{"id":7953,"date":"2020-04-22T10:00:43","date_gmt":"2020-04-22T08:00:43","guid":{"rendered":"https:\/\/www.accessmanager.net\/?p=7953"},"modified":"2023-06-29T14:45:48","modified_gmt":"2023-06-29T12:45:48","slug":"redundant-monitoring-in-access-management","status":"publish","type":"post","link":"https:\/\/www.accessmanager.net\/en\/2020\/04\/22\/redundant-monitoring-in-access-management\/","title":{"rendered":"Redundant monitoring in access management"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_hr-4474f20d2389e2e5ecf918a02da5132e\">\n#top .hr.hr-invisible.av-av_hr-4474f20d2389e2e5ecf918a02da5132e{\nheight:50px;\n}\n<\/style>\n<div  class='hr av-av_hr-4474f20d2389e2e5ecf918a02da5132e hr-invisible  avia-builder-el-0  el_before_av_heading  avia-builder-el-first '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-57b01b89d697392abb9fbe7485dc977c\">\n#top .av-special-heading.av-av_heading-57b01b89d697392abb9fbe7485dc977c{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-57b01b89d697392abb9fbe7485dc977c .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-57b01b89d697392abb9fbe7485dc977c .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-57b01b89d697392abb9fbe7485dc977c av-special-heading-h1  avia-builder-el-1  el_after_av_hr  el_before_av_hr '><h1 class='av-special-heading-tag '  itemprop=\"headline\"  >Protectable Data under one Roof &#8211; redundant Monitoring in Access Management<\/h1><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_hr-fbebcb4fe7f7f93a621d8b6783460008\">\n#top .hr.hr-invisible.av-av_hr-fbebcb4fe7f7f93a621d8b6783460008{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-av_hr-fbebcb4fe7f7f93a621d8b6783460008 hr-invisible  avia-builder-el-2  el_after_av_heading  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>In many government agencies and public institutions, large amounts of unstructured data in the form of documents &#8211; often with highly sensitive content &#8211; are stored on <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/modules\/#fileserver_management\">file servers<\/a>, SharePoint and applications. From a risk point of view, this form of data storage is particularly susceptible to misuse: After all, the transfer of file-based data is not an obstacle even for technical laypersons.<\/p>\n<p><a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#profiles\">Need-to-know<\/a> is the principle by which employees should only gain knowledge of data when needed. In terms of access rights, they should only receive those permissions that they really need for their daily work. This does not sound like a particularly difficult task at first, as there are more than enough technical possibilities to restrict directory access at the level of the various operating and directory systems.<\/p>\n<p><strong>Historical structures<\/strong><\/p>\n<p>In practice, however, this task is becoming increasingly complex. Due to the requirements of the specialist departments for nesting in the permission structure, interrupted inheritance, creation of cross-relationships and often ad-hoc assigned direct permissions of individual users past the well thought-out group concept, the permission structure quickly becomes unclear.<\/p>\n<p>But how do such situations arise? Often the cause is a combination of permission dialogs oriented on technical users, countless configuration options, manual errors in the assignment of permissions and, ultimately, incomplete to completely missing <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#documented\">documentation<\/a>. In many cases, it is no longer possible to promptly and reliably track who is authorized to access which data &#8211; and above all: who authorized this access at what time.<\/p>\n<p><strong>Analyze &amp; clean up &#8211; but then what?<\/strong><\/p>\n<p>Existing analysis tools give organizations the ability to get an overview of their current permission structure and to analyze, restructure and simplify it. But how can a permanent traceability be guaranteed with the constant change of an organizational structure, changing task areas and responsibilities?<\/p>\n<p>The real permanent challenge in permission management is to document this continuous change process completely, while at the same time ensuring that the technical actual state actually corresponds to the released target state and that this cannot be circumvented.<\/p>\n<p>The key to audit-proof access management is therefore the combination of extensive <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#automated\">automation of the permission processes<\/a> from application to implementation, continuous monitoring and comprehensive reporting: the core competencies of the BAYOOSOFT Access Manager.<\/p>\n<p>Depending on the situation and operational environment, the users and data managers can trigger adjustments of the permission status directly via the <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#selfservice\">Self Service Portal<\/a> or another system via <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/modules\/#rest_api\">API<\/a>. Combined with a continuous comparison of the actual permissions against the definition by the data owners, this approach leads to a transparency of the granted access permissions that has not been available so far.<\/p>\n<p>The goal of automated access assignment via Self Service is to shift the responsibility and processing of access management processes away from <a href=\"https:\/\/www.accessmanager.net\/en\/solution\/#freedom\">administrators<\/a> and towards data owners. Only if permissions are assigned via the specified application and release workflow and no more &#8220;past the system&#8221;, can the defined target status be maintained and unauthorized permissions be avoided.<\/p>\n<p><strong>Redundant monitoring<\/strong><\/p>\n<p>By involving the specialist managers in the access managament process and assigning the associated responsibilities, the respective decision-makers are sensitized to the issue of access rights to &#8220;their&#8221; resources, which significantly increases <a href=\"https:\/\/www.accessmanager.net\/en\/solution\/#compliance\">data security<\/a>.<\/p>\n<p>The automatic comparison of the technical actuel permissions with the<a href=\"https:\/\/www.accessmanager.net\/en\/module-funktionen\/funktionen\/#monitoring\"> defined target status<\/a> as well as the automatic resetting of unauthorized changes, if necessary, increases the level of data protection and prevents new proliferation in the permission structure. To further reduce the risk of unwanted access to data worthy of protection, the <a href=\"https:\/\/www.accessmanager.net\/en\/module-funktionen\/funktionen\/#reapproval\">Reapproval<\/a> is additionally used for all managed access rights on file servers, <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/modules\/#sharepoint_management\">SharePoint<\/a> and in the Active Directory.\u00a0 With an easy-to-understand operation via the browser, data managers can confirm or revoke access rights intuitively with &#8216;yes\/no&#8221;. The possibility to define multiple data responsible persons per resource allows the processing to be distributed to different heads. This makes the recertification process as simple as possible. They are not confronted with mountains of paper or complex IT expertise and can process their task efficiently. This makes it possible to reduce the recertification hurdle, thus ensuring the success of redundant monitoring for data worthy of protection in the company.<\/p>\n<p><strong>GDPR Conformity<\/strong><\/p>\n<p>Knowledge of existing rights and their necessity is also a significant factor for compliance with the <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#gdpr\">general data protection regulation<\/a>. The evaluation via simple reports that are understandable for technical laypersons and can be generated at a push of a button without IT know-how ensures maximum transparency for the data managers and thus makes an important contribution to information security in the organization. In order to support the creation and maintenance of the Directory of processing activities, personal data must be identified in accordance with Article 9. Furthermore the purpose of processing must be defined. For this purpose, the Reapproval is combined with the data protection classifications based on the categories of the general data protection regulation. This means that data controllers are always in a position to identify what is essential: Who has <a href=\"https:\/\/www.accessmanager.net\/en\/solution\/#auditsafe\">access to which data<\/a>, since when and by whom was this access approved?<\/p>\n<p><strong>Conclusion<\/strong><\/p>\n<p>Changes in permissions due to personnel or structural changes often lead to a deviation from the &#8220;need-to-know&#8221; principle and thus ensure a loss of data security in the long term through an uncontrolled growth in permissions. Through the approach of automation, the Access Manager offers permanent monitoring of file server, share point and <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/modules\/#3rdparty_management\">active directory rights<\/a> and permanently counteracts this creeping process. At the same time, <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/features\/#transparency\">transparency<\/a> and awareness of data security will be increased in authorities and public institutions. The combination of data protection classifications as identification of data that is particularly worthy of protection with redundant backup through the easily understandable checking of the permissions situation, puts data managers under the obligation to take responsibility for the fulfillment of compliance requirements.<\/p>\n<p>The BAYOOSOFT Access Manager is a proven tool for authorities and public institutions to secure data worthy of protection by means of automated access management, thus ensuring a permanent, audit-proof authorization situation with low operational effort.<\/p>\n<p><strong>Would you like to learn more about the advantages of automated access management?<\/strong><\/p>\n<p>Make an appointment today for an individual product presentation or visit one of our regular webinars. Our experts for access management will be happy to introduce the <a href=\"https:\/\/www.accessmanager.net\/en\/modules-features\/modules\/\">BAYOOSOFT Access Manager<\/a> to you personally:<\/p>\n<\/div><\/section>\n<div id='avia-messagebox-' class='avia_message_box av_notification av-ljfl2bqn-a0b8fe4d29a867847da3d234c5077654 avia-color-blue avia-size-large avia-icon_select-no avia-border-  avia-builder-el-4  el_after_av_textblock  el_before_av_textblock ' ><span class='avia_message_box_title' >Note<\/span><div class=\"avia_message_box_content\"><p>We are currently experiencing problems with our forms. If you receive an error message, please send an email with your request directly to sales@accessmanager.net<\/p>\n<\/div><\/div>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><div class=\"wpforms-container wpforms-container-full\" id=\"wpforms-7963\"><form id=\"wpforms-form-7963\" class=\"wpforms-validate wpforms-form wpforms-ajax-form\" data-formid=\"7963\" method=\"post\" enctype=\"multipart\/form-data\" action=\"\/en\/wp-json\/wp\/v2\/posts\/7953\" data-token=\"1890e8d54662162e23c6600df689e0e8\" data-token-time=\"1778046264\"><noscript class=\"wpforms-error-noscript\">Please enable JavaScript in your browser to complete this form.<\/noscript><div class=\"wpforms-field-container\"><div id=\"wpforms-7963-field_1-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"1\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_1\">First Name <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7963-field_1\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][1]\" required><\/div><div id=\"wpforms-7963-field_2-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"2\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_2\">Last Name <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7963-field_2\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][2]\" required><\/div><div id=\"wpforms-7963-field_3-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"3\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_3\">Company <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7963-field_3\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][3]\" required><\/div><div id=\"wpforms-7963-field_4-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"4\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_4\">Position<\/label><input type=\"text\" id=\"wpforms-7963-field_4\" class=\"wpforms-field-large\" name=\"wpforms[fields][4]\" ><\/div><div id=\"wpforms-7963-field_5-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half wpforms-first\" data-field-id=\"5\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_5\">E-Mail <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7963-field_5\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][5]\" required><\/div><div id=\"wpforms-7963-field_7-container\" class=\"wpforms-field wpforms-field-text wpforms-one-half\" data-field-id=\"7\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_7\">Phone <span class=\"wpforms-required-label\">*<\/span><\/label><input type=\"text\" id=\"wpforms-7963-field_7\" class=\"wpforms-field-large wpforms-field-required\" name=\"wpforms[fields][7]\" required><\/div><div id=\"wpforms-7963-field_9-container\" class=\"wpforms-field wpforms-field-select wpforms-field-select-style-classic\" data-field-id=\"9\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_9\">Preffered Contact Method<\/label><select id=\"wpforms-7963-field_9\" class=\"wpforms-field-large\" name=\"wpforms[fields][9]\"><option value=\"E-Mail\"  class=\"choice-2 depth-1\"  >E-Mail<\/option><option value=\"Phone\"  class=\"choice-1 depth-1\"  >Phone<\/option><\/select><\/div><div id=\"wpforms-7963-field_10-container\" class=\"wpforms-field wpforms-field-textarea\" data-field-id=\"10\"><label class=\"wpforms-field-label\" for=\"wpforms-7963-field_10\">Questions or Comments<\/label><textarea id=\"wpforms-7963-field_10\" class=\"wpforms-field-large\" name=\"wpforms[fields][10]\" ><\/textarea><\/div><div id=\"wpforms-7963-field_11-container\" class=\"wpforms-field wpforms-field-checkbox\" data-field-id=\"11\"><ul id=\"wpforms-7963-field_11\" class=\"wpforms-field-required\"><li class=\"choice-1 depth-1\"><input type=\"checkbox\" id=\"wpforms-7963-field_11_1\" name=\"wpforms[fields][11][]\" value=\"I hereby confirm that I agree with the processing of my data according to the data protection declaration. *\" required ><label class=\"wpforms-field-label-inline\" for=\"wpforms-7963-field_11_1\">I hereby confirm that I agree with the processing of my data according to the data protection declaration. *<\/label><\/li><\/ul><\/div><\/div><!-- .wpforms-field-container --><script type=\"text\/javascript\">\n(function ($) {\n    \/\/ fires when something is accepted in cookiebot\n    window.addEventListener('CookiebotOnAccept', function (e) {\n        \/\/ check if marketing cookies are excepted\n        \/\/ remove notice and enable submit button in that case\n        if (Cookiebot.consent.marketing) {\n            $('.missing-cookie-notice').hide();\n            $('.wpforms-submit').removeAttr('disabled');\n        }\n    }, false);\n    \n    \/\/ disable submit buttons and show cookie-notice if\n    \/\/ marketing cookies are disabled\n    if (!Cookiebot.consent.marketing) {\n        $('.missing-cookie-notice').show();\n        $('.wpforms-submit').attr('disabled', true);\n    }\n})(jQuery);\n<\/script>\n \n<div class=\"missing-cookie-notice\" style=\"display: none\">\n    Please accept marketing cookies to submit the form.<br \/>\n    Click <a href=\"javascript: Cookiebot.submitCustomConsent(Cookiebot.consent.preferences, Cookiebot.consent.statistics, true)\">here<\/a> to allow marketing cookies.\n<\/div><div class=\"wpforms-field wpforms-field-hp\"><label for=\"wpforms-7963-field-hp\" class=\"wpforms-field-label\">Message<\/label><input type=\"text\" name=\"wpforms[hp]\" id=\"wpforms-7963-field-hp\" class=\"wpforms-field-medium\"><\/div><div class=\"wpforms-recaptcha-container wpforms-is-recaptcha wpforms-is-recaptcha-type-invisible\" ><div class=\"g-recaptcha\" data-sitekey=\"6LdMjMgUAAAAAFhVg_MGHWhEb3w1gUMEb9i8tiDV\" data-size=\"invisible\"><\/div><\/div><div class=\"wpforms-submit-container\" ><input type=\"hidden\" name=\"wpforms[id]\" value=\"7963\"><input type=\"hidden\" name=\"page_title\" value=\"\"><input type=\"hidden\" name=\"page_url\" value=\"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/7953\"><input type=\"hidden\" name=\"url_referer\" value=\"\"><button type=\"submit\" name=\"wpforms[submit]\" id=\"wpforms-submit-7963\" class=\"wpforms-submit\" data-alt-text=\"sending...\" data-submit-text=\"Request Appointment Now\" aria-live=\"assertive\" value=\"wpforms-submit\">Request Appointment Now<\/button><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.accessmanager.net\/wp-content\/plugins\/wpforms\/assets\/images\/submit-spin.svg\" class=\"wpforms-submit-spinner\" style=\"display: none;\" width=\"26\" height=\"26\" alt=\"Loading\"><\/div><\/form><\/div>  <!-- .wpforms-container -->\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837\">\n.av_font_icon.av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837 .av-icon-char{\nfont-size:20px;\nline-height:20px;\n}\n<\/style>\n<span  class='av_font_icon av-av_font_icon-0ad1180e30dbd834994aaf2c34bba837 avia_animate_when_visible av-icon-style- avia-icon-pos-right av-no-color avia-icon-animate'><span class='av-icon-char' aria-hidden='true' data-av_icon='\ue81e' data-av_iconfont='entypo-fontello' ><\/span><\/span>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><a href=\"https:\/\/www.accessmanager.net\/datenschutzerklaerung\/\">Privacy Policy<\/a><\/p>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":39,"featured_media":7153,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[62,76,63],"class_list":["post-7953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-editorial-en","tag-dsgvo-en","tag-eu-dsgvo-en","tag-reapproval-en"],"_links":{"self":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/7953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/comments?post=7953"}],"version-history":[{"count":11,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/7953\/revisions"}],"predecessor-version":[{"id":16585,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/posts\/7953\/revisions\/16585"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/media\/7153"}],"wp:attachment":[{"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/media?parent=7953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/categories?post=7953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.accessmanager.net\/en\/wp-json\/wp\/v2\/tags?post=7953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}