{"id":1521,"date":"2018-12-11T17:01:17","date_gmt":"2018-12-11T16:01:17","guid":{"rendered":"http:\/\/www.fileservermanagementsuite.de\/2018\/12\/11\/mit-netz-und-doppeltem-boden\/"},"modified":"2023-06-29T14:50:24","modified_gmt":"2023-06-29T12:50:24","slug":"with-safety-net-and-double-bottom","status":"publish","type":"post","link":"https:\/\/www.accessmanager.net\/en\/2018\/12\/11\/with-safety-net-and-double-bottom\/","title":{"rendered":"With safety net and double bottom"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-573f96470055e03d7d69566969fb1c2f\">\n#top .av-special-heading.av-av_heading-573f96470055e03d7d69566969fb1c2f{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-573f96470055e03d7d69566969fb1c2f .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-573f96470055e03d7d69566969fb1c2f .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-573f96470055e03d7d69566969fb1c2f av-special-heading-h1  avia-builder-el-0  el_before_av_textblock  avia-builder-el-first '><h1 class='av-special-heading-tag '  itemprop=\"headline\"  >Recertification of access rights to sensitive data<\/h1><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><\/p>\n<p><strong>Employee authorizations are subject to uncontrolled growth over time. By combining the automation of access management with the regular review of existing rights, the sense of duty in the specialist departments and data security can be optimised.<\/strong><\/p>\n<\/p>\n<p>Need-to-know is the principle by which employees are to gain knowledge of data in the company only when required. As far as access rights are concerned, they should only receive those authorisations that they really need for their daily work. New employees join the company, employees change departments or work in new projects, trainees wander through various areas in order to gain as much experience as possible. In order not to keep these employees waiting, authorizations are assigned quickly and generously, for example at department level, or comparison users with similar tasks are used. However, it is often neglected to document these rapid authorization changes or to check whether existing authorizations are still required. In practice, there are additional transition periods here, so that the removal of rights that are no longer required weeks later is often neglected or forgotten due to this time lag. Thus the authorizations of an employee continue to increase with increasing company affiliation &#8211; whether these rights are actually still needed even after years is open.<\/p>\n<\/p>\n<p>In order to prevent this uncontrolled growth in authorizations, auditors recommend re-certification or certification of the authorizations, which should also fulfill the legal requirements such as the Sarbanes-Oxley Act of the financial sector. Data managers should review the existing legal situation at regular intervals. If authorizations that are no longer required are discovered, they should be withdrawn from the corresponding employees as a measure to reduce risk. This recurring process does not lead to much enthusiasm, especially among managers &#8211; after all, it means considerable additional effort as well as a confrontation with technical details or mountains of paper full of complex matrices about the complete authorization situation. Such intransparent and unclear information poses massive hurdles which considerably endanger the achievement of the objectives of a review process.<\/p>\n<\/p>\n<h4>Automation protects<\/h4>\n<\/p>\n<p>If the &#8220;Need-to-Know&#8221; principle is to be adhered to, it is necessary to reduce existing hurdles as far as possible. The BAYOOSOFT Access Manager, with its automation of authorization management for file servers, SharePoint and Active Directory, represents a solution approach that has been tried and tested for ten years. The software solution establishes data protection as the default and monitors the actual authorization situation by continuously comparing it with the approved and audited status of authorizations. The technical implementation is completely taken over by the system, and the involvement of the IT administration can be completely omitted if desired. This automation enables authorization management directly by the data managers. They can manage access rights to the resources for which they are responsible in a transparent and audit-proof manner without technical background knowledge and without IT support thanks to a clear and easily understandable presentation of the necessary information. The combination of an assignment of personal authorizations with the use of the integrated profile management for the mapping of organizational structures replaces the need to copy the authorizations of another user or to assign them to entire departments. Together with the possibility to define expiration dates for the automatic removal of no longer needed rights, the BAYOOSOFT Access Manager provides a reliable way to contain the uncontrolled accumulation of authorizations and to promote acceptance by the data managers through transparency.<\/p>\n<\/p>\n<h4>Regular review of existing rights<\/h4>\n<\/p>\n<p>To further reduce the risk of unwanted access to sensitive data, the reapproval of all managed access rights on file servers, SharePoint and in Active Directory is used in addition to the continuous comparison of the target system. This feature transfers the permission management concept with intuitive browser operation, simplifying and accelerating the recertification process. Data managers receive an e-mail on the due date informing them of the resources to be checked. The web interface then filters out resources that are not relevant to the process, as well as those that have already been checked, and displays only pending checks. Decisions can thus be confirmed or revoked intuitively and simply by &#8220;yes\/no&#8221;. The possibility of defining multiple data managers for each resource means that processing can be distributed among different heads. This makes the recertification process as simple as possible for data managers. They are not confronted with mountains of paper or complex IT expertise and can work efficiently on their task. This makes it possible to reduce the recertification hurdle in order to guarantee the success of redundant monitoring of data worth protecting in the company.<\/p>\n<\/p>\n<h4>DSGVO conformity<\/h4>\n<\/p>\n<p>Knowledge of existing rights and their necessity is also an important factor for compliance with the basic data protection regulation. In order to support the establishment and maintenance of the register of processing activities, personal data must be identified in accordance with Article 9 and the purpose of the processing defined. Here in particular, the use of the redundant security system recertification is relevant to oblige data controllers to take the issue of data security seriously. Reapproval is therefore combined with data protection classifications based on the categories of the Basic Data Protection Regulation. If a resource receives a corresponding classification, it is automatically a candidate for the authorization check and is considered for the following key date.<\/p>\n<\/p>\n<h4>Conclusion<\/h4>\n<\/p>\n<p>Changes in authorizations due to personnel or structural changes often lead to a deviation from the &#8220;need-to-know&#8221; principle and in the long term result in a loss of data security due to uncontrolled growth in authorizations. Through the automation approach, the BAYOOSOFT Access Manager offers permanent monitoring of file server, share point and active directory rights and counteracts this creeping process permanently. At the same time, transparency and awareness of data security within the company are increased. The combination of data protection classifications as the identification of particularly sensitive data with redundant backup through the easily understandable verification of the authorization situation makes data managers responsible for assuming responsibility for fulfilling compliance requirements.<\/p>\n<\/p>\n<p>The BAYOOSOFT Access Manager is a tried and tested means to give access management in the company a double bottom for data security and thus to guarantee a permanently audit-proof authorization situation with little operational effort.<\/p>\n<\/p>\n<h4>Would you like to learn more about the benefits of automated authorization management?<\/h4>\n<\/p>\n<p>Make an appointment today for an individual product presentation or visit one of our regular <a href=\"https:\/\/www.accessmanager.net\/en\/services\/product-presentation-inquiry\/\">webinars<\/a>. Our experts for authorization management will be happy to introduce the BAYOOSOFT Access Manager to you personally:<\/p><\/p>\n<\/div><\/section>\n<div id='avia-messagebox-' class='avia_message_box av_notification av-ljfl2bqn-a0b8fe4d29a867847da3d234c5077654 avia-color-blue avia-size-large avia-icon_select-no avia-border-  avia-builder-el-2  el_after_av_textblock  el_before_av_textblock ' ><span class='avia_message_box_title' >Note<\/span><div class=\"avia_message_box_content\"><p>We are currently experiencing problems with our forms. If you receive an error message, please send an email with your request directly to sales@accessmanager.net<\/p>\n<\/div><\/div>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><div class=\"wpforms-container wpforms-container-full\" id=\"wpforms-7096\"><form id=\"wpforms-form-7096\" class=\"wpforms-validate wpforms-form wpforms-ajax-form\" data-formid=\"7096\" method=\"post\" enctype=\"multipart\/form-data\" action=\"\/en\/wp-json\/wp\/v2\/posts\/1521\" data-token=\"cd6a74ef8c9dff26116fed000dccb24b\" data-token-time=\"1775341942\"><noscript class=\"wpforms-error-noscript\">Please enable JavaScript in your browser to complete this form.<\/noscript><div class=\"wpforms-field-container\"><div id=\"wpforms-7096-field_1-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"1\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_1\">First Name <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7096-field_1\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][1]\" required><\/div><div id=\"wpforms-7096-field_2-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"2\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_2\">Last Name <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7096-field_2\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][2]\" required><\/div><div id=\"wpforms-7096-field_3-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"3\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_3\">Company <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7096-field_3\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][3]\" required><\/div><div id=\"wpforms-7096-field_4-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"4\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_4\">Position<\/label><input type=\"text\" id=\"wpforms-7096-field_4\" class=\"wpforms-field-large\" name=\"wpforms[fields][4]\" ><\/div><div id=\"wpforms-7096-field_5-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"5\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_5\">E-Mail <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7096-field_5\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][5]\" required><\/div><div id=\"wpforms-7096-field_7-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"7\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_7\">Phone <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7096-field_7\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][7]\" required><\/div><div id=\"wpforms-7096-field_9-container\" class=\"wpforms-field wpforms-field-select wpforms-field-select-style-classic\" data-field-id=\"9\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_9\">Preffered Contact Method<\/label><select id=\"wpforms-7096-field_9\" class=\"wpforms-field-large\" name=\"wpforms[fields][9]\"><option value=\"E-Mail\"  class=\"choice-2 depth-1\"  >E-Mail<\/option><option value=\"Phone\"  class=\"choice-1 depth-1\"  >Phone<\/option><\/select><\/div><div id=\"wpforms-7096-field_10-container\" class=\"wpforms-field wpforms-field-textarea\" data-field-id=\"10\"><label class=\"wpforms-field-label\" for=\"wpforms-7096-field_10\">Questions or Comments<\/label><textarea id=\"wpforms-7096-field_10\" class=\"wpforms-field-large\" name=\"wpforms[fields][10]\" ><\/textarea><\/div><div id=\"wpforms-7096-field_11-container\" class=\"wpforms-field wpforms-field-checkbox\" data-field-id=\"11\"><ul id=\"wpforms-7096-field_11\" class=\"wpforms-field-required\"><li class=\"choice-1 depth-1\"><input type=\"checkbox\" id=\"wpforms-7096-field_11_1\" name=\"wpforms[fields][11][]\" value=\"I hereby confirm that I agree with the processing of my data according to the data protection declaration. *\" required ><label class=\"wpforms-field-label-inline\" for=\"wpforms-7096-field_11_1\">I hereby confirm that I agree with the processing of my data according to the data protection declaration. *<\/label><\/li><\/ul><\/div><\/div><!-- .wpforms-field-container --><script type=\"text\/javascript\">\n(function ($) {\n    \/\/ fires when something is accepted in cookiebot\n    window.addEventListener('CookiebotOnAccept', function (e) {\n        \/\/ check if marketing cookies are excepted\n        \/\/ remove notice and enable submit button in that case\n        if (Cookiebot.consent.marketing) {\n            $('.missing-cookie-notice').hide();\n            $('.wpforms-submit').removeAttr('disabled');\n        }\n    }, false);\n    \n    \/\/ disable submit buttons and show cookie-notice if\n    \/\/ marketing cookies are disabled\n    if (!Cookiebot.consent.marketing) {\n        $('.missing-cookie-notice').show();\n        $('.wpforms-submit').attr('disabled', true);\n    }\n})(jQuery);\n<\/script>\n \n<div class=\"missing-cookie-notice\" style=\"display: none\">\n    Please accept marketing cookies to submit the form.<br \/>\n    Click <a href=\"javascript: Cookiebot.submitCustomConsent(Cookiebot.consent.preferences, Cookiebot.consent.statistics, true)\">here<\/a> to allow marketing cookies.\n<\/div><div class=\"wpforms-field wpforms-field-hp\"><label for=\"wpforms-7096-field-hp\" class=\"wpforms-field-label\">Phone<\/label><input type=\"text\" name=\"wpforms[hp]\" id=\"wpforms-7096-field-hp\" class=\"wpforms-field-medium\"><\/div><div class=\"wpforms-recaptcha-container wpforms-is-recaptcha wpforms-is-recaptcha-type-invisible\" ><div class=\"g-recaptcha\" data-sitekey=\"6LdMjMgUAAAAAFhVg_MGHWhEb3w1gUMEb9i8tiDV\" data-size=\"invisible\"><\/div><\/div><div class=\"wpforms-submit-container\" ><input type=\"hidden\" name=\"wpforms[id]\" value=\"7096\"><input type=\"hidden\" name=\"page_title\" value=\"\"><input type=\"hidden\" name=\"page_url\" value=\"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/1521\"><input type=\"hidden\" name=\"url_referer\" value=\"\"><button type=\"submit\" name=\"wpforms[submit]\" id=\"wpforms-submit-7096\" class=\"wpforms-submit\" data-alt-text=\"sending...\" data-submit-text=\"Request Appointment Now\" aria-live=\"assertive\" value=\"wpforms-submit\">Request Appointment Now<\/button><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.accessmanager.net\/wp-content\/plugins\/wpforms\/assets\/images\/submit-spin.svg\" class=\"wpforms-submit-spinner\" style=\"display: none;\" width=\"26\" height=\"26\" alt=\"Loading\"><\/div><\/form><\/div>  <!-- .wpforms-container -->\n<\/div><\/section>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p style=\"text-align: right\"><a href=\"http:\/\/www.accessmanager.net\/en\/privacy-declaration\/\">Privacy Policy<\/a> \n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837\">\n.av_font_icon.av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837 .av-icon-char{\nfont-size:20px;\nline-height:20px;\n}\n<\/style>\n<span  class='av_font_icon av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837 avia_animate_when_visible av-icon-style- avia-icon-pos-right av-no-color avia-icon-animate'><span class='av-icon-char' aria-hidden='true' data-av_icon='\ue81e' data-av_iconfont='entypo-fontello' ><\/span><\/span><\/p>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":6,"featured_media":1131,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,51,57],"tags":[60,61,62,63,64],"class_list":["post-1521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-editorial-en","category-general","category-news-en","tag-auto-berechtigungskorrektur-en","tag-automatisierung-en","tag-dsgvo-en","tag-reapproval-en","tag-redundantes-monitoring-en"],"_links":{"self":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/1521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/comments?post=1521"}],"version-history":[{"count":15,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/1521\/revisions"}],"predecessor-version":[{"id":16591,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/1521\/revisions\/16591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/media\/1131"}],"wp:attachment":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/media?parent=1521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/categories?post=1521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/tags?post=1521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}