It appears you're discussing common pitfalls in access management and privileged account security, highlighting real-world examples of breaches that resulted from these issues. Here's a summary of the key points for each issue along with recommendations on how to address them:
1. Overly Broad or Outdated Roles
Issue:
- Overprivileged roles: Employees have access to data outside their job scope.
- Outdated roles: Permissions are not regularly reviewed and updated.
Real-world Examples:
- Low-level bank employees selling customer data via Telegram channels due to overly broad role definitions.
- Marks & Spencer contractor compromise where permissions were defined against broad internal roles rather than specific systems.
Root Causes:
- Rapid growth leading to time pressure in defining roles.
- Fluid workflows causing permissions to accumulate without removal.
- Cross-functional work resulting in hybrid responsibilities not being accommodated by role-based models.
- Lack of governance for reviewing and updating role definitions over time.
How to Fix It:
- Perform regular role audits to ensure that only necessary permissions are granted.
- Decompose broad roles into smaller, purpose-built ones based on job functions.
- Implement a system where each role is owned and regularly reviewed by someone accountable for its accuracy.
Read the full article at Security Boulevard
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
9
Contents
Ali NematiWritten by Ali
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
