5 Tips for Setting User Access Privileges in Your Business Cloud Storage
by Jaap van Duijvenbode on December 7, 2016
Your company has made the decision to consolidate your data in the cloud. You're partnering with a great storage services provider (like Talon), that is expert in all the technical aspects of data security for business cloud storage. Yet, the most critical part of the job of keeping your data safe lies not with your cloud storage provider, but with you.
The biggest threat to your company's business-critical data doesn't come from the almost legendary ability of hackers to worm their way into even the most tightly locked-down systems. Rather, it's from your own authorized users who, whether by design or inadvertently, can open doors by which information can be compromised or stolen. According to a data security report from Oracle, 80 percent of data loss is caused by corporate insiders.
That's why correctly setting access privileges for your employees and other users is a critically important responsibility. Get it wrong, and any technological measures you or your storage provider may institute to protect your data won't mean much.
It's a tough problem. If you're too strict in setting access privileges, your staff will be hindered (and probably loudly frustrated) in getting their work done. But if you are not strict enough, you'll open vulnerabilities that bad actors, both external and internal, will be happy to exploit. How can you strike the right balance in giving your authorized users the access they need in order to do their jobs, while ensuring that neither they, nor malicious outsiders, will be able to compromise your data?
Here are some tips on best-practices for striking that balance.
1. Follow a Least-Privileged User Account (LUA) Model
With LUA, each user account is given only the access privileges that are essential to getting that user's job done. For example, when most corporate workers log into their computer workstations every morning, they do so with administrative privileges, even though they may not have any administrative responsibilities at all. That's because in many companies, no one bothers to specifically select the access privileges each worker needs, so they just go with the default. But does it really make sense for most employees to have the permissions that allow them to install and run programs, or modify registry settings, or control firewall settings?
Not only do most workers not need such privileges to do their jobs, but the fact that they have them often provides a wide open door for intruders to gain unlimited access to a company's data. Applications launched under an account that has administrative privileges will themselves run with those privileges. That means that if an attacker is able to insert malware on a user's computer, perhaps through phishing or some other social engineering scheme, it effectively gives the intruder total control of that machine. They can then search the machine for information that allows them to penetrate and possibly control other computers and servers on the network.
But when users are allowed only the limited privileges actually required for the tasks they are authorized to perform, the potential of a successful attack on one worker's computer propagating itself to others machines on the network is minimized.
2. Implement Role-Based Access Control (RBAC)
With role-based access control, access privileges are assigned not to individual workers, but to the specific roles they play. For example, someone fulfilling the role of database manager will have access to data that is denied to roles such as sales person or line supervisor. The key is that users may have one or more roles, each with its own set of group privileges. But when a worker no longer performs a particular role, they should be removed from that group and no longer allowed to exercise the associated privileges.
3. Institute Granular Account Control
Oracle defines access control granularity as "the degree to which data access can be differentiated for particular tables, views, rows, and columns of a database." The concept is based on the principle that although a user may need access to some of the information stored in your company's database in order to do their job, that doesn't mean they should have access to the entire database. Each account's access privileges should be restricted to only specific subsets of the data that are relevant to that user's responsibilities.
In order to accomplish this type of granular account control, you'll need to have an in-depth understanding of your data. Jonathan Gossels, President of SystemExperts notes that to properly protect business-critical information, a company must "set policies to systematically and consistently categorize their data." He goes on to advise, "The best way to secure sensitive data is to ... understand what is sensitive in your data, set rules for handling it, implement technical controls to ensure it is actually handled properly, and educate your users about their role in keeping it safe."
4. Don't Allow Any One Person To Have Total Access Or Control
In every company there are people whose jobs require them to have almost unlimited access to the organization's systems and data. Tasks such as managing, maintaining, repairing, and upgrading critical hardware and software simply cannot be effectively accomplished by workers whose access privileges are restricted. Yet, as necessary as they may be to the smooth functioning of an enterprise's IT infrastructure, such individuals can be a major point of vulnerability for the systems they control.
Since former NSA contractor Edward Snowden leaked much of that agency's most closely held information in 2013, the threat that even a single disillusioned insider can pose to the security of an organization's sensitive data has become glaringly apparent.
One way to address this vulnerability is to structure user privileges so that absolute access and control of systems and data cannot be exercised by a single individual. Rather, at least two employees, working in tandem, are required before privileged access is granted.
5. Conduct Regular Access Rights Reviews
Regular management review of the access rights held by various users is an absolute must. Far too often changes in an employee's role or responsibilities do not result in any adjustment to the access privileges that individual is allowed to exercise. This leads to what Brad Hibbert, CTO of BeyondTrust, calls "permission bloat."
Drew Farnsworth, a Design Lead at Green Lane Design LLC, recounts a personal experience to make the point. "I'm a data center infrastructure designer and consultant," he says. "When designing, building and commissioning data centers I have more than once been given access to the internal network of a company. Months later I have come back and the passwords were not changed."
The access privileges of all users should be reassessed on a regular basis, whether weekly, monthly, quarterly, or yearly. Whatever the frequency, a specific review schedule should be established and adhered to. Otherwise, the reviews simply won't be done.
Intelligently managing user access privileges for a company's business cloud storage is a complex but crucial task. Here at Talon Storage, we've developed products and procedures to help our clients fulfill that responsibility. If you'd like to know more, please watch the Talon FAST video.