In a corporate environment, the most important aspect of protecting the security of your network is by leveraging software to ensure users do not have permissions to files and applications that they should not be able to access. There are many ways you can leverage software to ensure proper access rights for your users, including using role based access control, automation and workflows. I hope that the information below will be able to help you make a decision regarding what is most important for your network, and how you wish to protect it.
Role Based Access Control (RBAC) is becoming increasingly important for corporate IT and IS infrastructures to ensure their networks safety. Role based access control allow you to set things up in such a way that Human Resources are the only department with access to payroll data, and that only the Finance Department can access customer payment information such as credit card data. With role based access control software, if needs be, you can also extend permissions to individual users on case by case basis. If, for example some users hold a special role in your organization that may need access rights to another part of your organizations folders, files or application. Without RBAC software, trying to manage all of this within your Information Technology team itself can cause problems due to human error or providing insufficient information about all the roles and access individual users have.
Another way to manage access rights is via automation. This also removes the possibility of human error within your IT team. Using automation allows you to automate things such as user creation, user updates (including permissions), user disables, user purges and so on. Not only can automation handle your local Active Directory environment, it cans also push all of these changes into different downstream systems such as Blackboard, Google Apps, file systems and plenty more. Since the Information Technology team is divorced from the actual process, it saves them time and prevents issues of possibly missing a system which could pose a security risk for your network.
Last but not least is workflow; workflow is great if you have a system that requires one or more levels of approval in order to provide the user with access rights. For example, using workflow you can have managers requesting access for one of their employees to a Google Drive share that then has to be approved by the IT team and then subsequently, approved by the manager of said share. This prevents there from being a single point of access to possibly sensitive corporate information. As an added bonus when using workflow in conjunction with automation it allows you to automate the process of the provisioning once the workflow is complete.
There are numerous ways to improve your network security by leveraging software solutions, such as role based access control, automation and workflow. Most important to note, is using them in conjunction to not only improve network security and compliance but also to make the lives of your IT team easier. This frees them up to handle issues that are more important, such as problems end users might be experiencing with their computers or to prevent outside security threats to your network.