Privileged & Protected - Managing Access At The Endpoint

Following the pandemic, many businesses have had to adapt their security processes to address quick fixes and temporary measures put in place as lockdown began and prepare for a more permanent adoption of remote and flexible working.

However, many still have a significant amount of work to do around the security of endpoint devices, especially those that are owned by employees rather than the company.

Many organisations are now dealing with endpoint sprawl, as employees use multiple devices to access company systems, networks and data from multiple locations. Research conducted by the Ponemon Institute in the US found that the average enterprise now manages around 135,000 endpoint devices – and 48% of these present significant security risks because they’re either no longer detected by the IT department, or they have outdated operating systems. 

Access to privileged administrator accounts is a particular risk in this distributed and decentralised environment. The abrupt move to remote working during COVID often saw staff members granted local admin rights on their laptops and devices, to enable them to get up and running and access the resources they needed to do their jobs without help from IT.

This all adds up to a loss of visibility into endpoints that will significantly weaken companies’ security postures. Clamping down on privileged administrator rights is a vitally important process towards strengthening it again.  

The Danger Of Overprivilege 

Privileged access represents a significant security risk for every organisation, with more people than ever possessing the admin permissions to make changes to key IT systems that sit at the heart of operations. The hackers who breached Intercontinental Hotel Group after accessing the company’s internal password vault said they found that the credentials needed to log in could be accessed by all of the firm’s 200,000 staff. This creates a potentially vast attack surface. 
 
Admin accounts hold great power; those employees who have them are able to access, control and make changes to shared systems, services, applications and devices.

Failing to protect these valuable accounts is like handing cyber criminals the keys to the kingdom. In the wrong hands they can be used to steal or delete data, adjust permissions or make backdoor accounts, for example.

A key part of securing endpoints is the removal of local administrator rights from users who don’t require them, in order to gain control over how they connect to systems. However, many organisations are concerned about the impact this will have on the business.

More than a third (36%) of respondents to a poll carried out by Osirium earlier this year said the biggest challenge with removing local admin permissions was upsetting users, while 25% believe it would increase workloads, and 21% that it would hinder productivity, with employees finding themselves unable to carry out tasks, and the IT helpdesk inundated with requests for simple actions such as software installations or resetting passwords.

Elevate The App, Not The User

The best way to balance productivity with security is to switch from a focus on the user, and the access privileges they possess, to the applications themselves. Instead of elevating the user’s permissions – which grants them unlimited access across the board – privileged endpoint management involves IT administrators approving elevated permissions for a specific application or process, and for only as long as the user needs it. This allows employees to get things done, without giving attackers the wide-open access they’re looking for.

It may be tempting to just remove local rights - the power that lets users install applications or make configuration changes – but that could impact those that actually need elevated privileges to do their work, for example software developers or network engineers. Even product designers may need admin rights to update their AutoCAD plugins.
 
So the goal is to identify which users need which applications and control their access to running those specific applications with elevated privilege, rather than allow unlimited use of local admin rights.

Looking beyond privileged rights on users’ endpoints, it’s critical to take control of the administrator accounts on corporate IT systems - the shared services, databases, and network devices that the business depends on. It’s no surprise that these privileged accounts are involved in 80% of cyber breaches. Privileged access management separates the users from those powerful account credentials and can also enable the monitoring and recording of access to prevent misuse. 

This protects data from being exposed to a breach through employee mistakes, and the abuse of local admin accounts by cyber attackers. It also adds a layer of protection if devices lack the necessary security tools or configurations to defend against attacks. In an environment where criminals are increasingly more likely to log in than hack in, this is crucial. 

Andy Harris is Chief Technology Officer at Osirium

You Might Also Read: 

Securing Hybrid Identity:

 

« How Poor Password Hygiene Could Unravel Your Business
The Internet Of "vulnerable" Things? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Garrison

Garrison

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

BlockSec

BlockSec

BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top security researchers and experiencedexperts from both academia and industry.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.