Loading
BAYOOSOFT
  • Management Solutions
    • IT-Security
      • Access Manager
      • gpg4o
    • MedTech
      • BAYOOSOFT Themis
      • Risk Manager
      • MEDiLEX
    • Telesolutions
      • HospiX
  • About us
    • BAYOOSOFT
      • Software Made in Germany
      • The Co-thinker Team
      • Contact Us
    • News & Events
      • News
      • Events
      • Success Storys
    • BAYOONET Group
      • BAYOOTEC
      • BAYOOMED
  • Jobs & Career
  • Shop
  • Search
  • Menu

Need-to-know vs. scattergun approach: the right choice for authorisation management

Operational resources are scarce in many companies. This makes it all the more important to use the available capacities sensibly. For example, authorisation management for file servers, SharePoint, Active Directory and objects in third-party systems is a permanent task for those responsible. This is because personnel and structural changes in the company require constant maintenance. Above all, this ties up a large number of operational resources.

By automating authorisation management, efforts can be reduced, while at the same time data security and transparency are increased.

But first: How does authorisation management succeed in the face of personnel and structural changes? What exactly is meant by the scattergun approach. And what does the need-to-know principle have to do with it? We present it to you.

IT administrators are regularly faced with the task of adjusting personnel and structural changes within the company. Authorisation situations are readjusted on a fine-granular level. Research, coordination and adjustment work tie up considerable resources in the decision-making process by those responsible for data and the implementation in the operational area.

The scattergun approach is often applied. This means the generous allocation of authorisations within the company. System access is granted, for example, at the departmental level or through the use of comparative users with similar areas of responsibility. In this way, the new authorisation set is roughly determined.

Example: If an employee changes the area of responsibility, in theory numerous permissions in the file system, SharePoint or on applications are withdrawn, granted or changed. This is the only way to comply with the need-to-know principle.

The technical implementation is usually done by the IT administration, which manually manages the corresponding Active Directory groups. Instead of the need-to-know principle, the scattergun approach is often used as the basis for assigning new authorisations.

Problems of scattergun approach

  • Necessity brings it: Unclear authorisation situations force the IT administration to use comparison users when granting access
  • Individual authorisations are often unintentionally taken over from comparison users
  • Internal departmental and task changes, which, for example, require new authorisations but make existing ones superfluous, are not taken into account
  • An organisation-wide restriction of individual access rights leads users to unconventional (usually insecure) forms of data exchange

Which existing permissions can be removed? In practice, this decision is often difficult for those responsible. The result can be that permissions that are no longer needed are not removed because of the time-consuming distinction.

Need-to-know-principle

Who needs to be able to access which data? And who does not need the knowledge that can be gained from this data? The need-to-know principle simply asks these questions. After all, data protection is also necessary within a company to protect against sabotage, among other things. In the case of highly sensitive data, it should also be checked whether there is a protection instruction.

Automated authorisation management: advantages for data controllers

An efficient solution offers the automation of authorisation management in order to establish the need-to-know principle in an uncomplicated way.

The technical implementation of approved authorisations is taken over completely by the system through a software solution – and without further involvement of the IT administration. Continuous monitoring of the existing authorisation structures in Active Directory, the file system and SharePoint ensures that only deliberately created, audited authorisations exist in the IT systems.

Thanks to the complete automation of the technical implementation, authorisation management lies directly with those responsible for the data.

  • Overview

    A clear and easy-to-understand presentation facilitates the process

  • Comprehensibility

    They receive necessary information without technical background knowledge

  • Independence

    The IT administrators do not need to be involved

  • Transparency and auditability

    The management of responsible resources can be carried out in a transparent and audit-proof manner

Our solution: The BAYOOSOFT Access Manager

Profile-based permissions

How can you deal with personnel changes? The profile management in BAYOOSOFT Access Manager supports you with the possibility of mapping organisational structures (e.g. department and activity assignments) as user profiles in the system.

In case of a change of the employment area, only an adjustment of the profile by responsible persons is necessary. This is because a profile is created for users and authorisations on resources.

Good to know

Employees can also apply for individual rights via the integrated self-service portal. When new staff members start in a department, they receive the team’s profile membership and thus all the necessary rights.

Comparison users are not used. This prevents the transfer of individual profile assignments to other people.

With the possibility of creating start and end dates for the authorisations, a slow transition can be made possible if the profile memberships overlap at times. When the set key date arrives, the system automatically implements the desired change.

It is ensured that users only receive the authorisations they really need. It is documented in an audit-proof manner when and by whom authorisation was granted and changes were made.

test now

Authorisation for third party systems

Serverraum

In addition to permissions on directories in the file system or SharePoint objects, the 3rd party management module of the BAYOOSOFT Access Manager also structures permissions based on Active Directory groups in profiles. Whether required printer shares, drive mapping or application rights – in case of changes, access rights can be combined or requested and approved as individual rights.

This development towards an automated access management solution makes it possible to organise all necessary Active Directory-based authorisations directly by the departments.

Comprehensive reporting presents the current access rights in a clear and comprehensible way, even for people without IT background knowledge. Historical reports can also be used to trace the authorisation status on a key date in the past.

Connection to HR systems

Which employee is joining the company, changing departments or leaving? HR relevant information from existing software systems can be used to automatically adjust profile memberships. This results in

  • Relief

    Reduction of efforts and support activities for IT administration

  • Focus

    Reduce the manual efforts of data managers and focus on individual user authorisations

  • Transparency

    Increase transparency about the entitlement situation

  • Data security

    Strengthening awareness for data security in the departments

You would like to get to know the BAYOOSOFT Access Manager directly?

The automated and secure self-service solution supports you in authorisation management and offers you the right tool for NTFS analysis.

Sign up for a 30-day TRIAL.

test now
Sounds interesting? Share our post
  • Share on Facebook
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Latest News

  • Cybersecurity, Identity and Access ManagementHow IT security advances digitalization20. September 2023 - 16:40
  • Klinische Bewertung von MedizinproduktenClinical evaluation of medical devices and in vitro diagnostics: Why it is so important15. September 2023 - 16:40
  • Ultrasound medical deviceMDR transition: Save time with complete technical documentation17. August 2023 - 12:50
Contacts at BAYOOSOFT 

Svenja Winkler
CEO
[email protected]

 

 

Franziska Weiß
Head of Sales
[email protected]

Darmstadt
Lise-Meitner-Straße 10
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München

Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Product Specific Inquiries: via Contact Form
Contact: [email protected]
Jobs: [email protected]
Press: [email protected]

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

Contact support
  • Privacy Policy
  • Legal
Our new Whitepaper: Best Practices Ein Mensch sitz vor drei Bildschirmen und tippt etwas auf der Tastatur Authorisation concept: Best practice recommendations
Scroll to top