Identity & access management is the most important key factor in managing security, but it falls short when applying the same solution to all the enterprise data.
- The major gap in unstructured data (files, emails, etc)
End users storing the data into various places like file shares, share point where we don’t have centralized IAM solution to monitor the user identity & access portion.
- No single application for IAM to connect to, because end users are storing the data onto their own project application, O365 application storage, Microsoft one drive for storing the data. So IAM is missing the connection between AD users/groups and the folder and mailbox ACL’s
Solution to overcome these blunders.
- Eliminate data that are no longer being used
- Quarantine, archive and delete the stale data – It should be accessed only by backup admin or archive administrator.
- Remediate the inappropriate ACL’s
- Remove access to universal groups – this would be restricting access to all sensitive, non-sensitive data. Because some AD groups contain many attributes which permit the access to critical data
- Identify the data owners and perform data classification to ensure that critical data are secured
- Audit user activity and detect suspicious behavior
- Enforce least privileged access
- Avoid granting mirror access