Loading
Access Manager
  • Solution
    • Join the orange side of life – Solution
      • Freedom for IT-Administrators
      • Permanent compliance with Data Protection Provisions
      • Greater Efficiency in IT Infrastructure
      • Who, What, How? Auditors Review Your Permission Situation
      • It’s all about the money!
    • Explore the Orange Side of Life
      • Ondal Medical Systems GmbH – Time and Cost Savings
      • ETECTURE GmbH – Higher Transparency in Access Management
      • University of Leipzig Medical Center – no Chance for Hackers
      • University Hospital Tübingen – Password Resets 24/7
      • Federal City of Bonn – efficient user account management
      • City of Cologne – optimised user management
      • Paris Lodron University Salzburg – Information security for thousands of users
      • Reiser Simulation and Training GmbH – efficient access management
      • Oberaigner Group – Access Rights Management and Documentation at the Push of a Button
      • Jörg Vogelsang GmbH & Co. KG – Self Service Access Management
      • Stadtwerke Wolfenbüttel GmbH – no longer an authorisation jungle
  • Modules & Features
    • Modules
      • Fileserver Management
      • SharePoint Management
      • 3rd Party Management
      • Fileserver Accounting
      • REST API
      • Password Reset
      • Identity Management
      • Easy Desktop
      • NTFS Permission Analyzer
    • Features
      • Automated Access Management
      • Autocorrect of Permissions
      • Self Service for End Users
      • Profile Management
      • Reapproval Process
      • GDPR Compliant
      • Transparency by Reporting
      • User Provisioning
      • Audit-proof Documentation
  • Services
    • Services
      • Individual Services
      • Permission Audit
      • Starter Package for Automated Access Management
      • Premium-Support
      • Licensing Model
      • System Requirements
    • Contact Us
      • Get your Trial
      • Request your Product Presentation
  • Company
    • BAYOONET AG
      • About us
      • We think proactively
    • Get Our Partners
      • Get to know our Partners
      • Become a Partner
  • Blog
  • Events
  • TRIAL
  • Customer Center
  • Search
  • Menu

Authorisation concept: Best practice recommendations

An omnipresent topic for companies is the question of IT security. Which employees really need access to certain sectors and (sensitive) data? What does effective protection against sabotage or hacker attacks look like?

The German Federal Office for Information Security (german: BSI) recommends that critical infrastructures (CRITIS) have access controls – physical and logical – among other things. A suggestion that is also relevant for companies without KRITIS classification.

With a view to IT security, an authorisation concept is therefore needed that makes access comprehensible, protects against internal and external attacks and at the same time supports IT administration in a resource-saving way. What aspects should you consider when designing such a concept?

  • Establish formal processes

    How do employees obtain new authorisations? And how are authorisations handled when employees leave the company or the department? Establish a formal process that regulates the allocation of authorisations and how these are documented. Check whether additional measures, such as protective instructions, are necessary for highly sensitive data.

  • Designate responsible persons

    Assign responsibility for access rights to (sensitive) data to authorised persons. These persons formally decide which employees need access, following the need-to-know principle. Only after approval by these persons are the authorisations technically implemented.

  • Permissions at directory level and via AD groups

    Avoid granting permissions to individual files. Instead, use a directory level where full access is not granted if possible. Aim for authorisation management via AD groups instead of favouring individual users. In combination with authorisation hierarchies that are as flat as possible, this ensures administrability.

Three best practice steps that your authorisation concept should include. But before you establish this in your company, it is worth taking a look at your current authorisation structure. Check: Are there historically grown authorisation structures?

Large amounts of unstructured data accumulate in the form of documents and files and the file server structure is becoming increasingly unclear. Who has which authorisations? If there is no overview, a security gap is created.

Reasons for an opaque authorisation structure can be:

  • Restructuring within the organisation
  • Change of technical platform, persons and areas of responsibility
  • Manual errors in the allocation of authorisations
  • Permanent manifestation of provisional interim solutions
  • Missing documentation or documentation that deviates from the technical conditions
  • Changing requirements for data access

Good to know

The analysis tool NTFS Permission Analyzer helps you to determine the current ACTUAL state of the NTFS permission situation on your file servers. Especially if you are confronted with historically grown permission structures, a file server migration is pending or a restructuring of the file servers is to be carried out, the NTFS Permission Analyzer is a reliable tool to gain an overview in a simple way.

At the same time, the NTFS Permission Analyzer also prepares the first step on the way to future automated authorisation management via the Access Manager.

test now for free

Implement the authorisation concept: Which software tool supports you in which way?

The secure administration of authorisations succeeds with a software solution that supports the IT administration. This is the only way to establish authorisation allocation in the long term,

To what extent a software solution should support the creation of a new concept is a decision for the administration. When making a choice, it helps to clarify internally: What level of support do we want to use and how much should be implemented automatically in the future? You have the choice between tools for the simple evaluation of the existing situation up to a fully comprehensive automated authorisation management, which are specifically aimed at end users and data managers.

The technical implementation is carried out completely via the system, so that no IT background knowledge is required for use. In this way, authorisations can be granted in a user-friendly and comprehensible way by means of self-service.

The aim of automated authorisation allocation by means of self-service is to shift the responsibility for and processing of authorisation processes away from IT administrators to the data managers. Only if authorisations are no longer granted “bypassing the system”, but via the application and release workflows provided for this purpose, can the defined target state be maintained in the long term.

You would like to get to know the BAYOOSOFT Access Manager directly free of charge?

The automated and secure self-service solution supports you in authorisation management and offers you the right tool for NTFS analysis.

Sign up for a 30-day TRIAL.

test now for free
Sounds interesting? Share our post
  • Share on Facebook
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

News

  • Berechtigungsmanagement sicher und nachhaltig gestalten – Best Practice20. May 2022 - 16:11
  • Zwei Frauen und zwei Männer schauen auf einen Monitorauthorisation management with need-to-know-principle8. April 2022 - 16:51
  • BAYOOSOFT @DMEA 20224. April 2022 - 16:14
Contacts at BAYOOSOFT 

Svenja Winkler
Director Management Software
svenja.winkler@bayoo.net

 

 

Franziska Weiß
Head of Sales
franziska.weiss@bayoo.net

BAYOONET AG
Europaplatz 5
D-64293 Darmstadt

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

Contact: info@bayoo.net
Support: support@accessmanager.net
Jobs: jobs@bayoo.net
Press: presse@bayoo.net

  • Privacy policy
  • Legal
What does the NTFS do? BAYOOSOFT @DMEA 2022
Scroll to top