Consider this: only 17% of firms have a mature approach to access management. For the 80%+ of firms who aren’t properly managing access, this translates to twice as many breaches and $5 million more in costs on average. Understanding the risks of open access is crucial, but uncovering it through a security reporting tool is only the first step. The real challenge lies in remediating that risk. Here’s how you can effectively tackle the problem of open access.
Step 1: Avoid Simple Solutions
Running a report and identifying folders with open access privileges is not enough. The next step involves taking action to reduce that risk. Here are a few approaches that might seem straightforward but can lead to unintended consequences:
- Removing the Open Access Group: This could inadvertently remove legitimate business user access or disrupt service accounts crucial for business-critical applications.
- Replacing the Open Access Group with Current Access Accounts: This might disrupt the permission inheritance structure, creating more work to restore proper access later.
- Logical Grouping of Folders: While this approach consolidates permission changes to a top folder, it still leaves the question of who should have access unanswered.
Step 2: Identify and Engage Business Owners
A more nuanced approach involves identifying business owners for each folder collection and determining who should have access. This method, although thorough, can be cumbersome:
- Manual Process: Finding and contacting business owners to respond to IT surveys is time-consuming and disliked by both IT and business teams.
- High Volume of Communication: It could require hundreds or even thousands of emails to gather the necessary information.
Step 3: Adopt a Holistic Approach
The most effective way to reduce risk is through a comprehensive workflow that includes:
- Finding Folder Collections: Grouping folders logically to streamline permission changes.
- Determining Ownership: Identifying the appropriate business owners for each folder collection.
- Certifying Permissions: Using an escalation system to validate who should have access.
- Implementing Changes: Making permission changes from the top folder down, ensuring new permissions are manageable long-term.
This process is not as simple as "removing the open access group," but it’s essential for effective and sustainable risk reduction.
Step 4: Leverage Automated Solutions
Over 10 years of cleanup experience have taught us that this holistic approach is crucial. At SPHERE, we’ve perfected this process and automated it with SPHEREboard.
- Security Reporting: If you don’t have a tool to identify open access issues, SPHEREboard can do this more effectively than other solutions. We prioritize risk reduction by presenting data in actionable ways, pivoted on business-defined departments, data staleness, severity of security issues, and data sensitivity.
- Automated Risk Reduction: SPHEREboard automates the entire risk reduction process, from discovering open access issues to implementing secure and manageable permissions.
See SPHEREboard in Action
Want to see real automated risk reduction?
Schedule a demo and ask for a free Risk Evaluation to see SPHEREboard with your own data.
