Delegate access control to end-users
Your company’s security often starts with end-users, but employees do not always have the tools, capabilities, or training they need to easily succeed. For example, employees may be in a hurry and need to quickly share a file, so they create a public link without thinking about the risks associated with that action. They might forget about the public link, and so it remains open for years.
IT teams are often constrained with time and resources. Reviewing document access permissions and taking remediation actions adds more work to their already full plates.
And even if IT teams undertake these tasks, they don’t always have the entire context behind why documents are shared externally and internally. They may be concerned about negatively impacting employee productivity by restricting access permissions that were required for valid business scenarios.
Finally, IT and security leaders want to drive a behavior change amongst company employees, helping them to know how to safely share company information. They are not interested in one-time audits where the underlying employee behavior still exists and has the potential to cause future problems.
The ideal tool would allow you to easily and confidently delegate access reviews and actions to end-users. For example, the system should have file owners review public links on documents that have not been modified in a year or more, and remove access which is no longer needed. It should also give you the ability to track the completion of these access reviews.
You also need the ability to create automated warning prompts for employees. For example, when an employee tries to add a personal email account to a document, a warning prompt will appear, asking if they are sure they want to take this action. You can go further and set up a prompt that asks them to provide a business justification for adding the personal account.
Delegation makes employees part of the security solution, saving needed IT time and resources while bolstering your overall security response.