It’s mind blowing to think that there are still myths surrounding the security of the cloud, namely the idea that it’s not secure. But, even with the right ITSM solution, privacy and security isn’t something you can just set and forget. It takes practice and dedication to keep your information out of the hands of insidious individuals.
While security and data protection is an ongoing process, there are ways you can automate all the important aspects of a new employee’s permissions.
State of Modern Enterprise Security
In our State of Productivity in the Workforce study, we surveyed 3,000 working adults, and what we found was damning, particularly in regards to employee participation.
- One in five individuals admitted to downloading an app without ITs knowledge
- Almost one in four individuals said that remembering their password was the biggest technology challenge at work
Having improper security measures is most likely why PWC’s Global State of Information Security Survey 2016 reported that there were 38 percent more security incidents in 2015 than in 2014, “hard intellectual property” theft increased by 52 percent, and security incidents that were related to or caused by employees is still the highest recorded type of breach.
Obviously, we’re a little biased towards the idea that the IT department’s service desk apps are invaluable to the enterprise at large and that other departments can benefit from their processes. That being said, with how prevalent technology is in your organization, cyber security isn’t just the job of the IT service provider — it’s every employee’s responsibility from day one.
The easiest way to drive home the importance of security? Making it a part of the onboarding process. And, thanks to automation, it can easily become a part of your ITSM solution.
The modern enterprise has so many moving technological parts that it can be easy to fail to manage levels of access and ensure that new employees have everything they need, which makes automation even more useful. Automated processes can include:
- Managing user identities — This includes both the capturing and recording of new users.
- Matching employee job titles to permissions — This should be an automated process that is based on the employee’s job title, location and department.
- Determination of permission timing — In other words, should that permission be automatically given on the start date? Does the employee need to complete training before getting access? Will the employee get access rights only with manager permission?
- Automating security requests — If you decide that an employee does need permission for access to data, you can create an automated process that will send a request as needed.
While it’s important to make sure your employee is able to get into whatever data they need to get their job done, what about when they leave?
Raise your hand if you’ve ever had to hand in a key card or some other sort of security access to your old job when you left the company. What about access to the knowledge base?
Tech Target identifies the phenomenon known as “privilege creep” as one of the most common types of security risks in the modern enterprise. It not only applies to employees leaving the company, but also employees that may switch to a different department and acquire new duties, or the failure to ensure that a specific “access level escalation” is removed after it’s no longer needed by the employee. Think of it as unlocking a door for a room that an employee needs something from and then forgetting to lock it again or get the key from that employee when it’s done.
Privilege creep can leave your enterprise vulnerable, so make sure you’re proactive by having an automated off boarding process in place that will make sure that you check off all the boxes for each asset in the departing employee’s possession that could pose a security issue down the road.
Make Security a Cornerstone of Your Business
Don’t let your business be the next headline for a data breach by making sure everyone in your office is well-versed in security from day one. This includes frequent backups, holding workshops on security practices, and performing regular security checks against your apps for potential weak spots. Utilizing the right solution throughout your organization will provide you with an audit trail. That way, you can create a list to see who came and went and narrow down who had access.
About Ryan van Biljon
Read more articles by Ryan