We all know someone with access creep
Post by Glenn Folkes, Regional Sales Director
In every organisation there’s people who’ve accumulated access to so many systems, that they can help you with almost anything. Order provisioning, credits, write-offs, approvals, you name it. We’ve all heard it before, ‘If you ask ‘Jason, he can help you with that’.
The problem is however, that Jason’s ‘Access creep’ creates a number of security and regulatory issues around separation of duties, malicious insider threat, credentials theft, sensitive data exposure and potential system breaches.
No surprise then that employee lifecycle management failures like Jason’s are also the #1 way organisations get owned. Access accumulation like Jason’s allows malicious actors to infiltrate even deeper into operational or information systems, with the potential to cause even greater harm. All because his access entitlements no longer match his role.
This is incredibly common, and it isn’t Jason’s problem.
Intuitively we all know how this happens. Jason has been with the organisation for so long and done so many different roles he’s accumulated access, and nothing has ever been revoked.
Role changes happen so frequently, that team leaders and IT can’t keep up with the pace of change. The IT team have no way of pulling together a holistic view of access and wouldn’t know what systems are appropriate for a person’s role. If the IT model is outsourced, the business often have no visibility of who has access to anything.
That’s where RightCrowd IQ comes in. The application focuses on analysing who has access to your systems and critical information. Users can instantly assess access across your systems and quickly determine where further investigation or remediation is required.
So while Jason is now a whole lot less useful backdoor tasks, he’s also a lot less of a risk to the business.
As always I’d be happy to chat about how we can help you protect Jason.