Contain The Chaos - A Simple User Access Management Tool

https://media.sath.io/Person_bb0afc3aa1/Person_bb0afc3aa1.png

Sath Inc

IDHub Team Member

blog-featured-useraccess-management01.jpg

What Are User Access Management Tools? What Have I Been Missing All Along?

It was early Friday morning when I got the request from my boss.

I was working for a small but growing design and development agency, small enough that my boss was the owner.

He'd just gotten the latest expense reconciliation report - he was less than happy.

After looking at the monthly bills, I could immediately understand why.

angy-boss.webp

The company was expanding quickly. Growing meant that users came and went every month, and there was always a new problem or lesson to learn.

The problem/lesson that landed in my lap this week, was about managing user access across a mountain of tools.

The owner was upset after discovering that he'd been overpaying on several software licenses for a few employees long after they had left the company. Then, adding insult to injury, their replacements usually got additional new accounts.

Putting myself in the mindset of the owner that felt the pain directly in their wallet, I completely understood the sting. Of course, the final amount could have been much worse, but as it turned out, it was still nothing to sneeze at.

Don't Be Fooled Like Me: The Task Was Harder Than It Looked

I set out to audit every app we had and every user and their access rights while I was at it.

I looked at each user's rights for every app, admins vs. regular users, sales roles, accounting roles, etc. Unfortunately, I completely underestimated the job, to put it mildly.

Convinced I would finish by lunch, I set out to discover where we kept all this information. As it turned out, all of the data was held in a Google Sheet by our lead Tech Support agent.

As it turned out, the first problem was that the tech had left the company a few weeks earlier.

The new tech was overwhelmed with critical support tasks and trying to get up to speed managing our primary networks and systems.

So, as a Project Manager, I got the job of trying to make sense of it.

sheets.webp

I might have finished that week if the spreadsheet had been kept up to date, and I was only three weeks behind. But that wasn't to be the case.

I quickly discovered the previous owner had not updated the sheet in quite a while.

As a result, we were paying for several unused accounts. Additionally, several applications with access had been modified but not recorded. And there were rights recorded as being current that were not present in the existing software.

Most importantly, I discovered several sensitive applications that were still active that no one had accessed in months.

Sometimes, a user left but kept access to assist their replacements remotely. In others, users stayed on for a while as contractors. In a few others, they simply still needed to be removed.

Before all was said and done, I had to get access to and manually review over 150 separate applications, services, and plugins. I also had to cross-reference all the billing statements to be sure I got everything.

All told, I was able to find and save a little over $2,000 for the owner. But realistically, the company got lucky.

Had the gaping security holes of un-monitored access been compromised, it could have easily cost the company many multiples of the $2,000.

We Were Not Alone: How Many Others Are Making The Same Mistake?

It's been several years since my first introduction to managing user access. However, don't feel bad if my story sounds familiar to your current situation.

I've learned that back then, my previous employer was doing the same if not more, than many larger companies are still doing today.

I'm reasonably concerned Google sheets may be the most commonly used method of managing user access for smaller companies today.

With SMB cyberattacks exploding, this continues to make legions of hackers very happy.

Professional Alternatives: A Ridiculously Better Option

Whether you're using google sheets, a notepad, or just relying on your memory, every company uses some kind of "user access management tool."

Professional user access management tools allow organizations to control and monitor their systems and data access. Only authorized users can access sensitive information and perform specific actions while keeping a record of who accessed what and when.

The importance of user access management cannot be overstated, as it helps organizations comply with regulations, prevent data breaches, and maintain the integrity of their systems.

Specialized tools help businesses work more efficiently by automating granting and revoking access to resources and providing a clear and detailed audit trail of who has access to what and when and how they got it.

A full-featured tool will do much more than keep track of user access. Instead, a complete tool will follow the entire user access lifecycle - from onboarding, changing roles, applying for new rights, assigning predefined processes, and instant terminations.

These are just a few ways access management tools make your life easier.

Unveiling The Components Of User Access Management Tools

The three essential tools that work together to harden your system include a user directory, authorization, and, primarily, identity management.

User Directory

An optional step for many networks is a primary directory of users, such as the industry standard, Microsoft Active Directory (AD), or a distant competitor, something like Jumpcloud.

 

hierarchical-approval.webp

AD is a Microsoft-provided solution that allows businesses to manage user access to Windows-based resources, such as file servers and applications.

User Authorization

Another element to manage logins is a Single Sign-On (SSO) solution. SSO allows users to log in once and access multiple resources without entering their credentials each time.

SSO-Login-Screen01.webp

SSO combined with multi-factor authentication (MFA), significantly helps to reduce the risk of password-related security breaches.

MFA adds a layer of security by requiring users to provide a password and a second form of authentication, such as a fingerprint or text message code. MFA makes it much more difficult for attackers to gain unauthorized access to resources.

User Identity Management

The final and primary key to a user access management tool is a full-featured Identity and Access Management (IAM) platform that cohesively works with all other tools.

IAM-Solution-Logo (1).webp

These platforms integrate with Directories and SSOs to provide a single control point for managing user access to all resources, both on-premises and in the cloud.

IAM platforms allow administrators to create and manage user accounts, assign permissions and roles, and track activity through detailed logs. They also provide the ability to automate the provisioning and de-provisioning of user access to resources.

Locking It Down: Your Next Step To Manage User Access

If you only take one thing from this, regardless of where you're at now or how big your company is, set a goal and action plan to improve your user access monitoring. It's that serious.

overzealous-250x250.webp

If you're not tracking anything, create a shared doc as a bare minimum.

Suppose you have a doc or a sheet but are concerned about its reliability and need more security and peace of mind. In that case, talk to an Identity Management company about your options.

Shameless plug, we'd be happy to look at your current situation and discuss what you need to get started with an IAM solution.

The amount of money and time you will save will depend on a few factors.

Still, it's safe to say that every business will benefit from User access management tools with direct financial protections and increasing the time your team has available to devote to other tasks.

Free Access Control Policy Template.