Back to news
Guides6 May 20262 min read

Can you say, right now, who has access to what?

For an MSP, the scariest question isn't from a client — it's from your cyber-insurer. Here's why access gets messy as you grow, a 5-minute orphaned-account audit, and how one access model fixes it.

The CNEX team
Share

A contractor finished a project three months ago. Quick question: do they still have access to that client's files? If you had to think about it, you're not alone — and that pause is exactly what your cyber-insurer is worried about.

For a growing IT shop, "who can see what?" gets harder to answer with every hire, every tool, and every client.

Why access gets messy

The problem isn't carelessness — it's that access lives in too many places. Every tool has its own permissions, set per-tool, per-hire. So offboarding someone means remembering all seven places they had a login, and that depends on memory. Orphaned accounts are how breaches (and failed audits) happen.

A 5-minute audit

Try this right now: pick someone who left or rolled off in the last quarter, and check each system:

  • Email / shared drive — still a member of any client folders?
  • CRM — still an active user?
  • Repos / hosting — keys or seats still active?
  • Password manager — still in shared vaults?
  • The client's own systems — still on their allow-list?

If you can't get to a confident "all clear" in five minutes, that's the gap an attacker (or an auditor) walks through.

One access model, not seven

The fix is to stop managing access tool-by-tool. In CNEX-Flow, a person's access comes from their role and division — provision on hire, revoke on exit, in one place, with a full audit trail and a reverse lookup that answers "who can see this client?" instantly.

A member's real, effective permissions — what they can see, and exactly why.

And here's the part that matters for AI: if your login can't see it, neither can your AI. Connekz inherits the exact same permissions, so asking it a question can never leak what your role couldn't already access.

Know exactly who can see what

See how one access model — provision, revoke, audit, reverse-lookup — replaces the per-tool scramble.

Learn more
TagsAccessMSPSecurity

The CNEX team

We build CNEX-Flow in the open — and run our own shop on it. Read the build story →

See CNEX-Flow run your shop.

Start your free month → Book a demo

Keep reading

How to take on more clients without hiring (or dropping the ball) Guides

How to take on more clients without hiring (or dropping the ball)

Growth usually forces a choice: take on more work and let quality slip, or hold the line and turn clients away. Here's a third option — delegate the predictable work, keep your seniors on the hard problems.

16 May 20261 min read
The real cost of running your shop on seven disconnected tools Guides

The real cost of running your shop on seven disconnected tools

Your subscriptions are the cheap part. The real bill for a stack of disconnected tools is the time your team loses jumping between them — here's how to count it.

28 Apr 20262 min read
Why work slips through the cracks in a growing IT shop Guides

Why work slips through the cracks in a growing IT shop

The dropped ball is rarely a people problem — it's a gap-between-tools problem. Here's a 2-minute audit of where work disappears in a growing IT shop, and the one change that closes the gaps.

15 Apr 20263 min read