2 min read time

Managing Entitlements in the Enterprise

by   in Cybersecurity

Let’s talk about entitlements. I’m not talking about Social Security and Medicare – not those kind of entitlements. What I want to discuss today is the digital entitlements within an enterprise. If you’re the average user, you probably don’t know all the entitlements your accounts carry. That’s OK. If you’re an IT Administrator, you probably expect that you have a good handle on entitlements, who has them, and how they are being used to some degree.

Managing Entitlements in the Enterprise.pngLet me tell you – you’re probably woefully underestimating the amount of entitlements you _should_ understand, and probably don’t have as good an understanding of how those rights are being used.

I should probably give you my definition of entitlements. Basically, like any “regular user”, I have the entitlement to access my computer, and by extension connect to the network. I also have an entitlement to access resources that allow me to do my job such as files and folders, applications and services, and more. Now multiply that by all your users in your company. Then, add any contractors, temporary workers, and guest accounts. And, the numbers grow exponentially from there when you consider application-specific accounts and entitlements (SaaS apps, devices, etc.) After all, as an end user, you generally think the concept of identity is as simple as “I’m me…here’s a password to prove it”. In today’s world an identity is much more like “I’m me, on this device, over a VPN, from this location at this time – here’s a password AND I can confirm that with a second factor… now can I access the resource?” There are a lot of moving pieces there in the identity portion of Identity and Access Management – and we haven’t even described the access portion beyond the request at this point.

As you see, things can get complicated very quickly. With today’s devices, cloud hosted resources and apps, personal and social accounts, it can be pretty hairy for administrators to define who gets access to what, and under what circumstances. The map is constantly shifting. And those resources (files, folders, sites, services) aren’t static either.  Even if the files remain the same, there’s no guarantee that the content will remain static (in fact, it’s just the opposite). That means re-evaluation of compliance and standards against the assets.

The expectation is that administrators or application owners are managing these entitlements. But who can keep up with the barrage of changes happening in today’s environments? There are solutions that can help. One way you can help get and stay on top of things is to catalog all changes across your resources in a persistent, centralized, and scalable fashion – searchable, indeminable, and current. One that’s easy to query and report and provides you with actionable information. Another way you can help get things under control is to lock down your critical resources and ensure that the most privileged accounts are protected and not known to an increasing circle of people. If you can protect these highly privileged accounts you have much more control over the entitlements (including the ability to grant more entitlements). There are other options, but today, I wanted to simply raise awareness: Entitlements need to be managed.

Micro Focus has solutions in these areas that can help – reach out to us and we’ll help you get those entitlements under control. Learn more about our Identity and Access Management solutions that we have to offer our customers.


Identity & Access Mgmt