This time of year is always exciting. The seasons change (depending on where you live), commercial buying season ramps up, and shopping lines resemble those of an amusement park in summer. The year is coming to an end, and we are busy shopping, making holiday preparations, traveling, and coming together with family to eat, exchange gifts, and be merry.
I’d wager access rights management doesn’t have a top spot on your holiday list. That’s ok. The topic doesn’t exactly exude that cozy holiday feeling. On the contrary, it might make you slightly uncomfortable.
Most IT environments consist of tens, hundreds, or even thousands of servers. Those servers have thousands to tens of thousands of folders, groups, and paths. How can you really know who has access to what? Is your data safe? You have, no doubt, installed security monitoring and protection solutions to help protect the data in those folders and files. You’ve done everything you can, right? Despite all those protections, you still have users with access—but you don’t know who. You don’t know what. In fact, if someone asked you who has access to what, you probably couldn’t answer. It’s a hard question to field unless you have a solution in place giving you the visibility you need. Of course, if an auditor does ask you to answer these questions, your holidays could be spent digging through folders and directories to compile information and provide answers.
SolarWinds® Access Rights Manager (ARM) helps solve these challenges and more:
- ARM provides a detailed overview of your users’ access rights, allowing you to easily visualize and show where access to resources has been granted erroneously
- ARM enables standardization and automation of access rights, so you can easily apply the appropriate rights to users through templates
- ARM helps demonstrate compliance and prevents insider data leakage by helping you achieve the principle of least privilege and giving you full auditability of user access over time
Let’s dig into this further.
ARM gives a detailed overview of your users’ access rights
The Active Directory group concept is essential for every administrator. These groups grow organically, and after years of existence and use, they often build up to complex group nesting structures. ARM gives you back control over these group structures.
The ARM AD Graph visualizes group structure and depth. Structural problems with these groups become transparent through this visualization.
In addition to the visualization provided by the AD Graph, the ARM dashboard allows a detailed analysis of the group nesting structures and circular nested groups. This enables administrators to work on the weak spots in the AD group structure, establish a flat group structure, and meet Microsoft best practices for group management.
With ARM, the issues related to lack of identifiable structures—or giving permissions to too many or the wrong people/groups—belong to the past. Once the group structure has been optimized, ARM allows you to compare any recorded access rights period with your current structure, and shows changes along with documented reasoning.
ARM enables standardization and automation of access rights
Compliance regulations, such as FISMA, GDPR, SOX, PCI DSS, BSI, and others, require administrators to adopt a high level of responsibility to ensure data is protected. Insider data leakage can cost companies large monetary sums in addition to lost customer, vendor, and reseller trust if data gets into the wrong hands. But it’s not always the headline-making data leak issues that harm companies. Employees leaving a company and taking valuable data with them is almost guaranteed without a cohesive access rights strategy to manage, control, and audit user rights—for users throughout the whole company.
ARM standardizes access rights across users and gives administrators a comprehensive tool to define, manage, monitor, and audit user access to resources across Active Directory, Exchange, SharePoint, and all your file servers.
ARM empowers administrators to predefine certain roles within the company, efficiently grant or deny rights with one click, and display all higher-level permissions in an easy-to- monitor overview. These different roles can be assigned a data owner (e.g., for department heads) to distribute control for managing access to resources the data owner is responsible for. In addition, this establishes a mindset of distributed access rights control to help ensure users with accurate access rights knowledge are granting and/or denying access appropriately.
Data owners, team leads, and IT professionals can be granted access to change personal information about a user, create or delete user accounts, reset passwords, unlock user accounts, or change group memberships centrally from within ARM. This allows the duties and tasks around access rights management to be shared while following standards to ensure full auditability.
ARM helps demonstrate compliance and prevents insider data leakage
Threats can emerge from the outside as well as the inside. Insider abuse can be a leading cause of data leakage. Of course, it’s not always a malicious insider; in many cases, data leakage is caused by negligent users who have access to resources, and are either compromised or take actions that inadvertently lead to data leakage. ARM takes special care to audit all changes within the ARM Logbook. The Logbook report enables admins and auditors to report on events and persons as needed to support investigations or auditor questions.
ARM also includes automated reports designed to meet regulatory compliance initiatives, such as NIST, PCI DSS, HIPAA, and GDPR. The flexible reporting views allow you to ask questions to quickly generate a report, which can be exported in an audit-ready format.
As mentioned earlier, ARM allows access rights management to be delegated to assigned staff members—placing control of the access rights assignment with the data owners that know their data. Changes made by these data owners are also audited so nothing goes unmonitored. ARM is designed to make your job easier—it helps you answer the questions you need to answer.
ARM is our gift to you this holiday season. It aligns with the SolarWinds mission to make your job as an IT technology professional easy. With Access Rights Manager, we make security easier too; we call it security simplified. If you are thinking of what you can do for yourself this holiday season, consider SolarWinds Access Rights Manager. It could turn out to be the gift that keeps on giving.