Loading
BAYOOSOFT
  • Management Solutions
    • IT-Security
      • Access Manager
      • gpg4o
    • MedTech
      • BAYOOSOFT Themis
      • Risk Manager
      • MEDiLEX
    • Telesolutions
      • HospiX
  • About us
    • BAYOOSOFT
      • Software Made in Germany
      • The Co-thinker Team
      • Contact Us
    • News & Events
      • News
      • Events
      • Success Storys
    • BAYOONET Group
      • BAYOOTEC
      • BAYOOMED
  • Jobs & Career
  • Shop
  • Search
  • Menu

Authorisation concept: Best practice recommendations

An omnipresent topic for companies is the question of IT security. Which employees really need access to certain sectors and (sensitive) data? What does effective protection against sabotage or hacker attacks look like?

The German Federal Office for Information Security (german: BSI) recommends that critical infrastructures (CRITIS) have access controls – physical and logical – among other things. A suggestion that is also relevant for companies without KRITIS classification.

With a view to IT security, an authorisation concept is therefore needed that makes access comprehensible, protects against internal and external attacks and at the same time supports IT administration in a resource-saving way. What aspects should you consider when designing such a concept?

  • Establish formal processes

    How do employees obtain new authorisations? And how are authorisations handled when employees leave the company or the department? Establish a formal process that regulates the allocation of authorisations and how these are documented. Check whether additional measures, such as protective instructions, are necessary for highly sensitive data.

  • Designate responsible persons

    Assign responsibility for access rights to (sensitive) data to authorised persons. These persons formally decide which employees need access, following the need-to-know principle. Only after approval by these persons are the authorisations technically implemented.

  • Permissions at directory level and via AD groups

    Avoid granting permissions to individual files. Instead, use a directory level where full access is not granted if possible. Aim for authorisation management via AD groups instead of favouring individual users. In combination with authorisation hierarchies that are as flat as possible, this ensures administrability.

Three best practice steps that your authorisation concept should include. But before you establish this in your company, it is worth taking a look at your current authorisation structure. Check: Are there historically grown authorisation structures?

Large amounts of unstructured data accumulate in the form of documents and files and the file server structure is becoming increasingly unclear. Who has which authorisations? If there is no overview, a security gap is created.

Reasons for an opaque authorisation structure can be:

  • Restructuring within the organisation
  • Change of technical platform, persons and areas of responsibility
  • Manual errors in the allocation of authorisations
  • Permanent manifestation of provisional interim solutions
  • Missing documentation or documentation that deviates from the technical conditions
  • Changing requirements for data access

Good to know

The analysis tool NTFS Permission Analyzer helps you to determine the current ACTUAL state of the NTFS permission situation on your file servers. Especially if you are confronted with historically grown permission structures, a file server migration is pending or a restructuring of the file servers is to be carried out, the NTFS Permission Analyzer is a reliable tool to gain an overview in a simple way.

At the same time, the NTFS Permission Analyzer also prepares the first step on the way to future automated authorisation management via the Access Manager.

test now for free

Implement the authorisation concept: Which software tool supports you in which way?

The secure administration of authorisations succeeds with a software solution that supports the IT administration. This is the only way to establish authorisation allocation in the long term,

To what extent a software solution should support the creation of a new concept is a decision for the administration. When making a choice, it helps to clarify internally: What level of support do we want to use and how much should be implemented automatically in the future? You have the choice between tools for the simple evaluation of the existing situation up to a fully comprehensive automated authorisation management, which are specifically aimed at end users and data managers.

The technical implementation is carried out completely via the system, so that no IT background knowledge is required for use. In this way, authorisations can be granted in a user-friendly and comprehensible way by means of self-service.

The aim of automated authorisation allocation by means of self-service is to shift the responsibility for and processing of authorisation processes away from IT administrators to the data managers. Only if authorisations are no longer granted “bypassing the system”, but via the application and release workflows provided for this purpose, can the defined target state be maintained in the long term.

You would like to get to know the BAYOOSOFT Access Manager directly?

The automated and secure self-service solution supports you in authorisation management and offers you the right tool for NTFS analysis.

Sign up for a 30-day TRIAL.

test now
Sounds interesting? Share our post
  • Share on Facebook
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Latest News

  • Cybersecurity, Identity and Access ManagementHow IT security advances digitalization20. September 2023 - 16:40
  • Klinische Bewertung von MedizinproduktenClinical evaluation of medical devices and in vitro diagnostics: Why it is so important15. September 2023 - 16:40
  • Ultrasound medical deviceMDR transition: Save time with complete technical documentation17. August 2023 - 12:50
Contacts at BAYOOSOFT 

Svenja Winkler
CEO
[email protected]

 

 

Franziska Weiß
Head of Sales
[email protected]

Darmstadt
Lise-Meitner-Straße 10
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München

Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Product Specific Inquiries: via Contact Form
Contact: [email protected]
Jobs: [email protected]
Press: [email protected]

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

Contact support
  • Privacy Policy
  • Legal
authorisation management with need-to-know-principle What does the NTFS do?
Scroll to top