Loading
Access Manager
  • Solution
    • Join the orange side of life – Solution
      • Freedom for IT-Administrators
      • Permanent compliance with Data Protection Provisions
      • Greater Efficiency in IT Infrastructure
      • Who, What, How? Auditors Review Your Permission Situation
      • It’s all about the money!
    • Explore the Orange Side of Life
      • Ondal Medical Systems GmbH – Time and Cost Savings
      • ETECTURE GmbH – Higher Transparency in Access Management
      • University of Leipzig Medical Center – no Chance for Hackers
      • University Hospital Tübingen – Password Resets 24/7
      • Federal City of Bonn – efficient user account management
      • City of Cologne – optimised user management
      • Paris Lodron University Salzburg – Information security for thousands of users
      • Reiser Simulation and Training GmbH – efficient access management
      • Oberaigner Group – Access Rights Management and Documentation at the Push of a Button
      • Jörg Vogelsang GmbH & Co. KG – Self Service Access Management
      • Stadtwerke Wolfenbüttel GmbH – no longer an authorisation jungle
  • Modules & Features
    • Modules
      • Fileserver Management
      • SharePoint Management
      • 3rd Party Management
      • Fileserver Accounting
      • REST API
      • Password Reset
      • Identity Management
      • Easy Desktop
      • NTFS Permission Analyzer
    • Features
      • Automated Access Management
      • Autocorrect of Permissions
      • Self Service for End Users
      • Profile Management
      • Reapproval Process
      • GDPR Compliant
      • Transparency by Reporting
      • User Provisioning
      • Audit-proof Documentation
  • Services
    • Services
      • Individual Services
      • Permission Audit
      • Starter Package for Automated Access Management
      • Premium-Support
      • Licensing Model
      • System Requirements
    • Contact Us
      • Get your Trial
      • Request your Product Presentation
  • Company
    • BAYOOSOFT
      • About us
      • We think proactively
    • Get Our Partners
      • Get to know our Partners
      • Become a Partner
  • Events
  • TRIAL
  • Customer Center
  • Search
  • Menu

Usability vs. data protection: Does authorisation management always have to be so complicated?

Mobile working and the increasing networking of company data make the issue of data protection increasingly important. At the same time, known hacker attacks and data breaches are increasing the pressure on companies. The precautions to protect sensitive customer data are becoming ever stricter and more complicated. The more elaborate the measures, the more difficult it is for employees to comply with them.

Systems should therefore fulfil a dual function: The simpler and easier it is to implement, the more likely it is to protect against data leaks and attackers. Most of the time, the issue of data protection remains the sole concern of IT administration, although everyone should be concerned about it and must handle data conscientiously while working.

But which data must be protected?

Every company has a lot of data: Customer data, stored work processes, employee lists and company secrets. Some of this data needs more protection, some less. Therefore, you should aim for prioritisation. Which data is in daily use and which should be easily available to everyone?

Classifications make it possible to categorise data into different risk levels. Company secrets and personal data, for example, need to be protected much more than the brand of office furniture ordered or the slides of the last online meeting.

The need-to-know principle is suitable. In principle, you should check who needs access to all data. Is the knowledge that can be gained from the data really important for the work of the employees? The need-to-know principle is suitable for this, according to which only those employees who really need access rights are granted access.

In the case of highly sensitive data, you should also check whether there is a protection instruction.

In order to protect data, this restriction of usage rights is unavoidable and is therefore implemented in almost all organisations. However, it is precisely this circumstance that often complicates the work processes of employees: If permissions are missing, the first step is to go through the IT department. They, in turn, must first determine who is responsible for the data in the departments. At the same time, there is a lack of transparency as to who is authorised where.

As a result, authorisations are quickly assigned on a scattergun principle, data is copied into public areas or the revocation of rights that are no longer needed is often neglected. Recertifications recommended by auditors, in which data managers have to check the rights situation at regular intervals, often mean frustration due to additional work and paper mountains full of complex matrices.

Data protection is necessary. However, for success it is even more important to find a middle ground that considers usability and data protection equally and evaluates each process according to risk class and importance.

How can the complexity be mastered?

Those who assign authorisations according to the need-to-know principle run a significantly lower data protection risk. It is advisable to proceed as transparently and intuitively as possible: With an approach of self-service and automated implementation, these processes can be placed in the hands of the users and take place without IT administration. If permissions are missing, they can be applied for in an easy-to-understand manner and without technical details from those responsible for the data. After approval, the changes are automatically implemented in the target system.

Data- and user-centred evaluations enable a transparent presentation for technical laypersons. The use of time limits and the regular review of authorisations prevents an uncontrolled spread of authorisations and helps you to comply with all legal requirements.

Each access authorisation also statistically increases the risk of a successful cyber attack from outside, which can be reduced by controlling the number of authorisations. Automating authorisation management creates security and minimises the risk of a data leak. At the same time, usability is increased so that employees are involved in the process transparently and intuitively.

Good to know

As the automated and secure self-service solution for authorisation and identity management, the BAYOOSOFT Access Manager relies on the three building blocks of self-service, automation and monitoring and thus allows usability in these processes to be significantly increased.

Learn more about the BAYOOSOFT Access Manager

Would you like to get to know the BAYOOSOFT Access Manager directly? Sign up for a 30-day TRIAL.

Test it now

News

  • ISO InformationssicherheitsschlüsselISO 27001: The key to information security in the digital world – Part 221. August 2024 - 9:06
  • ISO 27001: The key to information security in the digital world – Part 118. March 2024 - 10:28
  • Our new whitepaper: How to increase IT security in your company with the NIS 2 directive22. February 2024 - 10:47
Contacts at BAYOOSOFT 

Svenja Winkler
CEO
[email protected]

 

Franziska Weiß
Head of Sales
[email protected]

 

Darmstadt
Lise-Meitner-Straße 10
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München
Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Phone: +49 (0) 6151 – 86 18 – 700
Fax: +49 (0) 6151 – 86 18 – 150

Contact: [email protected]
Support: [email protected]
Jobs: [email protected]
Press: [email protected]

  • Privacy Policy
  • Legal
IT Security Act 2.0 BAYOOSOFT Access Manager 2021.1 – available now
Scroll to top