File permissions – are you doing it right?

It's a fine line between security and usability

In a recent article we talked about how poorly configured file permissions can leave you open to an attack. This time we are going to look at things from the other perspective. Overly strict permissions may mitigate some of the threat, but they introduce a new issue in the form of inconvenience. 

What is the issue?

Organisations with multiple departments often try to ensure that people only have access to specifically what they require to do their job. In a highly structured business, this can work well. In a lot of businesses however, an employee’s tasks may go beyond the scope of their ‘official’ job description. These 2 scenarios have intrinsic incompatibilities. This can result in lacking the required file permissions, and therefore a decrease in productivity. 

Another situation where this issue can commonly occur is with new employees. If staff have access on a ‘need to know’ basis, new employees could start out without any of the permissions they need. This can make it very hard to hit the ground running. In order to remedy this, businesses can make a small collection of access groups divided by departments – or something else specific to the business – and grant permissions globally based on these groups. This would mean that new employees would automatically have access to whatever they need to get started. At the same time, they would not have excess permissions which could endanger digital assets and compromise security. 

There is always a fine line between security and usability. The hallmark of good system management is balancing security and usability. Users need to be able to do their work without being inconvenienced by over the top lock downs. It may take a few adjustments to reach that point, but managing systems is not a set-and-forget kind of deal, and your IT team should always be working to ensure optimal operation.