Before answering the question, we must digress. There are two different issues related to black/white list management. One pertains to managing user permissions to access IT-provided services, such as web applications, specific application features, data, websites and network locations for both current and departing employees. The other has to do with application whitelisting (i.e. managing which applications are allowed to run on a network).
With regard to user permissions, of particular concern to most IT departments is the exploding use of web applications. These applications can lower costs, make users more productive and increase the flexibility of IT departments. But with every new web app application comes another, often weak, user password to manage, and another possible hacker entry point into the network.
Here are a few steps that will help you manage user access to all of the services that IT provides:
- Create a security and compliance group within your company. The group’s purpose will be to monitor who has access to which IT services and how they access them.
- Put place clear policies in place that describe what applications, sites, and services employees can use and how they can use them. This step can be the most difficult because it is so easy for users to “go shopping” for web applications. But you will be well served to create and enforce a clear approval process for accessing all of the services, applications and hardware that employees want or need to use.
- Don't give users administrative rights to their computers. It won’t help with web applications, but you can require users to ask IT for access to download new software.
- We all know that shared accounts can save money, but they can also create security threats. If you must use them, use strong passwords and rotate them often. Using a Single Sign-on (SSO) software will help manage passwords.
- Audit all of your user accounts (LDAP, Active Directory®, and all applications) regularly and make sure you track all applications across all departments.