The least privilege principle originated in the U.S. Department of Defense in the 1970s, and it was designed to reduce the potential damage of a security breach, whether accidental or malicious, by limiting access and user rights to the lowest levels possible. Giving employees what they need to access in order to do their work, but not more. Following this principle, many enterprises have removed local administrator rights from business users on endpoints as a proactive security measure.
Removing local administrator rights from users can reduce security risks, but it can also result in unintended productivity tradeoffs. For example, there may be higher IT Help Desk costs with increased requests from users who request access to necessary business applications and productivity tools. Organizations who opt for the alternative, giving full “Administrator” rights to whomever might need them, often find that business users and IT administrators end up with far more privileges than needed, creating a large and frequently exploited attack surface. In today’s modern business environment, privilege delegation can no longer be approached as an “all or nothing” decision.
We’ve released a new eBook, “Achieving Security and Productivity with Least Privilege and Application Control,” to help organizations better understand and tackle the key challenges associated with securing and managing least privilege and applications running on endpoints and servers. Topics covered include:
- Thirteen ways that users with administrative rights can cause damage to an organization.
- Difficult security and productivity trade-offs tied to all-or-nothing privilege delegation.
- The “privilege creep conundrum.”
- The correlation between privilege volume and increased insider and advanced threats.
- The added complexity of endpoints and servers.
- The ubiquity of malware despite efforts to control applications.
- The “50 shades of gray” of enterprise applications.
It’s critical to strike the right balance between security and usability to effectively reduce the attack surface while keeping users productive and reducing the burden on IT teams. “Achieving Security and Productivity with Least Privilege and Application Control” also outlines seven recommendations for developing layered security controls – and provides pointers on what to look for when adopting an integrated privilege management and application control solution.
To download the free eBook, please visit: https://www.cyberark.com/resource/achieving-security-and-productivity-with-least-privilege-and-application-control/.
If you are interested in technology that will help your organization to more effectively minimize local administrator privileges and control applications on endpoints and servers, learn more about Cyberark Viewfinity.
Editor’s Note: CyberArk Viewfinity with enhanced protection is now CyberArk Endpoint Privilege Manager.