Privileged & Protected - Managing Access At The Endpoint

Following the pandemic, many businesses have had to adapt their security processes to address quick fixes and temporary measures put in place as lockdown began and prepare for a more permanent adoption of remote and flexible working.

However, many still have a significant amount of work to do around the security of endpoint devices, especially those that are owned by employees rather than the company.

Many organisations are now dealing with endpoint sprawl, as employees use multiple devices to access company systems, networks and data from multiple locations. Research conducted by the Ponemon Institute in the US found that the average enterprise now manages around 135,000 endpoint devices – and 48% of these present significant security risks because they’re either no longer detected by the IT department, or they have outdated operating systems. 

Access to privileged administrator accounts is a particular risk in this distributed and decentralised environment. The abrupt move to remote working during COVID often saw staff members granted local admin rights on their laptops and devices, to enable them to get up and running and access the resources they needed to do their jobs without help from IT.

This all adds up to a loss of visibility into endpoints that will significantly weaken companies’ security postures. Clamping down on privileged administrator rights is a vitally important process towards strengthening it again.  

The Danger Of Overprivilege 

Privileged access represents a significant security risk for every organisation, with more people than ever possessing the admin permissions to make changes to key IT systems that sit at the heart of operations. The hackers who breached Intercontinental Hotel Group after accessing the company’s internal password vault said they found that the credentials needed to log in could be accessed by all of the firm’s 200,000 staff. This creates a potentially vast attack surface. 
 
Admin accounts hold great power; those employees who have them are able to access, control and make changes to shared systems, services, applications and devices.

Failing to protect these valuable accounts is like handing cyber criminals the keys to the kingdom. In the wrong hands they can be used to steal or delete data, adjust permissions or make backdoor accounts, for example.

A key part of securing endpoints is the removal of local administrator rights from users who don’t require them, in order to gain control over how they connect to systems. However, many organisations are concerned about the impact this will have on the business.

More than a third (36%) of respondents to a poll carried out by Osirium earlier this year said the biggest challenge with removing local admin permissions was upsetting users, while 25% believe it would increase workloads, and 21% that it would hinder productivity, with employees finding themselves unable to carry out tasks, and the IT helpdesk inundated with requests for simple actions such as software installations or resetting passwords.

Elevate The App, Not The User

The best way to balance productivity with security is to switch from a focus on the user, and the access privileges they possess, to the applications themselves. Instead of elevating the user’s permissions – which grants them unlimited access across the board – privileged endpoint management involves IT administrators approving elevated permissions for a specific application or process, and for only as long as the user needs it. This allows employees to get things done, without giving attackers the wide-open access they’re looking for.

It may be tempting to just remove local rights - the power that lets users install applications or make configuration changes – but that could impact those that actually need elevated privileges to do their work, for example software developers or network engineers. Even product designers may need admin rights to update their AutoCAD plugins.
 
So the goal is to identify which users need which applications and control their access to running those specific applications with elevated privilege, rather than allow unlimited use of local admin rights.

Looking beyond privileged rights on users’ endpoints, it’s critical to take control of the administrator accounts on corporate IT systems - the shared services, databases, and network devices that the business depends on. It’s no surprise that these privileged accounts are involved in 80% of cyber breaches. Privileged access management separates the users from those powerful account credentials and can also enable the monitoring and recording of access to prevent misuse. 

This protects data from being exposed to a breach through employee mistakes, and the abuse of local admin accounts by cyber attackers. It also adds a layer of protection if devices lack the necessary security tools or configurations to defend against attacks. In an environment where criminals are increasingly more likely to log in than hack in, this is crucial. 

Andy Harris is Chief Technology Officer at Osirium

You Might Also Read: 

Securing Hybrid Identity: