Access control

Dive into business data optimization and best practices.
Post Reply
rakhirhif8963
Posts: 529
Joined: Mon Dec 23, 2024 3:13 am

Access control

Post by rakhirhif8963 »

Admins without routine
The golden rule of existence and development of information security in conditions of a shortage of funds for implementation - minimum effort for maximum results - works well when choosing segments of the information security function that can be called candidates for automation. In our experience, there are at least five areas where automation will not only save time and effort of the information security department employees, but will also bring benefits that are obvious not only to the CISO.

Until a certain time, there was no particular need to automate this function. Moreover, working with "accounts" manually was even more convenient: an employee came with a request - and right in his presence you can create a new "account", grant additional rights or revoke them. Problems with manual management of accounts begin with an increase in the number of employees in the organization, with the appearance of contractors, as well as with the growth of the number of information systems in which employees work. There are several possible solutions.

The first is to implement a PAM (privilege access management) solution. With PAM, you can not only manage the rights of each user, but also set the time periods during which the rights will be valid. Such automation will eliminate stories when, for example, a representative of a contractor company retains access to the customer's information finland mobile database due to human error, when the client's admins simply forgot to disable the "account". Obviously, such automation helps to minimize the possibility of leaks - at least through the channel of privileged accounts.

The use of IdM, or Identity Management, is a further development of the idea of ​​automation for account management. IdM manages rights based on the roles of specific employees and patterns inherent in these roles. The essence of using IdM for automation is that the system consolidates the management of accounts of the entire variety of information systems used in the company. This reduces the costs of distributing roles and their administration, and minimizes the human factor. For example, it can use two- or three-factor authentication and thereby not only eliminate the risks of password compromise, but also make any attempts by hackers to use compromised passwords pointless.
Post Reply