There’s a reason Mom and Dad put the liquor in a locked cabinet when my sister and I entered our teenage years. They could make rules, policies, and even threaten discipline, but nothing beats a physical obstacle to enhance security. With some effort and increased risk, we could break into the cabinet, but it made our lives much more difficult. An “open share” on a corporate network is like an open bar, and the bad guys and rogue employees – like teenagers – have a tendency to ignore rules, policies, and even potential criminal charges.
In our experience, companies aren’t providing an open bar willingly, but rather, aren’t aware that the door to the liquor cabinet they thought was locked is wide open. Active Directory neglect, a temporary Group permissions grant that became permanent, accidental nesting, or the mistake of a new IT employee can easily result in a would-be restricted file share exposed to everyone in the organization. We do open share remediation projects all day long, so trust us, every organization has open access shares they’re unaware of.
Open access to unstructured data is consistently identified by IT professionals as a devastating challenge; critical to resolving yet overwhelming in its complexity. Why? While open shares can make sense for some data, they can quickly spin out of control, leaving an organization far more exposed than they realize.
Open access exists when rights are granted to everyone, or groups containing almost everyone. The problem with open access occurs when people have access to more data than they need. Nested groups make the problem even more difficult to identify and remediate. And when you consider how difficult it is to know if sensitive data is hiding in all those open spaces, it becomes clear how urgent it is to get a handle on it. Look no further than the high-profile Sony breach to find an example of over-exposed sensitive data: a 12-year-old Sylvester Stallone contract easily accessible to attackers. Such a document has no reason to be accessible to virtually anyone in the organization to do their job.
So in the overwhelming process of data security, open shares are a great place to start in securing your data. No matter how thorough your security is, if you hand access out like candy, no system will be adequate. Ensure only the right people have the right access to the right data.
Come back next week for our best practices on closing the door on open shares.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more