Your Company’s Dirty Little Secret
Spring is on the way (or so I’ve been told), and with it will come spring cleaning – the time when people pay attention to those scrubbing jobs that go overlooked throughout the year: baseboards, window blinds, top of cupboards.
When it comes to corporate networks, there is one place that is often overlooked, and desperately needs your attention:
The company shared network drive.
You know the one. That place that is supposed to be a well-structured hub for collaboration that has turned into a disorganized dumping ground no one wants to take responsibility for. Abandoned folders, content from former employees, and pictures from the company picnic 6 years ago sit alongside strategic plans and financial data.
Contributing to the chaos, we see common bad practices related to folder permissions on company shares:
1. Applying folder permissions to individuals instead of security groups.
Ex. ‘Please give John access to the Finance folder’
This approach creates an unmanageable mess of individual permissions that will be difficult to change in the future. Instead, companies should look to create role-based security groups:
John is a member of the Finance security group, which has full read/write access to the Finance folder.
Now, if John moves from Finance to Marketing, moving him to the appropriate security group will update his folder permission access across the company shares (much easier than updating individual folders!)
2. Lack of awareness regarding security structure and inherited permissions
Windows’ security platform, Active Directory has the ability to create sub folders with permissions inherited from the parent folder. Users who are unaware of the security structure of a network share may inadvertently place content into folders without fully understanding who has access to the information.
The result is not only disorganization, but some genuine security concerns for your organization.
This spring, consider doing a Network Share Cleanup. This article has some excellent tips for undertaking this project. Some key points:
– Communicate, communicate, communicate. Involve all the stakeholders and ensure everyone understands the objectives and plan.
– Set timelines and stick to them
– Create a logical folder structure based on organizational units / departments
– Align security groups and review group membership on a regular basis
– Create a process for new hires and terminations that includes appropriate group membership
Need help? Get in touch. We’d love to help.