Security

3 Reasons You Should Start With Access Rights Management Over Access Management

May 13, 2020

3 Reasons You Should Start With Access Rights Management Over Access Management

Inevitably, at some point in the evolution of your security strategy, you realize you need to put some controls around access. For far too long, organizations have allowed users to remain over-privileged, and with the massive growth in the use of cloud-based services, applications, and platforms, the concept of access has expanded well past the four walls of the traditional workplace.

But, as organizations look to develop a strategy around access, it’s unclear as to whether access management (as part of identity and access management) or access rights management is the correct place to start.

Here are three reasons why access rights management is a better place to begin your “access” journey.

1. Your Cloud Is Hybrid… and Your On-Prem Security Is a Mess

With 69% of organizations running in some form of hybrid environment, it’s likely your company remains dependent on Active Directory (AD). But, if your organization is like most, you also haven’t validated your rights assignments to applications, servers, file shares, and other resources in… well, ever. Unless you have a process in place where you’re reviewing permission and group changes on a regular basis, your rights assignments are in a far more chaotic state than you think.

If this is, in fact, the state of your AD, and AD is the basis for your synchronization with various cloud identity stores and applications, it’s possible your access throughout your hybrid environment is equally disordered and requires you to implement an access rights management process to clean every part of the permissions and accounts making up your access—starting with AD.

2. Access Is About Rights… and Then Identity

Before you centralize identity authentication and provide a portal to access applications, data, and other resources, it makes sense to first ensure the rights granting access are correct. To do otherwise would potentially allow users unsanctioned levels of access. Once you have your rights assignments dialed in, layer identity on top of this solid foundation.

3. You Need the Practice… So You Can Repeat It

The concept of getting your access rights under control plagues every environment. IT will put the effort in initially, but over time groups become bloated, permissions are appended (but never removed), and IT is focused on seemingly more strategic initiatives. Getting your on-prem AD rights into a known-secure state of order with an ongoing process of reviewing and updating access rights is the first step to putting this same process into practice for every cloud-based platform and application you add over time.

Security Starts With Access Rights Management

Your identity strategy needs a solid foundation of locked down permissions to grant only the access needed. Whether using the principles of least privilege, zero trust, or NIST standards, the basis for your identity strategy should rest on an underlying secure configuration of access rights, so the trust you put into authentication is supported by only enabling the authenticated user to perform authorized actions.

For more information, download our whitepaper, Clearing the Confusion: Access Management vs. Access Rights Management.


Nick Cavalancia has over 20 years of enterprise IT experience, 10 years as a tech marketing executive and is an accomplished technology writer, consultant, trainer, speaker, and columnist. Nick has attained industry certifications including MCNE, MCNI, MCSE and MCT. He has authored, co-authored, and contributed to over a dozen books on Windows, Active Directory, Exchange, and other Microsoft technologies and has spoken at many technical conferences. Previously, Nick has held executive marketing positions at ScriptLogic (acquired by Quest, now DELL Software) and SpectorSoft. Prior to that, Nick owned two IT consulting firms -- which focused on the architecture, implementation, and training of Microsoft technologies to enterprise customers.