Especially larger companies in particular are often confronted with challenges due to poor authorisation management. However, regulations and certifications require clear precautions to ensure the accuracy of the managed data. Regulations such as the Sarbanes-Oxley Act (SOX), BSI-Grundschutz or ISO 27001ff demand answers to the questions “Who has access to what, when and why?” at all times.
Directory services create clarity
Directory services provide the ability to assign permissions and enforce compliance. They also allow permissions to be combined into groups or roles to simplify administration. These permissions regulate access to devices and information. These are assigned to a subdirectory, for example, so that the operating system can approve or deny access.
More clarity for permissions
Since companies assign these permissions to employees as well as to devices and subdirectories, it quickly becomes confusing. Simple questions such as “Who has access to this file and who is responsible for this?” can be difficult to answer. If projects, restructurings or consolidations are carried out over time, it becomes very difficult to keep the overview of everything.
A non-transparent picture of the authorization situation entails an increased security risk for unauthorized access to sensitive or critical data and information. Possible errors and weaknesses in authorization management can result in undesirable costs as well as other negative effects. For example, unclear authorization management can slow down everyday process flows and, in the worst case, lead to security conflicts due to improperly assigned rights.
ORDER INSTEAD OF CHAOS
FLOWSTER FSM forms the bridge between your directory service and your directories. It simplifies the assignment of permissions to directories through a graphical representation, saves all changes and keeps permissions up to date even in case of data exchange, migration or consolidation.
For example, access requests are submitted directly to the responsible person for this access and, in the case of approval, granted automatically. Of course, this process is also logged and can thus be evaluated. In addition, the internal exchange of data is simplified. This is achieved through automated provision and time-controlled removal of data or even through the synchronisation of directory trees.
Of course, FLOWSTER FSM also offers the possibility to generate comprehensive reports on your questions and thus simplifies the checking for errors or the proof of compliance with regulations.
The most widely used directory service is Microsoft Active Directory (AD). AD is a powerful tool for efficiently setting folder permissions in the company, among other things. It always shows the current status. When and who initiated or carried out changes is not stored. For fast and audit-proof administration and documentation, a suitable third-party system is required for the management of authorisations. FLOWSTER FSM can provide effective support here. You are able to control authorisations comfortably via a graphical user interface.
FLOWSTER FSM enables you to:
• Manage Microsoft directory permissions
• Delegate delegations to different directory owners
• Monitor Microsoft directory permissions
• Reset externally set authorisations to the target state
• comply with the approval structures
– through a simple request for temporary or permanent directory permissions
• Restructure the directory structure via a graphical user interface
– while retaining the authorisations
• Explicitly share files with specific users
– also for a certain time
The structures in your company are subject to constant change. Therefore, file storage is also subject to the need for continuous adaptation. These adjustments can be due to the exponentially growing data flood, the merger of your company or simply a restructuring.
FLOWSTER FSM contributes to a smooth migration and relieves your helpdesk by:
• Migration of existing directory and permission structures from an internal or dedicated Microsoft file server to a new Microsoft file server
• Migration of home share directories
• Post-synchronization of migrated directories for a defined period of time
• Automated adjustment of links in MS Office documents during migration
It often makes sense to provide data as copies. One example is sales-supporting documents. These are created by Marketing and synchronized unilaterally in a consistent package in the corresponding folder. They can then be used by sales at any time. Marketing can already work on improvements without providing inconsistent information to Sales.
Another example is Safe Browsing, which uses Citrix to provide a specially protected environment for accessing the Internet. The files for upload and after download are therefore located on a separate computer. To ensure that this is transparent for the user, his corresponding directories are synchronized on both sides with those of the protected computer.
With FLOWSTER FSM you can:
• Synchronise different directories after each change
• Synchronise different directories interval-based
• Synchronise Windows user profiles
• Check synchronising files with an antivirus scan
It’s important that you keep control over what other users can – and can’t – do with the information you share. Detailed permissions let you determine who can access folders and files and with what access permissions. When employees leave the company, take on another function internally, or a project is finished, the information that is no longer needed must be locked within a defined time and completely deleted after a defined waiting period.
FLOWSTER FSM supports you in:
• Blocking file transfers based on the file signature
• Creating exceptions for file blocking
• Cleaning up directories
• Deleting files after a configured duration
Compliance and corporate security policies require the verification of authorisations in the handling of information through appropriate, regular reports. In case of a security breach, reporting for security analysis or forensic analysis must also be ensured.
As FLOWSTER FSM stores all changes, it supports you in auditing and reporting changes to directory permissions.
Mapping of users and permissions from two different AD environments
After takeovers, authorisations are often stored for a long time in several directory services and thus cannot be taken over directly. Relevant permissions are therefore automatically transferred to the central information pool with FLOWSTER FSM, cleanly mapped and synchronised. In this way, FLOWSTER FSM enables overarching consistency between the various directory services.
Temporary, intra-company file exchange via a web interface
Sharing files or subdirectories is a major compliance gap and security risk. FLOWSTER FSM enables logged sharing via a clear self-service interface.
All authorisation paths are clearly and quickly visible in one place. Who can access which files and which changes were made by whom.
Safe and compliant
Security regulations and data protection through simple implementation of compliance guidelines. Time-limited authorizations can also be realized.
Security-related activities on your folders can be centrally recorded, tracked if necessary, and reset. All user rights are displayed regardless of group affiliations.
Flexible customization is possible without IT administration intervention.
FILE SERVICE MANAGEMENT PROCESS
WITH FLOWSTER FSM
Do you still have questions?
Would you like to advance your IT automation? Make an appointment and we will answer the following questions, among others:
- What are the options?
- Which solution suits you?
- What is the cost structure?