Every organization faces one challenge to their IT security position – the user. It doesn’t matter how much security training and advice a person is given – if they want, and can, do something then they will. Unfortunately, a user with admin rights – wittingly or unwittingly – is akin to a loose cannon. You just don’t know when or where they’re going to strike, and the results can be devastating. And once a problem occurs it all too often turns into a downward spiral that can bring down your reputation and your business.
This article outlines 10 logical reasons why every organization should develop a policy of least privilege.
Reason 1: Minimize risk
In a business environment you really need security decisions to be made by IT, governed by business requirements, when it comes to the desktop. Many users don’t understand the implications of configuration changes, such as files within the Windows folder and protected parts of the registry. If these are altered – either accidentally or maliciously, it can make the system unstable and increases the risk of data leakage.
Simply, if IT doesn’t know what applications and changes users have made or installed, then they can’t be sure that sensitive data isn’t being redirected into the hands of an unknown third party.
Reason 2: Improve end-user experience
Security is often seen as preventing users from doing something, but that doesn’t have to be the case. Instead, by adopting a well planned and implemented least privilege policy, you can actually improve the user experience.
Following the example of devices like the iPad and Android Smartphones, which operate in a curated environment, organisations can catalogue a portfolio of programs and applications that are needed, and can be supported. Doing so will help track changes to the system and keep the core system configuration secure.
When users make system-level changes, they can weaken the endpoint or introduce application clashes which can have serious consequences. It also makes it harder to support the enterprise as, if a problem does crop up, IT often get a nasty surprise.
Reason 3: Move to a managed environment
By locking down machines, so that users can only change their desktop configuration and not the core system, you can save time and money – by reducing support costs, lost productivity from network downtime, and the expense of data breach management.
However, to make sure that this facilitates and not hinders the enterprise, thought needs to be given to how the environment will be managed moving forwards. Software distribution, and patch management, at the simplest level could be through Group Policy Software Installation or perhaps System Centre Configuration Manager.
Reason 4: Reduce support costs
It’s a fact that secure and managed systems are cheaper to support. This turns security from an initial expense into an enabler.
Reason 5: Encourage users to have fewer devices
More devices introduce complexity resulting in higher costs. Unfortunately, users needs don’t always match business needs so proper justification for using a device – especially if it’s personally owned, must be demonstrated. If you offer a company car you wouldn’t expect to supply a VW Golf for the week and a Porsche for the weekends!
Even if it makes the employee’s life easier – if it’s going to be too expensive for IT to support, then it’s impractical and needs to be deterred. Where a device is to be allowed then it must comply with company policy and a clear strategy of who is responsible for support developed.
Reason 6: Maximize investment in Active Directory
Most organisations will have Active Directory but few realise it can help achieve centralised management and allow a business policy driven architecture. If you’ve got it, why not use the facilities built into the product to enable a more efficient and productive IT system?
That said, there are limits of what you can do in terms of control and security so you might look towards complimenting AD with a third party least privilege solution. This will give more granular control, allowing admin rights to be easily removed without adversely impacting end users and ultimately productivity.
Reason 7: Regulatory compliance
Demonstrating compliance can prevent regulatory fines – and a least privilege approach is at its core. Many compliance codes state, either implicitly or explicitly, that users should have the minimum amount of privileges to complete every day tasks.
For example, PCI DSS (Payment Card Industry Data Security Standard) states that the organisation must ensure privileged user IDs are restricted to the least amount of privileges needed to perform their jobs.
Reason 8: Demonstrate due care
This goes hand in hand with reason 7 as a least privilege approach helps demonstrate to customers that you’re taking all reasonable steps to protect their information. Many organisations and public services have been publicly named and shamed for data breaches which damages reputations and erodes customer confidence. Of course, this also impacts on the profitability of the organization.
Reason 9: Improve network uptime
Many organisations fail to link lost productivity with admin privileges. By running a least privilege environment, you not only improve stability of the desktop but of the entire network. This is down to various security interdependencies – for example, if a machine is infected with a virus it could issue a DOS (denial of service) attack undetected by the user, with the resultant flood of traffic over the network causing routers and switches to grind to a halt, eventually bringing network services to their knees.
Reason 10: Reduce complexity
Systems are complex enough without users making additional unauthorised and un-catalogued changes.
Logically, organizations should take five steps to keep things simple:
1. A strategy to implement the right type of security
2. Remove admin privileges from the majority of users
3. Give users the flexibility to use the line of business software that they need
4. Identify any users that may need additional rights to install approved software
5. Keep things as simple as possible, to remain secure, but ultimately enable the business to move forwards.
Introducing a least privilege approach really comes down to a logical decision – do you want the best of both worlds?