Privileged & Protected - Managing Access At The Endpoint

Following the pandemic, many businesses have had to adapt their security processes to address quick fixes and temporary measures put in place as lockdown began and prepare for a more permanent adoption of remote and flexible working.

However, many still have a significant amount of work to do around the security of endpoint devices, especially those that are owned by employees rather than the company.

Many organisations are now dealing with endpoint sprawl, as employees use multiple devices to access company systems, networks and data from multiple locations. Research conducted by the Ponemon Institute in the US found that the average enterprise now manages around 135,000 endpoint devices – and 48% of these present significant security risks because they’re either no longer detected by the IT department, or they have outdated operating systems. 

Access to privileged administrator accounts is a particular risk in this distributed and decentralised environment. The abrupt move to remote working during COVID often saw staff members granted local admin rights on their laptops and devices, to enable them to get up and running and access the resources they needed to do their jobs without help from IT.

This all adds up to a loss of visibility into endpoints that will significantly weaken companies’ security postures. Clamping down on privileged administrator rights is a vitally important process towards strengthening it again.  

The Danger Of Overprivilege 

Privileged access represents a significant security risk for every organisation, with more people than ever possessing the admin permissions to make changes to key IT systems that sit at the heart of operations. The hackers who breached Intercontinental Hotel Group after accessing the company’s internal password vault said they found that the credentials needed to log in could be accessed by all of the firm’s 200,000 staff. This creates a potentially vast attack surface. 
 
Admin accounts hold great power; those employees who have them are able to access, control and make changes to shared systems, services, applications and devices.

Failing to protect these valuable accounts is like handing cyber criminals the keys to the kingdom. In the wrong hands they can be used to steal or delete data, adjust permissions or make backdoor accounts, for example.

A key part of securing endpoints is the removal of local administrator rights from users who don’t require them, in order to gain control over how they connect to systems. However, many organisations are concerned about the impact this will have on the business.

More than a third (36%) of respondents to a poll carried out by Osirium earlier this year said the biggest challenge with removing local admin permissions was upsetting users, while 25% believe it would increase workloads, and 21% that it would hinder productivity, with employees finding themselves unable to carry out tasks, and the IT helpdesk inundated with requests for simple actions such as software installations or resetting passwords.

Elevate The App, Not The User

The best way to balance productivity with security is to switch from a focus on the user, and the access privileges they possess, to the applications themselves. Instead of elevating the user’s permissions – which grants them unlimited access across the board – privileged endpoint management involves IT administrators approving elevated permissions for a specific application or process, and for only as long as the user needs it. This allows employees to get things done, without giving attackers the wide-open access they’re looking for.

It may be tempting to just remove local rights - the power that lets users install applications or make configuration changes – but that could impact those that actually need elevated privileges to do their work, for example software developers or network engineers. Even product designers may need admin rights to update their AutoCAD plugins.
 
So the goal is to identify which users need which applications and control their access to running those specific applications with elevated privilege, rather than allow unlimited use of local admin rights.

Looking beyond privileged rights on users’ endpoints, it’s critical to take control of the administrator accounts on corporate IT systems - the shared services, databases, and network devices that the business depends on. It’s no surprise that these privileged accounts are involved in 80% of cyber breaches. Privileged access management separates the users from those powerful account credentials and can also enable the monitoring and recording of access to prevent misuse. 

This protects data from being exposed to a breach through employee mistakes, and the abuse of local admin accounts by cyber attackers. It also adds a layer of protection if devices lack the necessary security tools or configurations to defend against attacks. In an environment where criminals are increasingly more likely to log in than hack in, this is crucial. 

Andy Harris is Chief Technology Officer at Osirium

You Might Also Read: 

Securing Hybrid Identity:

 

« How Poor Password Hygiene Could Unravel Your Business
The Internet Of "vulnerable" Things? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Chorology

Chorology

Chorology is a leading provider of intelligently automated, data compliance and posture enforcement solutions.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.