Managing accesses represents an incredible organizational challenge. The usual way is to grant rights on a case by case basis, complicating the task of security administrators, often by copying rights that similar employees currently have or had in the past. Over time, risk is that employees accumulate undue privileges or that accounts are forgotten and not deactivated, leading to a higher insider risk or account hijacking by external attackers. The risk is even higher with IT employees who obviously have extended privileges. The process of creation is often slow, leading to disgruntled managers and employees, whereas the removal process is unsound. Setting up RBAC can drastically reduce these risks and increase employees’ productivity. Discover through this case study the best practices in implementing RBAC and what were the lessons learned.
Key Takeaways:
1) Get an example of a practical implementation of RBAC
2) Understand what to focus on when implementing RBAC
3) Get a sense of the required process
4) Understand how to get buy-in for such a project
