The recent rash of high-profile cybersecurity breaches underscored the huge risks that organizations are facing daily, as well as the need to effectively address them. Cyberattacks occur at an alarming rate of 18 per minute. One way to protect against them is to minimize access to critical IT infrastructure.
Users, whether they are rank-and-file employees or IT administrators, should have access privileges for only the applications, databases, and systems they need for their jobs in data center management. Anything more, and you have a potential security risk. Even without malice, users sometimes make mistakes that lead to malware infections. Most ransomware attacks occur because of ill-advised user actions.
A least-privileges approach, therefore, is a good way to minimize the possibility of attack. It’s especially effective when the staff responsible for managing critical IT infrastructure is located in multiple sites. In most setups, there’s no need for a user in Asia to have access to assets in Europe or North America – or vice versa.
Users should be able to log on to only the parts of the environment for which they are responsible. That’s what role-based access control (RBAC) enables by limiting a user’s access to only the IT assets they need, preventing them from touching data that isn’t relevant to their tasks.
Role-based access control benefits
RBAC offers a host of benefits for data center management, including:
When hiring or reassigning employees, organizations can activate and change passwords much more quickly, which eliminates paperwork and reduces the chance of error.
Administrators gain visibility into the environment and make sure users have access to only what they need.
Improved breach protection
User access to sensitive information is restricted by role, minimizing the risk of data breaches.
In heavily regulated industries such as healthcare and finance, RBAC helps meet compliance by restricting access to confidential data.
A new way to access RBAC for data center management
Schneider Electric has added RBAC to the EcoStruxureTM IT Expert cloud-hosted platform because of the numerous benefits of role-based access control. EcoStruxure IT Expert is an advanced infrastructure management platform with real-time monitoring, remote device management, assessment, and instant fault notification. The addition of RBAC enables organizations to better manage infrastructure security by assigning privileges to specific individuals and groups.
It’s a feature that customers, particularly those with operations dispersed around the globe, have been requesting. Before the addition of RBAC, EcoStruxure IT Expert recognized two roles – administrators and users – and both had visibility into the global environment. Now, the platform has group designations, which can be created according to an organization’s needs, and three role designations with distinct sets of permissions – viewer, editor, and administrator.
Viewers can see dashboards, sensors, devices, assessments, call lists, and reports. They also can acknowledge alarms. But you have to be an editor to make changes such as creating and removing dashboards, adding devices, and muting alarms and services. The admin role has all those permissions plus the ability to manage thresholds and call lists, configure devices, and update the firmware.
Permissions can be set by location so that users get access to resources based on where they are located. Users can be part of more than one group. For instance, a user in Denmark can have permissions for a group called “Denmark” and another called “Euro monitoring team.”
Smartphone access at your fingertips
The new RBAC feature also helps users who access the platform through the EcoStruxure IT mobile app. Now, it’s possible to set alarms based on group and user roles so that individuals receive only alarms relevant to their jobs. Previously, you would receive all alarms. It takes only a few clicks to configure the mobile alarm settings.
The RBAC feature adds to other security features already available with the platform. One of them is single sign-on (SSO), which simplifies user authentication both for users and managers. It is especially handy for administrators when a user leaves or is reassigned because the admin needs to turn off permissions for the user only once for multiple resources.
Ready to explore further?
More new features are in the works for EcoStruxure IT Expert, including reporting capabilities planned for 2022. To learn more about role-based security options, check out this article on EcoStruxure IT Expert permissions.
3 weeks ago
I think this is a great step. I would like to see the ability to create custom roles – for example, I have users that I would like to give full admin access to only a specific set of devices, organized into a “location”. I can give them Editor access to those devices, but they should be able to configure and update those devices as well.