Search
Close this search box.

Administrators Have Limited Access

Identify and Re-Permission Folders Where Administrators Have Limited Access

Summary

Administrative groups such as Technology Services, Information Security, Records Management, and Internal Audit require continuous access to files, folders, libraries, etc. If these groups are incorrectly locked out of parts of the file system, then they are unable to fulfill their responsibilities. This exposes the organization to unnecessary risks and costs.

Northern’s software solution (NSS) can be quickly configured to identify folders that administrative groups cannot access, and guide the re-permissioning of these objects. Very large data footprints can be parsed, across geographical regions, and including multiple platforms (traditional on-premise file storage, SharePoint, SharePoint Online, O365, other cloud platforms, etc.).

By identifying and re-permissioning folders where administrative groups do not have the expected level of access, the organization will:

  • Enable administrative groups to migrate, manage, protect, audit, etc. all data as expected
  • Simplify data migration processes; they will not be suddenly derailed by an inability to move files
  • Improve compliance as audit processes are confirmed to encompass all data
  • Map sensitive data throughout the organization and protect it accordingly
  • Be able to identify users who are changing permissions configurations, and investigate
  • Reveal and act on unwanted activities, previously hidden behind permissions configurations
  • Be able to plan administrative tasks knowing that permissions issues will not disrupt activities

Northern is currently providing some of the world’s leading organizations with this type of solution, and enabling them to realize these values. Contact your Account Manager or the Professional Services team to schedule configuration in your environment.

Situation

Users may have sufficient file system privileges to change permissions on files, folders, sites, etc. They may, for innocent or malicious reasons, remove default permissions configurations and lock administrative groups out of parts of the file system.

The organization can be exposed to unnecessary and unmanaged costs and risks:

  • Without access to all data, functional groups are unable to fulfill their responsibilities
  • Compliance risk is increased as data is excluded from audit processes
  • Records may be overlooked and exposed to illegal handling
  • Sensitive data may be put at risk; left outside of secure areas as its sensitivity cannot be established
  • Users can carry-out clandestine activities such as staging sensitive data for theft or exposure
  • A lack of sufficient privileges can de-rail migration projects through interruptions and failed file operations
  • Task time-lines are unpredictable as permissions problems may require additional, unexpected, effort

This situation continues to exist in most organizations due to specific challenges:

  • Finding libraries, files, and folders that administrative groups cannot access is time-consuming and complex
  • Implementing processes, ensuring periodical review and mitigation, can be resource intensive

Northern offers a way to overcome these challenges.

Northern Solution

The diagram and explanation below shows the workflow implemented in the organization, using NSS, to identify and guide the re-permissioning of folders that administrative groups cannot access:

  1. NSS Scans the file system to identify folders where administrative groups do not have the ‘Full Control’ permission, and stores the results in the SQL database.
  2. Administrators are notified when the scan is complete.
  3. Administrators, Security Staff, can view analyses results in NSS’ self-service web interface
  4. Analyses results are used to guide re-permissioning
  5.  

Key Risk Indicator Established

The number of folders where administrative groups do not have the expected level of access is established as a Key Risk Indicator (KRI). This KRI can be used to establish a control; requiring action when set thresholds are reached. It is also tracked over-time to allow comparison and measure levels of success.

The table below shows the tasks involved in implementing this Northern solution, the time required, and who is responsible to perform each task:

ActionTimeOwner
1Import configuration settings0.5 hourNorthern
2Run analyses in environment and verify results異なる*Automated
3Determine which folders should have their permissions corrected1~4 hoursCustomer and Northern
4Change permissions where necessaryVaries**Customer
5Measure success by evaluating how many folders had their permissions corrected1 hourNorthern

 

 * Approximately 200 folders are scanned per second. A file system with 10 million folders will take approximately 14 hours to scan.
† If there are many folders to be updated, it is recommended to script the required changes.

The implementation of this solution requires minimal investment by the organization and, by identifying and re-permissioning folders that are incorrectly hidden from administrative groups, the organization will achieve real value.

  • Administrative groups are able to protect, manage, audit, etc. all data as expected
  • Data migration processes are simplified as all relevant data can be migrated
  • Improved compliance as audit processes are confirmed to encompass all data
  • Sensitive data is mapped throughout the organization and protected accordingly
  • Malicious activities, previously hidden behind permissions configurations, is revealed
  • Administrative tasks can be planned knowing that permissions issues will not disrupt activities
RequirementDetails
NSS DeployedVersion 9.91 or later
SQL DatabaseSQL Server 2012 or later
NSS Solution Area(s)Centralized File Service Management (CFSM)
Information Governance and Compliance (IGC)

More of what we deliver

Reduce risk

Security breaches, cyber-crime and data privacy regulation – your organization’s data will inevitably contain sensitive information.

Reduce cost

Storing your organization’s data is costly, especially when considering all expenses associated with housing the data.

Increase efficiency

Efficiency of those owning and being dependent of the data decreases as it becomes increasingly chaotic.

Corporate responsibility

Pressure mounts on all organizations to take more social responsibility – IT services, internal or external, need to incorporate capabilities facilitating CSR.
Northern Parklife icon

Get started

If you wish to start using NSS to identify and re-permission folders where administrative groups have limited access, please contact your Account Manager, or the Professional Services team, to schedule the first action: import configuration settings.

Contact Us