How to prevent permission bloat: Overlooked and hidden access>
Help Net Security – Tom Mowatt
Below I have detailed four possible actions that you can take to prevent permission bloat. Access governance (AG) is a process that allows organizations to govern who has access to what and is primarily aimed at reducing the risks presented by employees with too many permissions. It does so by enforcing access rights according to usersâ designated role/job function. By using a service automation solution, IT can now directly send the access request (for whatever resource or application needed) to the correct decision maker/manager for quick approval. That individual approves or denies the request, and access is granted/denied accordingly. This process removes the uncertainty, risk of human error, and potential compliance violations out of the equation. When your organization fails to follow the principle of least privilege, you are not only creating a major security risk within the organization, you are also exposing yourself to regulatory compliance violations and causing an unnecessary tangled and cluttered IT environment. Implementing an identity and access management solution that provides logged reports of any changes made to an employeeâs permissions over time is another prime example of being preemptive and not reactive.
Link: https://www.helpnetsecurity.com/2020/05/05/prevent-permission-bloat/