Verify proper permission levels for each user in your organization.

by | Aug 13, 2019 | IT Security

There is nothing more frustrating in the network security business than to see a business network with administration permissions granted to a random bunch of employees.

When we say “random,” it is because it is rather common to see that administration access privileges have been, at one time or another, granted to various people in the organization for various reasons, all of which might have made sense in the moment. For example, maybe it was an IT administrator that quit or got fired, and someone else needed to step into the role temporarily while the position waited to be filled. That moment of necessity, however, passed away months or years ago when a new person came into the position, but the privileged access given to the interim employee still remains.

When we say that a “bunch” of employees are granted unwarranted permissions, it is because access privilege should only be entrusted to those who need it. Top-level access, especially, should be entrusted to only one. The access level of any employee should relate to those tools needed to be successful in that position in the company, and often companies do not tier the access levels appropriately. Having multiple access credentials floating around with people who do not need them dramatically increases the opportunities for your system to be hacked. Also, it is critical to ensure that former employees do not continue to have access to the network. Overlooking this important element of security has brought nasty consequences to many businesses.

What solves permission problems for a business network?

Put into play some serious, and enforceable, network access and usage policies.

The security of your network has everything to do with the policies that govern it. Implementing sound data governance practices will involve the following:


    1. Identify which employees/users need access to what resources.

      Ensuring that your employees have access to what they need to do their job efficiently, while protecting data and applications unnecessary to their job performance, will streamline network operations. Besides creating clearer and cleaner network traffic for the sake of visibility and security of network operations, there are other added benefits to doing this. For instance, it can prioritize bandwidth activity, so that preference is given to more mission critical activity.  This is especially important in hospital networks, law enforcement networks, and the like.

    2. Utilize a policy management system.

      Have in place a network architecture and management software that helps you keep track of permissions and policy goals, and automate them as well. This will better manage your business workflows while it also secures it.

      A. Keep inventory of defined roles.

      B. Keep track of the provisioning of system resources.

      C. Easily manage onboarding of new employees and offboarding those who have left the firm.

    3. Reduce Network complexity.

      With the help of a good policy management system, you will have addressed this. The opportunities available for network breach is directly related to the complexity of the system. Streamlining network applications and operations will reduce risks.

Prioritizing the employment of an efficient policy management system will not only help secure your network, but it will make it so much more efficient. There are many security measures you can implement for your network that you may not get to appreciate until they day of attack, but this is one measure where you can really enjoy the cost savings that come from a network that is more organized and efficient, allowing users to work more productively and with fewer system holdups.

If your business needs help and has questions regarding role-based access control, (RBAC), we would be glad to answer your questions. Contact us 281.651.2254 or email us here.

Hybrid VDI - Total Economic Impact of VMWare End User Computing