More than eight in 10 organizations manually review their access permissions, according to a new study. But it might be more efficient to outsource the automation and management of these services to managed security service providers (MSSPs) and managed service providers (MSPs), said Netwrix, a security specialist data, in its study of nearly 600 IT professionals.
Why outsource to MSSPs and MSPs?
IT teams are generally not able to know exactly who needs what access to what IT resources. On the other hand, MSPs and MSSPs are equipped with the right automation tools to ensure regular updates of user rights. Netwrix maintains an extensive partner program that includes resellers, technology partners, and MSPs.
According to Joe Dibley, security researcher at Netwrix, while 90% of organizations participating in the study already periodically review access rights or plan to do so in the next three years, some 81% said they do. manually, which can be unreliable and time consuming. .
“An email or instant message from a department head confirming access rights usually doesn’t satisfy either internal or external auditors,” Dibley said. “In addition, this approach increases the risk of human error. It’s too easy to forget someone’s response or miss the email altogether. »
Risk reduction and time saving
In 41% of organizations, IT teams review user access rights not just manually, but on their own, without involving business users at all. However, of the organizations in the study that have a dedicated tool for reviewing user access rights, around half said the main benefit of this solution was reduced risk and more than one quarter said the time saved.
“Automating access reviews reduces cybersecurity risks directly, by ensuring users’ rights are regularly updated, and indirectly as well,” Dibley said. “Eliminating manual tasks frees up IT teams to focus on other critical activities, like investigating security incidents before they turn into breaches,” he said.