Problems in managing entitlements

Many companies maintain an Access Control List (ACL). This approach might serve the purpose of restricting access to sensitive information to a limited number of users. Equally important is to ensure that the authentic users have access to all the relevant data. This type of management requires extensive effort to gather information about users, to look at the data flows, and to conduct frequent analyses.

The following questions must be answered while monitoring entitlements in an organization:

Where does user X have access in the network?

When an employee leaves the company or is terminated for serious reasons, it becomes important to identify the risk exposure that the employee contributes.

Where in the network do the members of group X have access?

When a user is added to the group, the user inherits all the permissions that are assigned to that group. These inherited permissions should be audited diligently.

Who has access to the data X?

When all the access grants are finalized, the review of the complete list of read, write, and execute permissions on a regular basis is important.

Who validates that the access grants are appropriate?

Apart from a strong security model for the network, the proof of an ongoing review process is also needed to comply with various government regulations. To serve this purpose, organizations must be able to associate critical data with appropriate business data owners who can validate the access grants.

The approval of the entitlements on a periodic basis is in the core of the entitlements system.

More Information

Creating a review cycle setting