What is Four-eyes Authorization?
Four-eyes authorization is a control mechanism that requires at least two people to approve a specific activity before it can be completed.
What are the benefits of Four-Eyes Authorization?
| Security | Transparency | Compliance |
| By requiring dual oversight for critical operations, the system mitigates risks associated with accidental or malicious changes, enhancing overall security. | The detailed audit trail of all requests and approvals promotes accountability, providing clear records of who initiated and who authorized each critical action. | This practice aligns with industry best practices and regulatory requirements, supporting the organization’s compliance efforts and enhancing its security posture. |
Four-Eyes Authorization Scenario
To bolster their data protection and operational security, a company decides to implement four-eyes authorization in their Veeam Backup & Replication environment. This method requires an additional layer of approval for critical operations, ensuring that no single person can execute significant changes without oversight.
- A backup administrator identifies the need to delete old backup data to manage storage resources effectively. They initiate the deletion process within Veeam Backup & Replication. Veeam Backup & Replication, recognizing the the high stakes of this action, triggers the four-eyes authorization process, requiring another authorized individual to approve the operation.
-
The system displays the approval request in the Home view under the Pending approvals section, making it visible to all designated approvers and an automated email is sent to these approvers, detailing the nature of the request, who initiated it, and the potential implications of the action.
-
Upon receiving the notification, a senior IT staff member, responsible for oversight, logs into Veeam Backup & Replication. This staff member reviews the request, including specifics such as the data set to be deleted and the rationale behind the action ensuring that the action won't compromise data availability or breach any organizational policies. The approver can then, once verifying the necessity and safety of the operation, grant the authorization.
-
If an approval request remains unaddressed for a predetermined period (typically 7 days), the system automatically rejects the request. This safeguard ensures that no critical actions remain in a state of limbo, preventing potential oversight failures.