Reducing Risk: Importance of Permissions in Enterprise

What is the one most important thing required to have a real impact on cyber risk?

August 29, 2022

Where risk resolution begins

As inevitable discussions and inquiries about cybersecurity make their way up the corporate ladder from working-level practitioners to senior executives and eventually to the board of directors, questions about information risk are usually very much to the point. Senior corporate executives often ask security experts a bottom-line question such as: “What is the most important thing that is required to have a real impact on cyber risk?”

The answer

While answers to this type of question vary based on circumstance, the most honest responses tend toward the concept of hygiene. This is often surprising to executives who expect to hear about the need for advanced methods like neural networks or behavioral analytics.

References to hygiene are usually connected to the related concept of identity.Security experts agree that identity issues are a main cause of serious breaches. It’s crucial to clean up data, services, and infrastructure in this area. This is a vital requirement for modern cybersecurity, known as identity hygiene. This includes cleaning up permissions throughout the enterprise.

This issue of permissions has been a nagging challenge for security teams for many years, but some good news is that excellent information technology (IT) tools and protection platforms now exist to improve the administrative and operational posture of deployed permissions.

The Platform

SPHERE’s cybersecurity team offers an efficient support platform for enterprise customers to manage permissions.. This ensures that entities can only access resources if they have a proper role or privilege-based justification. And this is truly the one answer that is always included in responses to questions such as those posed above. To reduce cyber risk, enterprises should prioritize managing permissions properly.

Auditors have come to recognize the importance of permissions, as have developers of frameworks such as the NIST Cybersecurity Framework. Audit, compliance, and governance models now routinely include permissions management as critical protection controls to address cyber risk.

Review existing plans to ensure that permissions are appropriately addressed in protection planning. Your existing identity and access management (IAM) platform may help, but we recommend SPHERE to ensure world-class support. Let us know your progress as you take steps to reduce permissions risk through improved identity hygiene initiatives.

Stay in the loop

Join our mailing list and get notified of the latest SPHEREinsights