Group and User Entitlement Reviews with YouAttest

In light of the the recent hacks, especially the U.S. Massachusetts Air National Guardsman Jack Teixeira exfiltrating critical defense data – we felt the need to help remind the cyber community how YouAttest can and should be used to audit user permissions for security and privacy reasons.

First, Best Practices:

Your IAM tool is your data privacy and security friend.   It is designed to help you organize and group you users and entitlements by roles. 

Regardless the resource:   SaaS, PaaS, SASE, Network, Applications, etc – individual users should NOT be assigned access rights.   This practice does not scale.   YouAttest details this in our 5 First Steps to a Secure and Sustainable IAM/IGA Practice.

To sum up:

  • Organize your users to groups
  • Assign a manager to these groups
  • Identify Resources to secure
  • Assign access to Resources based on Groups

NOTE:

YouAttest will allow you audit these entitlements to resources – REGARDLESS if the IAM is synced with the resource.   We allow this audit via a feature called “Siloed Resource Audit”.    E.G. there is no excuse to NOT organize your IAM to this “best practice” standard.

Secondly – Audit Your Roles/Groups:

The is where YouAttest – with its zero deployment time solutions comes into  play.   Whatever your resource YouAttest will allow you, the security manager, the risk manager, the MSP – conduct a UAR (User Access Review) of the group/role entitlements.

 

Image #1: YouAttest is designed to help security and audit professionals conduct repeatable and quantifiable entitlement reviews based on application, group and user searches. Group Audits are key to managing roles.

Once the security/risk manager initiates the group audit – YouAttest automatically message the users based with pre-written templates for simplifying messaging.  The messages can be pushed out via email or slack.   

The reviewers – be them “user managers” or “group managers” (your choice) receive the message and then are able to see ONLY the users that they are in charge of managing. 

Image #2: YouAttest allows the security manager, risk manager or MSP to audit any group or role in the enterprise.

 

The YouAttest product then delegates OUT to the appropriate group owner or user manager w/ a message to audit their respective users.  (see image #3)

Image #3: YouAttest sends out a message to the review – either via slack or email.

Once the message is sent out to the user – the reviewer completes their small section of the audit.  YouAttest simplifies this process by showing this reviewer just their section of the audit.  

Image #4: The reviewer (user manager or group owner) reviews the users under his/her domain – and completes their part of the audit.

Lastly – You Can Audit the Individuals directly

If their is an individual you wish to determine the roles/rights – you can you use YouAttest to address individually:

Image #5: The same audit process can be used to audit individual users.

 

Benefits of the YouAttest UAR Process

YouAttest is usually eliminates up to 80-90% the manual effort in conducting an identity audit.  The real value is that conducting these reviews is so easy – it becomes standard practice for the security and risk manager to execute!

 —

Contact us today to learn more about how YouAttest can help improve your identity audits, via automating user access reviews for compliance and better identity security.

 

Facebook
Twitter
LinkedIn

More
articles