Privileged & Protected - Managing Access At The Endpoint

Following the pandemic, many businesses have had to adapt their security processes to address quick fixes and temporary measures put in place as lockdown began and prepare for a more permanent adoption of remote and flexible working.

However, many still have a significant amount of work to do around the security of endpoint devices, especially those that are owned by employees rather than the company.

Many organisations are now dealing with endpoint sprawl, as employees use multiple devices to access company systems, networks and data from multiple locations. Research conducted by the Ponemon Institute in the US found that the average enterprise now manages around 135,000 endpoint devices – and 48% of these present significant security risks because they’re either no longer detected by the IT department, or they have outdated operating systems. 

Access to privileged administrator accounts is a particular risk in this distributed and decentralised environment. The abrupt move to remote working during COVID often saw staff members granted local admin rights on their laptops and devices, to enable them to get up and running and access the resources they needed to do their jobs without help from IT.

This all adds up to a loss of visibility into endpoints that will significantly weaken companies’ security postures. Clamping down on privileged administrator rights is a vitally important process towards strengthening it again.  

The Danger Of Overprivilege 

Privileged access represents a significant security risk for every organisation, with more people than ever possessing the admin permissions to make changes to key IT systems that sit at the heart of operations. The hackers who breached Intercontinental Hotel Group after accessing the company’s internal password vault said they found that the credentials needed to log in could be accessed by all of the firm’s 200,000 staff. This creates a potentially vast attack surface. 
 
Admin accounts hold great power; those employees who have them are able to access, control and make changes to shared systems, services, applications and devices.

Failing to protect these valuable accounts is like handing cyber criminals the keys to the kingdom. In the wrong hands they can be used to steal or delete data, adjust permissions or make backdoor accounts, for example.

A key part of securing endpoints is the removal of local administrator rights from users who don’t require them, in order to gain control over how they connect to systems. However, many organisations are concerned about the impact this will have on the business.

More than a third (36%) of respondents to a poll carried out by Osirium earlier this year said the biggest challenge with removing local admin permissions was upsetting users, while 25% believe it would increase workloads, and 21% that it would hinder productivity, with employees finding themselves unable to carry out tasks, and the IT helpdesk inundated with requests for simple actions such as software installations or resetting passwords.

Elevate The App, Not The User

The best way to balance productivity with security is to switch from a focus on the user, and the access privileges they possess, to the applications themselves. Instead of elevating the user’s permissions – which grants them unlimited access across the board – privileged endpoint management involves IT administrators approving elevated permissions for a specific application or process, and for only as long as the user needs it. This allows employees to get things done, without giving attackers the wide-open access they’re looking for.

It may be tempting to just remove local rights - the power that lets users install applications or make configuration changes – but that could impact those that actually need elevated privileges to do their work, for example software developers or network engineers. Even product designers may need admin rights to update their AutoCAD plugins.
 
So the goal is to identify which users need which applications and control their access to running those specific applications with elevated privilege, rather than allow unlimited use of local admin rights.

Looking beyond privileged rights on users’ endpoints, it’s critical to take control of the administrator accounts on corporate IT systems - the shared services, databases, and network devices that the business depends on. It’s no surprise that these privileged accounts are involved in 80% of cyber breaches. Privileged access management separates the users from those powerful account credentials and can also enable the monitoring and recording of access to prevent misuse. 

This protects data from being exposed to a breach through employee mistakes, and the abuse of local admin accounts by cyber attackers. It also adds a layer of protection if devices lack the necessary security tools or configurations to defend against attacks. In an environment where criminals are increasingly more likely to log in than hack in, this is crucial. 

Andy Harris is Chief Technology Officer at Osirium

You Might Also Read: 

Securing Hybrid Identity:

 

« How Poor Password Hygiene Could Unravel Your Business
The Internet Of "vulnerable" Things? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.