We’ve said it before, but when it comes to managing privileges and user account access, we take our motto from the movie Spaceballs. It’s “Take only what you need to survive.”
Granting employees access to IT resources should be done proactively and intentionally. It’s possible to implement a state-of-the-art Identity Governance Administration (IGA) platform that will automate much of the work involved, but it’s cheaper—and in small to midsized businesses, entirely do-able—to perform regular access audits manually. What’s important is keeping track of who has access to what and ensuring that people don’t have access (or privileges) that they don’t explicitly need (or no longer need) for their job function.
It’s also important to maintain oversight of the SaaS solutions your organization is using. In today’s world of free software trials and company credit cards, it’s all too easy for employees to sign up for SaaS without your IT or security team knowing anything about it. This is a recipe for increased security risk.