EBX
BUSINESS TRENDS Bullet EUROPEAN COMMISSION NEWS Bullet LAW Bullet LOBBYING Bullet BUSINESS TRAVEL & LIFESTYLE Bullet CULTURE Bullet PEOPLE Bullet BLOG Bullet EBX RECOMMENDS Bullet Facebook - European Business Express Twitter - European Business Express YouTube Channel
EBX
Business Insight
 
Weather Reports
  EBX  
 

EBX NEWS - Live Updates
 
 
 
 
Share
 
'Least Privilleged Access' - Apply The Principle
 

"With nearly every facet of large enterprises' operations now dependent on or supported by automated systems, risks related to unauthorised or inappropriate access to these resources can appear anywhere within an organisation at any time and spread rapidly through the business," writes Brian Cleary, Vice President of Products and Marketing at Aveksa.

“All it takes is a single person with the wrong access and the impact to an organisation can be substantial. The potential cost to the business in terms of lost revenue, increased expense or damage to the corporate brand and reputation can be quite sizable.

"Valuable corporate intellectual property such as a company's trade secrets, design plans and customer database are highly sensitive information resources that are critical to the success of businesses and need to be protected."

"To avoid loss of corporate intellectual property, organisations must adopt the principle of least privileged access, which ensures that users have no more access than the minimum required to do their job. Organisations must also have a system for making sure that changes to users' access are made promptly when their role within the organisation shifts.

"It is not unusual, for example, for employees to accumulate unnecessary access privileges as they are promoted, transferred or put on loan to another department within the organisation. Users that drag entitlements from previous job roles that are not needed in their new role may create toxic combinations of access that often result in segregation-of-duties violations or create other business risks.

Monitor, Manage, Mitigate

"It is essential to monitor, manage, and mitigate access-related risk throughout the enterprise with a fully automated technology platform. Most large enterprises already have a set of policies designed to ensure that proper oversight of system access is maintained. But in many cases, these policies have not been fully operationalised. As long as they reside in three-ring binders and are not instantiated into daily operating practice and procedure, the policies are not likely to be enforced consistently.

"Automation is the key to driving comprehensive access risk management into the DNA of the enterprise. The right solution requires a strategic approach to access governance based on auditable business processes that enable line-of-business managers and information security, audit, and compliance teams to collaborate while ensuring accountability and visibility. With such a system in place, a large enterprise will be well on its way to managing the business and regulatory risks of inappropriate access to its information resources."
 
 
 

EBX
 
Advert 1
EBX
.About Us > Advertise With EBX > Terms & Conditions > Disclaimer > Privacy Policy > Copyright © EUROPEAN BUSINESS EXPRESS 2011 >  'EUROPEAN BUSINESS EXPRESS' is a Trademark >