Hello and welcome. We introduce, I introduce our team. My name is Ina . I'm marketing and product specialist atk, and this is Michael Breyer. He is a vice president system engineering and security and compliance at Signal Labs. So we are talking today about entitlement and security. The climbs or desire for security access setting and rights and sets in reality are often diverge, vitally.
Typically, more rights are assigned than were originally needed. The resulting security gap can have far reaching consequences.
Therefore, it is essential to be able to display the, sorry to display the permissions at any time. Regardless of how they have been said. Manual monitoring is hardly manageable, even in small environments. I'm sure you agree with me. Independent automatism, which can analyze and display the real settings become a need. In the session, Michael and I will show you how Signal Labs can support you with this hereby improving and ensuring the security of your company. So Michael, here we go.
Okay.
Again, when we speak about entitlements, it's, it's the focus of entitlements, of riots, of granted permissions. When, when, when you think about, it's a question of security. Of course you can, you can, you can have a third party system like e a I Im systems who gives, or who grant access, who grant rights to people, to accounts and to groups. But at the end, these system can only cover long range, 90% of the, of the entitlement or of the road, but not all. And because of this, it's a gap between the claims and the reality.
And for this, we decided to introduce or to develop a tool, solution, an independent solution, which gives you the real insight, the, the reality of your settings.
What can happen if you, if you, if you, if you grant access to, to, to people, to groups, then yeah, of course. Typically people are in groups. Groups have permissions, permissions grant access to, to application, to data.
And yeah, as I, as I said before, if you are using third party systems, then everything is okay, but how often does it happen that administrator comes to you or an owner, product owner or an area owner is coming to you and say, okay, I need this for a short time, or I need access to this data. And of course, maybe you have change requested and change happened.
Yes, that's good. But at the end, the three third party system does not know about this manually made change. So it's important to have an, an extra solution that gives you the reality of the settings because revoking permissions, revoking entitlement is a big issue.
Still a big issue. We all know the example of of the trainees Yeah, trainees during the, the training period.
They, they, yeah, they, they, they walk through different, different departments. They, yeah, they, they can have access to the different data sources and at the end of their trainings period, the da, the, the access or the entitlements are not revoked. So at the end, sometimes the trainees or than the new employees, have more rights to different things to different areas, which are not, which they are not allowed to because they work during the, their period training period in these departments.
And because of this and other things, like, yeah, employees have sea level access because they need for five minutes access. And, and this access was never revoked. It's a big problem. It's a security issue. And because of this, we decided to yeah, develop a, a, a tool, a solution like entitlement and security for ad also from a more technical side, have having permissions in ad and you know, ad is still the leading directory also, also, if you are using Azure ad, if you're using, let's say new technologies, AD is still the yeah, the origin, everything is zoomed out from, from, from ad.
So it's important to focus on, yeah. Re let's say reality reporting in the ad environment, how this could happen or how, how, how can this happen?
You know, the way how we work, the way how employees work in companies did change in the last couple of years. We have more and more temporary workers. We have students who, who, who work for, for certain periods of time in the company. We have employees who change their, their, their, their, their areas. So there was, there was a research for, for a large German company telling us that
Yeah, normally, typically, and it's a large company, there are three changes. So workplace changes for employees per day.
So it means not only the, the the, the place of the work or, or the, the responsibility of of of their work did change. There must also be changes happen for, for their permissions, for their entitlements. And because of this, it's important to have a, yeah, let's say a, a possibility or the, it's possible to, to have a traceability of, of, of the permissions beside the reporting of permissions regarding job rotation, regarding temporary workers and so on. The change auditing part is also very important.
So to track changes, to make changes traceable, because yeah, sometimes changes happen which are not so good for whatever reason. And it's also important to have these change reporting functionality, but also the, I i I call it status quo reporting for entitlements. So it's important to have a dedicated solution, an external solution, so not a solution which, which uses the, the data, let's say from the IAM system, because as I said before, the roles, the defined roads in in, in identity access management systems, yeah, covers 90% of the roads.
But the importance are the 20, the 10% which are not covered by these systems.
As a conclusion, the challenges and con consequences are that it's of course, important to verify the least privileged principle. And for this, the separation of duties. And because of the reasons I told you before, it's, it's, it, it can become very complex to do it also, let's say for reporting the effective rights or first calculating the effective rights. Granted in active directory, it's, it's not so easy because the native tools provided by Microsoft sometimes are not correct, still not correct.
And Microsoft is not, or do not want to fix it. Providing historical data is also a key question. Of course I can use PowerShell scripts to, to get the current settings, but the question regarding what were, what were the settings?
One, one month before or half year before, with power sales scripts, it's more or less impossible. But with a solution which gathered all the information on a daily, on a weekly basis, you can report also into the past.
So the, the consequences for this is at the end, all the informations or all the points are Yeah, let's say because of, yeah, security, security is a key and entitlements is a key factor for security. And therefore it's important to, yeah, to make your environment more secure, to report the settings in your environment in case of, yeah, an emergency in case of compliance reporting in, in, in for, yeah, let's say for for, for giving you the information, what's set in reality, not regarding the claims, of course, yeah.
The difference between claims and reality is important, but first it's more important to have a report capability to report really the reality. And that's our solution. As I said before, with entitlement and security, we have the capability to report all settings, entitlement settings in ad from the user or from the account, from the object perspective, from the target perspective, from the perspective of who is group membership, who, who is, who is member of a group, who has nested group memberships.
Important is to say, okay, this user has these rights, has these rights, and the rights are granted via these groups, these nested groups. And what's the reality, what's the claim, what's the request? It gives you both sides of the story. And then you have the, you are capable to fix it or to say, okay, everything is fine. What would be the best case for you? So for this, I would say, yeah, back to you.
Back to me.
Thank, thank you Michael. So now we are at the end of our presentation. Thanks a lot for your attention. We're looking forward to meet you at our booth. If you want to get more information about the product, we are also pleased to invite you to a beer and a brazel today afternoon at 4:00 PM It's the start at 4:00 PM and you also can participate and win a d g mini drone. So thank you for your attention and thank you guys.
Are there, are there any questions with the audience?
Well, if not, then I have a question for you, Michelle. Given your 25 plus years experience in the IT industry, do you have any real life examples of consequences due to excessive privileges that you might have seen?
Of course, there are a lot of examples, but yeah, let's say for example, a couple of months ago we had a customer where, yeah, because often accidentally made change, all employees theoretically had access to the sea level file shares, which, which was really a big, big problem. Luckily no one was using it or more or less, no one.
But yeah, it was theoretically possible. And yeah, think about C level, what, what kind of data do you have?
Yeah, company strategy, HR information and so on. So yeah, it was a big, big issue. And it's interesting sometimes you, you, you, you speak with people and or with companies and companies tells you, yeah, yes.
It's, it's, it's interesting and yeah, it's nice to have and so on and so on. And it's, it's nice to have if you do not have, or if you didn't have a problem like this as soon as you have or had a problem like this, then it becomes the importance is, is growing up and it's no longer a question. Is it nice? Is it nice to have tool or nice to have solution?
And yeah, it was really interesting.
Oh, thanks again Michelle and Ina, for your insights.
