The problem of permissions plagues the enterprise. Each employee with access to the enterprise IT environment needs to have some level of permission for each network asset, but the level of permission is usually different for each employee.
For example, some employees may be able to look at customer information, but not change it, others may need to make changes. And some employees may only look at some types of information, meaning that the workers on the loading dock are probably not going to be able to see credit card numbers.
When you have more than just a few employees, the problem multiplies dramatically. You need to keep track of which employee has access to which application, and you need to be able to change the level of permission as employee assignments and your company needs change. If it all sounds complex, that’s because it is.
In fact, improper permission settings are a major cause of security breaches. This is made worse by the rapid expansion of cloud services and a tendency by some to sign up for them outside of normal channels.
BalkanID was created to provide a means of managing these permissions. According to CEO Subbu Rama, what’s needed is access governance. Rama said that BalkanID uses identity access governance to help mid-market companies manage their IGA.
“Many of these companies have to do this for compliance reasons,” Rama said.
“We are actually using AI and making the IGA more intelligent,” he explained. “So for example, that if you have 1000 employees, and you have 100 applications, you will have at least 10,000 accesses.”
Rama pointed out that actually reviewing this number of access requests would be a nightmare. By using BalkanID, he said that access permissions can be defined for each employee for each type of access, and managed in real time.
“We can discover what are all the permissions are that people have,” he explained, “and we can use it to do access reviews, and our tool becomes a system of record for access.”
“Another way of actually people using it is we tell outliers, so for example, we can tell if a developer has production access to AWS, for example, or if a person who has accounts receivable access also accounts payable access. In other words, let’s say if somebody got terminated from the company, do they still have access to the systems?”
Rama noted, however, that BalkanID does not have the ability to actually change permissions. He said that the company did not want to get involved in access management, just to provide the information so that permissions can be changed through other means.
“We’re trying to stay in the access governance space,” Rama said, “not in the access management space, because we want to be least privileged.”
Rama said that he decided to bring his product to the small and mid markets because larger companies already had the ability to manage permissions, something that hadn’t reached smaller companies.
“Even a small startup with a hundred employees has the same problem, because they also have crown jewels, and hackers are basically going after everything,” he said.