Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

10 steps to ensure users only access what they need

by Paul Kenyon - COO, Avecto - Friday, 10 August 2012.

Reason 4: Reduce support costs

It’s a fact that secure and managed systems are cheaper to support. This turns security from an initial expense into an enabler.

Reason 5: Encourage users to have fewer devices

More devices introduce complexity resulting in higher costs. Unfortunately, users needs don’t always match business needs so proper justification for using a device – especially if it’s personally owned, must be demonstrated. If you offer a company car you wouldn’t expect to supply a VW Golf for the week and a Porsche for the weekends!

Even if it makes the employee’s life easier - if it’s going to be too expensive for IT to support, then it’s impractical and needs to be deterred. Where a device is to be allowed then it must comply with company policy and a clear strategy of who is responsible for support developed.

Reason 6: Maximize investment in Active Directory

Most organisations will have Active Directory but few realise it can help achieve centralised management and allow a business policy driven architecture. If you’ve got it, why not use the facilities built into the product to enable a more efficient and productive IT system?

That said, there are limits of what you can do in terms of control and security so you might look towards complimenting AD with a third party least privilege solution. This will give more granular control, allowing admin rights to be easily removed without adversely impacting end users and ultimately productivity.

Reason 7: Regulatory compliance

Demonstrating compliance can prevent regulatory fines - and a least privilege approach is at its core. Many compliance codes state, either implicitly or explicitly, that users should have the minimum amount of privileges to complete every day tasks.

For example, PCI DSS (Payment Card Industry Data Security Standard) states that the organisation must ensure privileged user IDs are restricted to the least amount of privileges needed to perform their jobs.

Reason 8: Demonstrate due care

This goes hand in hand with reason 7 as a least privilege approach helps demonstrate to customers that you’re taking all reasonable steps to protect their information. Many organisations and public services have been publicly named and shamed for data breaches which damages reputations and erodes customer confidence. Of course, this also impacts on the profitability of the organization.

Reason 9: Improve network uptime

Many organisations fail to link lost productivity with admin privileges. By running a least privilege environment, you not only improve stability of the desktop but of the entire network. This is down to various security interdependencies - for example, if a machine is infected with a virus it could issue a DOS (denial of service) attack undetected by the user, with the resultant flood of traffic over the network causing routers and switches to grind to a halt, eventually bringing network services to their knees.