It’s a fact that secure and managed systems are cheaper to support. This turns security from an initial expense into an enabler.
Reason 5: Encourage users to have fewer devices
More devices introduce complexity resulting in higher costs. Unfortunately, users needs don’t always match business needs so proper justification for using a device – especially if it’s personally owned, must be demonstrated. If you offer a company car you wouldn’t expect to supply a VW Golf for the week and a Porsche for the weekends!
Even if it makes the employee’s life easier - if it’s going to be too expensive for IT to support, then it’s impractical and needs to be deterred. Where a device is to be allowed then it must comply with company policy and a clear strategy of who is responsible for support developed.
Reason 6: Maximize investment in Active Directory
Most organisations will have Active Directory but few realise it can help achieve centralised management and allow a business policy driven architecture. If you’ve got it, why not use the facilities built into the product to enable a more efficient and productive IT system?
That said, there are limits of what you can do in terms of control and security so you might look towards complimenting AD with a third party least privilege solution. This will give more granular control, allowing admin rights to be easily removed without adversely impacting end users and ultimately productivity.
Reason 7: Regulatory compliance
Demonstrating compliance can prevent regulatory fines - and a least privilege approach is at its core. Many compliance codes state, either implicitly or explicitly, that users should have the minimum amount of privileges to complete every day tasks.
For example, PCI DSS (Payment Card Industry Data Security Standard) states that the organisation must ensure privileged user IDs are restricted to the least amount of privileges needed to perform their jobs.
Reason 8: Demonstrate due care
This goes hand in hand with reason 7 as a least privilege approach helps demonstrate to customers that you’re taking all reasonable steps to protect their information. Many organisations and public services have been publicly named and shamed for data breaches which damages reputations and erodes customer confidence. Of course, this also impacts on the profitability of the organization.
Reason 9: Improve network uptime
Many organisations fail to link lost productivity with admin privileges. By running a least privilege environment, you not only improve stability of the desktop but of the entire network. This is down to various security interdependencies - for example, if a machine is infected with a virus it could issue a DOS (denial of service) attack undetected by the user, with the resultant flood of traffic over the network causing routers and switches to grind to a halt, eventually bringing network services to their knees.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.