When it comes to access management, has your organisation got any blind spots?


Are you in the dark about who has access to what in your organisation? We spend so much time protecting our businesses from external threats, we often forget one of our greatest threats – insiders.

As the number of internal and third party breaches continues to cause concern across organisations, the importance of managing who has access to what – to balance security with employee access to your systems - is critical.

From May 2018, the General Data Protection Regulation (GDPR) will put customers and staff in control of their personal data, empowering them to choose how businesses and their third parties use their data. Where personal data is not treated correctly, individuals will have increased rights and can, in some instances, claim compensation. Regulators across the EU will have unprecedented power to enforce the legislation and impose hefty fines in instances of non-compliance.

Never before has preventing data loss been so important - your access governance plays an important part of your defence.

We’ve prioritised the seven things you need to consider in your access framework.  With ever-changing security boundaries, increasing collaboration, a widening variety of devices and the continued growth of cloud services, it's essential that only the right people have approved access to your applications and data.

Our short video on AccessAble outlines how we can help you get a clear view on your access management. You'll also find a selection of our insights to explore, giving you all the latest thinking around access and identity management. 


Seven steps to successful access governance

Here we’ve prioritised the seven things you need to consider in your access framework:

Do you consider access risk as a business mandate? It’s not a function of internal audit or IT

Understanding the risks and presenting them in the right language is essential if this is to happen. You don’t want an ‘It’s English Jim, but not as we know it’ scenario.

Has a comprehensive access governance system been established? This will protect against insider and third party threats.

Ensure you consider this when designing your policies and rules. The indirect approach of the recent cyber espionage attack, which targeted managed outsourced IT service providers, highlights the need for organisations to have a comprehensive view of the threats they’re exposed to, including those of their supply chain.

When was the last time user entitlements were reviewed? This doesn’t have to be a difficult task

High-risk users need to be re-certified frequently, whereas users with low impact entitlements can be subject to annual review, thereby saving time and money.

Is your data in shadow IT systems secure? Do you know who has access to it?

Do you have a blindspot? Shadow IT systems (systems that are built outside of the organisation’s approved controls and governance), which are unknown to the organisation’s central IT team, presents huge risks for managing leavers and disgruntled employees. If you don’t know the system exists, how can you ensure a leaver’s access is removed?

Have you considered what automated controls you require being embedded as your first line of defence?

The first line of defence should be automated, with IT dependent or manual controls embedded. Then, the second line deploys monitoring and reporting processes, so that the third line, internal audit functions, can fulfil their duties.

Do you know what really needs to be locked down?

You should be aware of your risks and then manage them, not lock down so tightly that you choke the business. As soon as you do this, users will try to circumvent the controls, resulting in more issues and unmanaged risk.

Did you know automation of critical access controls could help to save you cost and minimise disruption?

These are the ones which provide access to the systems that really matter, and create the foundations for a robust second line of defence, which supports the rest of your access governance operating model.

Get a clear view with AccessAble

As organisations grow, security boundaries expand; as employees join, move or leave, and as new technologies continue to transform the way we work and collaborate, how do you ensure that the right people have access to the right information?

AccessAble can help you meet these access governance challenges, delivering a fully-functional access governance tool, providing greater security at a lower cost.

It helps manage access with effective controls to minimise the opportunity for attacks through mistakes, misuse or malicious activity, cutting the risk of major losses through data breaches, protecting your reputation.

Watch this short video to find out more.


Playback of this video is not currently available

View transcript

Explore how AccessAble can help you

Submit your details below and we'll contact you to arrange a conversation

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Richard Horne
Cyber Security Partner
Tel: +44 (0)20 7213 3227

Richard Mardling
Tel: +44 (0) 7711 589047

Laura Duncan
Senior Manager
Tel: +44(0)20 721 23928

Follow us