved by the manager of the related Google Drive share.
As a bonus, using workflows in conjunction with automation allows you to automate the process of the provisioning once a given workflow is complete.
Your network—and the data that lives on it—are one of your company’s most precious resources. I hope this information helps you make decisions about how to protect it.
Using RBAC, automation, and workflows together can improve your network’s security and compliance, as well as reduce your IT teams’ liability and workload. Your IT staff can then spend more time helping employees with other things and, perhaps more importantly, stopping outside security threats to your network.