7 Reasons to Review Your Permissions in Your Key Management Infrastructure
Imagine making a dozen copies of the keys to your house, labeling those keys with an address, and handing them to the first 12 strangers you see. You wouldn’t, would you?
But say someone who had a copy of your house key decided they wanted to widely disseminate it. Could you stop them? Should they have had the key in the first place? Unwittingly, companies that do not regularly control and review permissions, by which we mean access to specific information and actions, run the risk of stirring access with malevolence—handing the keys to the kingdom to the wrong person.
The top seven reasons your organization might want to review its permissions infrastructure:
- 1. Less is more. The more who have access to secure data and processes, the less protected they are. Remember the old adage “sharing is caring?” Forget that! When it comes to cyber security and key management, sharing too much is reckless. IT professionals try to adhere to the principle of least privilege, which is a fancy term for: provide only the permissions necessary for a user to do his or her job—no more, no less.
- 2. Strong security requires strong maintenance. The winds of change weather security infrastructures. People change. Positions change. Compliance mandates change. Savvy administrators know that a secure facility does not stay secure for long if they do not update it frequently.
- 3. You don’t regularly audit your current infrastructure. Knowing that your organization is constantly changing means keeping up with the changes. If you’re not changing permissions for employees who’ve been hired, fired, or demoted, then you’re not only risking failure of the real audit; you’re risking a data breach.
- 4. Information is money. Data breaches cost. They cost a lot. Million-dollar breaches are not uncommon, and billions are not out of the question. Permissions play a significant role in protecting information from falling into the wrong hands.
- 5. Evil never sleeps. Because data is so valuable, people with ill intents will continue to develop innovative ways to get in and cash out. Setting permissions carelessly could lead to the gateway thieves seek.
- 6. Accidents happen. From coffee spills on keyboards to unknowingly deleting or modifying a backup database, accidents can happen. Ensuring that people do not have access to processes and data they are not trained to use limits the potential damages of such accidents.
- 7. Your permissions controls are inconvenient, costly, or loose. Sometimes security infrastructures become convoluted and complex, making permissions more difficulty to manage, especially if multiple security providers enter the mix. Futurex products such as the Key Management Enterprise Server (KMES Series) and the Guardian9000 allow for user-friendly, customizable permissions. With the Guardian9000, for example, administrators can define permissions for specific groups, users, and objects, on all connected devices, allowing for the quick control necessary to maintaining a secure key management infrastructure.
Permissions are a small piece of the security fortress. A host of best practices make up a well-protected organization: detailed key management procedures, regular internal audits, and maintaining detailed logs, for example. Nonetheless disaster can spill from the tiniest holes. How do your permissions measure up? Talk to a Futurex Solutions Architect to learn more about permissions or to discuss your security today.