Every tier 1 support rep needs to be able to pull up at least some of my account information. Sure IT and other internal teams shouldn't have direct access, but when your business is managing other people's accounts/money a lot of people will need to have access to customer data.
But you can still restrict that. Make it so every access must be tied to a specific open ticket. Don't just say "well, this person sometimes needs access to a specific customer's information so they can have permanent always-on access to all customer information."
How do you know it isn't? The only claim was that there are many employees with acess to 'sensitive customer information'. That would be the case even if the employees could only see customer information associated with tickets that they had been assigned.
I have a lot of access to very confidential customer information at my job. But based on passwords I need to request that require someone else to approve. Based on a ticket/incident/change number that actually needs to exist. The password rotates as soon as it expires. All password requests and usage are logged and audited.
If you need to completely revoke someone's account overnight to prevent adverse impact, you designed your "access matrix" incorrectly.
> If you need to completely revoke someone's account overnight to prevent adverse impact, you designed your "access matrix" incorrectly.
This doesn't make any sense to me, and is in fact exactly how it should work.
So you're telling me that every time, say, a CS rep needs to access some sensitive customer information (which is almost every single call), you think they should need to go through some password approval process? Security procedures that are so cumbersome to getting work done get bypassed.
The whole point of SSO systems is that you can immediately revoke access to any and all systems at once by just changing one setting.
Of course it will depend on exactly how sensitive etc. the information is and there are always grey areas.
But indeed, permanent access to sensitive info without ever needing approval from a second person (beyond being hired and gaining the access) seems like a bad idea.
