Why IT Asset Managers Should Care About Access Restrictions to Organizational Data

In Featured Articles, IAITAM News You Can Use by IAITAM

A new study shows that nearly half of employees have access to more organizational data than necessary. This might not seem like a huge deal, especially since employees and employers may have gained trust with each other over the years. However, this can lead to a security issue if the sensitive data gets leaked, whether by accident or on purpose. Even though this is primarily an IT issue, IT Asset Management is still involved.

Why the Study Is Important

Giving too much access to private data is problematic because the risk of that information getting leaked increases. For example, an employee might not need access to client sensitive data such as credit card information. However, the organization might have unknowingly given that employee access to that information, which increases the risk of private data exposure. The employee might accidentally disclose that information, or become angry, and purposefully leak it. Ultimately, data restriction is beneficial to the organization.

The study surveyed full-time employees on how much access they needed to perform their job compared to how much access they had. It showed that 48% had more data access than needed, and 12% had access to all organizational data.

Though this was a smaller study of 700 people, it opens up the question of how much sensitive data is unnecessarily accessible in your organization?

This is information that the IT Asset Manager needs to know in order to mitigate risk. Even though the issue is more in the domain of the IT team, it falls onto the IT Asset Manager to inform the IT team about the issue. The IT Asset Manager takes on the supporting role in this situation.

What IT Asset Managers Need To Do

IT Security controls who has access to what. If the IT team is unaware of the issue, it won’t get fixed. The IT Asset Manager’s role is to look into the matter and determine who needs access to what information to maintain job flow. Once that is determined, the IT Asset Manager can then educate the IT team on who needs their access limited. After the IT team is informed, they will limit access to private data, thus increasing the organization’s security.

Though this does not seem like a huge role to take on, it is still a good task to do. Enhancing the organization’s data security is beneficial to everyone.

 

References:

Barker, I. (2019, August 9). Almost half of employees have access to more data than they need. Retrieved from https://betanews.com/2019/08/09/employee-excessive-data-access/