85% of business data is unstructured, an amount of data that doubles every 90 days. This data comprises the vast majority of digital business assets, so ensuring that access is controlled and governed by business “need-to-know” is imperative. A key part of that is recognizing security issues with your permissions and tracking ownership to reduce risk, remediate security issues and put necessary controls in place.
Here are the typical entitlement issues that are high risk to your business:
- Non-standard access: a bucket of users including non-admin groups with full control, users directly permissioned and users with full control. This access is provided in a way that breaks best practices. [Additional reading: Do you know what kind of account roles you have?]
- Open access: users with open access group permissioned, a major security issue where everyone in the company has access to data. By default, these groups are “Everyone”, “Authenticated Users”, and “Domain Users.” AD Groups with the Domain Users group as a member are also included as open access groups. [Additional reading: You’ve found open access, now what?]
- Excessive access: The number of folders that have more than a configurable threshold of users with access.
Conducting regular entitlement reviews across all accounts permissioned (all users and behaviors, NOT just specific groups) will give you the full scope of your risk profile. Being able to discover the entitlement issues that exist in your environment can help mitigate against a potential breach or security vulnerability.