When a person starts an employment relationship, he or she is granted access to all data systems related to his or her role at once.
The organization implements role-based access control with predefined access roles for the various protected assets that entitle access to the associated asset. Strictness of the access roles should reflect the security risks associated with the asset.
The following should be considered to support access management:
The organization maintains a centralized record of the access rights granted to each user ID to data systems and services. This recording is used to review access rights at times of employment change or in the onboarding process of new colleagues joining the same role.
On average, the IT administrator estimates that staff use about 50 cloud services when the actual number is 1,000. Many of these are important for staff productivity and are used outside the organization’s network, so firewall rules do not solve the challenge.
Systems that focus on identifying and managing cloud services allow you to identify the cloud services used by your staff and monitor users of different services. This helps e.g.:
Before granting access rights to data systems with confidential information employees have: