You’ve Found Open Access, Now What?

May 17, 2024 10:13:59 AM EDT | Blog You’ve Found Open Access, Now What?

Discover the importance of managing access effectively to reduce risks and costs. Learn how to tackle open access issues with a holistic approach and automated solutions.

Consider this: only 17% of firms have a mature approach to access management. For the 80%+ of firms who aren’t properly managing access, this translates to twice as many breaches and $5 million more in costs on average. Understanding the risks of open access is crucial, but uncovering it through a security reporting tool is only the first step. The real challenge lies in remediating that risk. Here’s how you can effectively tackle the problem of open access.

Step 1: Avoid Simple Solutions

Running a report and identifying folders with open access privileges is not enough. The next step involves taking action to reduce that risk. Here are a few approaches that might seem straightforward but can lead to unintended consequences:

  • Removing the Open Access Group: This could inadvertently remove legitimate business user access or disrupt service accounts crucial for business-critical applications.
  • Replacing the Open Access Group with Current Access Accounts: This might disrupt the permission inheritance structure, creating more work to restore proper access later.
  • Logical Grouping of Folders: While this approach consolidates permission changes to a top folder, it still leaves the question of who should have access unanswered.

Step 2: Identify and Engage Business Owners

A more nuanced approach involves identifying business owners for each folder collection and determining who should have access. This method, although thorough, can be cumbersome:

  • Manual Process: Finding and contacting business owners to respond to IT surveys is time-consuming and disliked by both IT and business teams.
  • High Volume of Communication: It could require hundreds or even thousands of emails to gather the necessary information.

Step 3: Adopt a Holistic Approach

The most effective way to reduce risk is through a comprehensive workflow that includes:

  • Finding Folder Collections: Grouping folders logically to streamline permission changes.
  • Determining Ownership: Identifying the appropriate business owners for each folder collection.
  • Certifying Permissions: Using an escalation system to validate who should have access.
  • Implementing Changes: Making permission changes from the top folder down, ensuring new permissions are manageable long-term.

This process is not as simple as "removing the open access group," but it’s essential for effective and sustainable risk reduction.

Step 4: Leverage Automated Solutions

Over 10 years of cleanup experience have taught us that this holistic approach is crucial. At SPHERE, we’ve perfected this process and automated it with SPHEREboard.

  • Security Reporting: If you don’t have a tool to identify open access issues, SPHEREboard can do this more effectively than other solutions. We prioritize risk reduction by presenting data in actionable ways, pivoted on business-defined departments, data staleness, severity of security issues, and data sensitivity.
  • Automated Risk Reduction: SPHEREboard automates the entire risk reduction process, from discovering open access issues to implementing secure and manageable permissions.

See SPHEREboard in Action

Want to see real automated risk reduction?
Schedule a demo and ask for a free Risk Evaluation to see SPHEREboard with your own data. 

 
Caroline Kinlin

Written By: Caroline Kinlin

Caroline Kinlin, Serving as SPHERE's Chief Marketing Officer has over two decades of experience in B2B marketing, specializing in go-to-market strategies and operations and leading dynamic teams. Her achievements include enhancing marketing scalability, managing budgets effectively, and significantly improving sales pipelines by 300-500% while reducing customer acquisition costs by 30-40% in the SaaS, cybersecurity, and data security industries. Caroline holds an MBA from Monmouth University and a Bachelor's from Loyola University. Beyond her professional accomplishments, she mentors emerging talent and advises professional organizations, showcasing a leadership style that values creativity, pragmatism, and empowerment.