Permissions in platform apps, such as Salesforce, Microsoft 365, and Workday, are remarkably complex. While the terminology differs within each application, they are essentially composed of user profiles based on roles, additional permissions based on tasks, and frequently layered with custom permissions required by the individual user.
These permissions appear on different screens within the application, requiring admins to get creative placing windows on their monitors for a single-screen view of any user’s access.
When you consider that most organizations have multiple tenants of these applications, each of which should be following the same corporate policies, it’s clear that app admins need a solution that clearly displays their users and permissions.
In conversations with CISOs and admins, associating users and permissions comes across as one of their biggest pain points. They need a solution that offers 360-degree visibility into user permissions that normalizes the structure of the permissions model into a single view.
We Built a Better Permissions Inventory
Adaptive Shield had three goals in mind when we began development on our Permissions Inventory. First, we wanted to simplify permission management, so admins had visibility into every user permission. Second, we believed that admins should be able to manage and compare user permissions from multiple tenants. Finally, we wanted to show who has access to data within records, fields, and files.
Our Permissions Inventory accomplishes all three. Starting with a user’s profile, Adaptive Shield users can see each user and their risk level. They can be filtered by license type, domain, access level, object, and object type. Admins can drill down further, for a granular view of each user’s permissions and the level of access granted with each permissions (view, modify, create, edit, delete).
Permission Management
Using Adaptive Shield’s Permissions Inventory, admins can see every user’s permissions. By clicking on any user, admins can drill down to the permissions for any object. Each record is enriched with the reason why permission was granted for a particular field.
Admins can also see the profiles, permissions, and groups that contain specific permissions and the users who have been granted those permissions. Additionally, they can find unassigned roles and remove them from the application to further simplify user management.
Multiple Tenant Management
The Permissions Inventory makes it easy to compare user permissions across different tenants and environments. View and compare permissions types, and individual user permissions side-by-side from across the application.
Find instances of over-permissioning, partially deprovisioned users, and external users from across the integrated environments.
Classify Sensitive Records
Adaptive Shield identifies the records, fields, and attachments that contain sensitive information. Admins can quickly discover which users have access that exceeds their role through permission analysis, and take the steps needed to align users with the right level of access.
Improve Regulatory Compliance
Adaptive Shield’s Permissions inventory is a vital tool in assisting organizations to achieve regulatory compliance on multiple fronts. With access recertification capabilities, it enables companies to regularly review and validate user permissions, ensuring alignment with regulatory requirements and internal policies. By facilitating Segregation of Duties (SOD) checks, it safeguards against conflicts of interest and assists in meeting the compliance standards set forth by regulations like SOX.
Additionally, the platform helps control access to sensitive data such as Personally Identifiable Information (PII) and financial data, mitigating the risk of data breaches and ensuring compliance with data protection laws. Furthermore, Adaptive Shield enables organizations to implement Role-Based Access Controls (RBAC) and Attribute-Based Access Controls (ABAC), streamlining access management processes and ensuring that users have appropriate permissions based on their roles and attributes, thus enhancing overall regulatory compliance efforts.
Reduce Attack Surface
Utilizing Permissions Inventory is instrumental in enabling organizations to significantly diminish their attack surface, thereby fortifying their cybersecurity posture. By systematically identifying and curtailing unnecessary user permissions, the platform aids in reducing the attack surface, minimizing the avenues available for malicious actors to exploit. Moreover, it empowers organizations to uncover and manage non-human access, such as service accounts or automated processes, ensuring that every entry point is scrutinized and controlled effectively. This oversight allows for a fine-tuning of the security and productivity balance within access policies, ensuring that stringent security measures are in place without impeding operational efficiency.
Furthermore, Permissions Inventory plays a pivotal role in the identification and removal of over-privileged accounts, which represent potential vulnerabilities within the system. Organizations can mitigate the risk of unauthorized access and privilege escalation by eliminating these accounts or adjusting their permissions to align with actual job requirements. Additionally, the platform aids in the proactive detection of privilege abuses, swiftly flagging any anomalous activities that may indicate a breach or insider threat. Through these comprehensive capabilities, the Permissions Inventory acts as a proactive defense mechanism, bolstering organizational resilience against evolving cyber threats.
About the writer
