Reduce internal Attack Vectors and protect sensitive Company Data

A study from 2017 found that around 40 percent of companies see external risks as the greatest challenge for their IT landscape. This is still an important aspect in 2020. Some time ago, an American pipeline operator was infected by a blackmail Trojan, so several of his plants had to be shut down for two days. Such attacks by ransomware are no longer a rarity. The protection of sensitive company data and the reduction of attack vectors are becoming increasingly important. In addition to these external risks, which are often known, internal risks represent a threat that is often still underestimated by companies. Missing information about data worthy of protection or a lack of transparency in data access can have serious consequences, as the shutdown of the complete IT infrastructure of the Justus Liebig University in Gießen in January this year showed.

In order to take into account the increasing importance of responsible handling of highly sensitive company and personal data, legal framework conditions such as the General Data Protection Regulation, BSI basic protection Privacy by Default & Design or compliance with the need-to-know principle are required. According to this, users should only receive those access permissions that are absolutely necessary for their daily work.

Reduce internal Risks

The use of software solutions in the area of identity & access management is highly recommended to minimize internal risks. These softwares deal with the protection of employees´ identity and their access rights within the company. Users usually have to authenticate and authorize themselves on several IT systems in order to gain access to the data relevant to them. However, managing this and documenting it in a permanently up-to-date manner is an enormous challenge, especially in larger organizations. Personnel and structural changes are often associated with a high manual effort in the IT department, since processes of user provisioning and access permissions are often carried out manually, for example by assigning AD group memberships. Due to lack of time or higher prioritized tasks, the documentation of these changes is often neglected in practice. Over time, this increases the intransparency and, in combination with a constantly increasing number of access permissions per employee, it leads to an identity chaos. The extent to which rights once granted will still be needed in the future can usually only be determined with considerable effort and the compliance with the need-to-know principle can no longer be fully guaranteed.

Protect sensitive Company Data

At this point an automation of the identity and access management, as it is lived in the BAYOOSOFT solutions, contributes to the optimal protection of the highly sensitive company data. While the Identity & Service Manager enables departments to independently initiate the management of digital identities in the classic company processes of entry, department change and departure of employees, the Access Manager provides an access management system that is easy for departments to understand. The Password Reset Manager rounds off the range of functions with efficient and help desk independent resetting of forgotten passwords.

Increase Efficiency

The central component of these Identity and Access Management solutions is the provision of controlled self-service functions. The knowledge of who needs which information, applications and systems for their daily work lies within the departments and therefore it should also be possible to regulate who is allowed to access what within them. In addition to requesting permissions, resources such as file servers, SharePoint sites or Exchange mailboxes can also be controlled. Approval procedures automatically involve the right parties. If this is additionally combined with an available role and profile management, employees receive controlled access via the approval workflow immediately and without technical background knowledge. IT services are provided much faster and more securely, and avoiding unnecessary waiting times increase productivity throughout the organization, both in IT administration and in business departments.

However, the automation of identity and access assignments alone is not sufficient to guarantee the need-to-know principle. In addition to this pure implementation, it must also be ensured that the documentation corresponds to the actual state. For this purpose, the Access Manager establishes a permanent autocorrection of access permissions with the so called target-actual comparison, which ensures the intended implementation, automatically documents identified but undesired changes and resets them to the target state. If this guarantees correct implementation, functionalities such as the establishment of recertification processes, role assignment linked to SAP or other personnel systems, and mechanisms for the time-controlled removal of access permissions make it possible to contain the increase in access rights over time. This is the only way to ensure the company-wide implementation of the need-to-know principle. The transparency of the available identities reduces further risks, such as the danger of forgetting old service accounts, which could be used as a vulnerability for cyber attacks on eleven clinics in Rhineland-Palatinate in August 2019, for example.

Conclusion

In times of increased ransomware attacks it is especially important to protect sensitive company and personal data comprehensively. In addition to the usual consideration of external risks, internal weaknesses must also be minimized by means of suitable technical and organizational measures. Software solutions in the field of identity and access management make a decisive contribution to the protection of highly sensitive data. At this point BAYOOSOFT offers the proven solution portfolio for the automation of identity and access management processes. On the one hand, the Access Manager enables independent application and approval of access permissions around file servers, SharePoint and resources in third-party systems, completely without the IT administrators. The Identity & Service Manager as a software solution for automated user and access management, supplements this with the aspects of User Provisioning or Privileged Account Management. Forgotten passwords can be easily recovered at any time of the day or night using the Password Reset Manager with several authentication methods. Thus, operational expenses can be reduced sustainably and at the same time information security can be increased by monitoring, auditing and transparent reporting for the data managers in their departments.

Would you like to learn more about the advantages of automated access management?

Make an appointment today for an individual product presentation or visit one of our regular webinars. Our access management experts will be happy to introduce the BAYOOSOFT Access Manager to you personally: