WordPress Websites for Engineers: Elevate Your Brand
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint - Riga Nov2011
1. Access Governance in Windows Environments
AN OPEN DOOR MAY TEMPT A SAINT
28.11.2011
2. 65% 80%
of employees have of data loss originates
unrestricted access to from within the
sensitive data company
28.11.2011
3. AND LEAD US NOT INTO TEMPTATION
Opportunity makes a thief
• Crime rates are significantly influenced by opportunity
• Most criminals „drift“ into misconduct, are not deeply motivated
• The avoidance of risk of detection and effort determine the target
Don‘t neglect an essential process
• Information regarding Active Directory rights structures is extremely difficult to obtain.
• MS board tools do not provide efficient framework to manage your access rights
• Manual process is error prone and very cumbersome, making it difficult to justify effort
Dynamic scenarios reqire constant oversight
• Fundamental aspect of data security
• Leaving this process unmanaged REAL SECURITY THREAT!
28.11.2011
4. SCENARIOS YOU MAY KNOW WELL
No control of access rights at the data owner level
• Who has rights to access my files, who granted these and why?
• Should the branch department administer rights!? Know-How vs. knowledge
• Responsibility in Business or IT? Abundance of rights vs. Need-To-Know
Requirements from auditors, security or branch departments
• Creation of a list of people with access to specific folders or resources
• Reporting: Where does an employee have access?
• Outsourcing, who has (lost) the overview? Where does „EVERYONE“ have access?
Project / consulting / ”super user” effect
• Users accumulate rights at each stage of their employment cycle!
• Consultants and project worker receive access rights, when do they get withdrawn?
• What happens when people change roles? Rights proliferation on file servers & AD
28.11.2011
5. WHY ACCESS RIGHTS MANAGEMENT?
Transparency Efficiency Responsibility
Rights proliferation on file servers & AD
Where does „EVERYONE“ have access?
Abundance of rights vs. Need-To-Know
Minimize risks Manage rights DataOwner-Principle
Protect essential company data efficiently Join technical know-how and
from internal fraud Automated and efficient special knowledge in one place
processes in IT
Security
Compliance enabled Foundation for IdM Create reports
Building block for certified Understand the existing For auditors, data protection
security (ISO 27001, SOX, situation to enable change officers and data owners
ISO, PCI-DSS, etc.)
28.11.2011
6. PROPER AD MANAGEMENT IS ESSENTIAL
Access to file
servers &
Policies/Templates SharePoint
AD
Groups
Access to
Resources
(printers/copiers)
Access to
Applications
28.11.2011
7.
8. WHAT IS 8MAN?
A fully integrated software solution for the management of Active
Directory, file server and SharePoint access rights
8MAN delivers INFORMATION on the currently existing and
historical access rights at a glance
8MAN provides written DOCUMENTATION of these rights to
interested parties in an easy to understand format
8MAN enables ADMINISTRATION of these rights to resolve
unsecure situations and administrative flaws
Administration – Information – Documentation
A.I.D.-MAN -> 8MAN
28.11.2011
10. 8MAN = AID-MAIN
ADMINISTRATION – INFORMATION - DOCUMENTATION
28.11.2011
11. Steven Bennett
protected-networks.com
1 Stanhope Gate, Camberley, Surrey, GU15 3DW
s.bennett@protected-networks.com
www.protected-networks.com
access rights
under control
28.11.2011