That said, implementing and enforcing file security best practices can prove to be daunting and overwhelming due to the sheer number of files needing protection within an organization. A recent blog post from Andy Green of Varonis sheds some light on the matter of file security, wherein he shares a few specific actions organizations can take to keep their file security top notch.
Here are three file security best practices he urges all organizations to implement:
- Eliminate Everyone – Windows uses a default “Everyone” group that gives global access to a folder or file. It would make sense for companies to remove this group from a folder’s access control list (ACL), but according to the most recent annual Data Risk Report from Varonis, 58 percent of companies sampled had over 100,00 folders accessible for every employee! While you’ll need to grant everyone access if you’re sharing the folder over the network, it’s important to make sure to remove from it from ACLs and then do the following Role-based Access Control (RBAC) analysis.
- Roll Your Own Role-based Access Controls (RBAC) – Each role in an organization has its own associated set of permissions to resources. Naturally, you assign similar roles to the same group and apply their respective permissions, and then follow AGLP method. (Accounts are organized by global groups, then into local groups, and assigned appropriate permissions.) This approach is extremely effective in maintaining file security when implemented correctly. However, the biggest hurdle here is laying the administrative groundwork to make the system successful moving forward.
- Minimal Least Privilege Permission – This is related to RBAC, but it involves focusing particularly on “appropriate” permission. With the least privilege model, the minimum necessary access is granted to each respective role at the organization. For example, marketing may need read-only access to a folder owned by the finance department, but they shouldn’t be allowed to update a file or need access to specialized financial software. Administrators need to be ruthlessly stingy when granting permissions with this approach to keep file security at an all-time high.
For more information on how to protect and secure your data click here.