Privileged & Protected - Managing Access At The Endpoint

Following the pandemic, many businesses have had to adapt their security processes to address quick fixes and temporary measures put in place as lockdown began and prepare for a more permanent adoption of remote and flexible working.

However, many still have a significant amount of work to do around the security of endpoint devices, especially those that are owned by employees rather than the company.

Many organisations are now dealing with endpoint sprawl, as employees use multiple devices to access company systems, networks and data from multiple locations. Research conducted by the Ponemon Institute in the US found that the average enterprise now manages around 135,000 endpoint devices – and 48% of these present significant security risks because they’re either no longer detected by the IT department, or they have outdated operating systems. 

Access to privileged administrator accounts is a particular risk in this distributed and decentralised environment. The abrupt move to remote working during COVID often saw staff members granted local admin rights on their laptops and devices, to enable them to get up and running and access the resources they needed to do their jobs without help from IT.

This all adds up to a loss of visibility into endpoints that will significantly weaken companies’ security postures. Clamping down on privileged administrator rights is a vitally important process towards strengthening it again.  

The Danger Of Overprivilege 

Privileged access represents a significant security risk for every organisation, with more people than ever possessing the admin permissions to make changes to key IT systems that sit at the heart of operations. The hackers who breached Intercontinental Hotel Group after accessing the company’s internal password vault said they found that the credentials needed to log in could be accessed by all of the firm’s 200,000 staff. This creates a potentially vast attack surface. 
 
Admin accounts hold great power; those employees who have them are able to access, control and make changes to shared systems, services, applications and devices.

Failing to protect these valuable accounts is like handing cyber criminals the keys to the kingdom. In the wrong hands they can be used to steal or delete data, adjust permissions or make backdoor accounts, for example.

A key part of securing endpoints is the removal of local administrator rights from users who don’t require them, in order to gain control over how they connect to systems. However, many organisations are concerned about the impact this will have on the business.

More than a third (36%) of respondents to a poll carried out by Osirium earlier this year said the biggest challenge with removing local admin permissions was upsetting users, while 25% believe it would increase workloads, and 21% that it would hinder productivity, with employees finding themselves unable to carry out tasks, and the IT helpdesk inundated with requests for simple actions such as software installations or resetting passwords.

Elevate The App, Not The User

The best way to balance productivity with security is to switch from a focus on the user, and the access privileges they possess, to the applications themselves. Instead of elevating the user’s permissions – which grants them unlimited access across the board – privileged endpoint management involves IT administrators approving elevated permissions for a specific application or process, and for only as long as the user needs it. This allows employees to get things done, without giving attackers the wide-open access they’re looking for.

It may be tempting to just remove local rights - the power that lets users install applications or make configuration changes – but that could impact those that actually need elevated privileges to do their work, for example software developers or network engineers. Even product designers may need admin rights to update their AutoCAD plugins.
 
So the goal is to identify which users need which applications and control their access to running those specific applications with elevated privilege, rather than allow unlimited use of local admin rights.

Looking beyond privileged rights on users’ endpoints, it’s critical to take control of the administrator accounts on corporate IT systems - the shared services, databases, and network devices that the business depends on. It’s no surprise that these privileged accounts are involved in 80% of cyber breaches. Privileged access management separates the users from those powerful account credentials and can also enable the monitoring and recording of access to prevent misuse. 

This protects data from being exposed to a breach through employee mistakes, and the abuse of local admin accounts by cyber attackers. It also adds a layer of protection if devices lack the necessary security tools or configurations to defend against attacks. In an environment where criminals are increasingly more likely to log in than hack in, this is crucial. 

Andy Harris is Chief Technology Officer at Osirium

You Might Also Read: 

Securing Hybrid Identity:

 

« How Poor Password Hygiene Could Unravel Your Business
The Internet Of "vulnerable" Things? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.