The strength of regular access reviews

Netwrix, a cybersecurity vendor that makes data security easy, asked 590 IT pros whether and how they review user access permissions. The survey found that 90 per cent of organisations either already periodically review access entitlements or plan to start doing so within three years.

  • 2 years ago Posted in

However, most respondents (81 per cent) admit that they perform access reviews manually.

“Manual review is the most unreliable and time-consuming way of keeping permissions up to date,” says Joe Dibley, security researcher at Netwrix. “An email or instant message from some department head confirming access rights usually satisfies neither internal nor external auditors. Moreover, this approach increases the chance of human error — it’s too easy to forget about someone’s answer or miss the email altogether.”

Moreover, in 41 per cent of organisations, IT teams review user access rights not only manually but on their own, without involving business users at all.

“IT teams generally are not in a position to know exactly who needs what access to which IT resources. As a result, the organisation not only does fail to properly enforce least privilege, but the helpdesk is overwhelmed by requests from business users and data owners to update access rights,” comments Dibley.

The respondents who already have a dedicated tool for reviewing user access rights were then asked what they consider to be the biggest benefit of that solution. 49 per cent of them named risk reduction and 28 per cent chose time-savings.

“Automating access reviews reduces cybersecurity risks directly, by ensuring regular update of users’ rights — and indirectly as well: eliminating manual tasks frees up IT teams to focus on other critical activities, like investigating security incidents before they turn into breaches,” adds Dibley.

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...