While the majority of security professionals recognize the importance of limiting administrative rights on corporate desktops and laptops, many organizations continue to lag when it comes to implementing least privilege, according to a report by Avecto.
While 84% of those surveyed believe their organizations need better control of user privileges on company machines, nearly 40% of respondents reported that more than half of employees at their organizations have privileged accounts and another 5% are unsure how widely privileged accounts are used throughout their organizations.
These figures demonstrate a clear dichotomy between organizations’ future security goals versus their lacking practices, suggesting a need to fill this void. The survey also points towards a curtailing of the BYOD trend, with 70% of respondents naming security as their biggest BYOD concern. Yet, nearly 50% of those surveyed said their organizations either don’t have a BYOD policy in place (22%) or allow employees to use any device (27%).
45% of those surveyed reported mitigating malware attacks as the primary reason for reducing the number of privileged accounts in their organizations, followed by 18% attributing this to either combatting insider threats (9%) or external compliance (9%).
Nearly 17% reported their organizations limit the use of personal phones and tablets for work, while 27% do not have any restrictions in place towards devices. Only 12% reported users are not allowed to use their own devices for work.
“As we look towards the new year and beyond, the rising threat of sophisticated malware will drive more companies to look into more proactive defense-in-depth security measures, such as privilege management and application control, to make it more difficult for targeted attacks to infect the corporate network,” says Paul Kenyon, Avecto co-founder and COO.
“CTOs are quickly realizing that very few people within an organization require admin rights to be productive, in turn, creating a least-risk environment. Many organizations have taken the first step towards eliminating admin rights from the majority of users and we can expect fewer and fewer employees, including IT admins, afforded fully-privileged accounts – eventually resulting in the demise of the admin right,” Kenyon added.
“Security concerns will continue to hamper BYOD and it will fail to live up to the hype,” adds Kenyon. “In 2013, we’ll see that personal devices for corporate use will be increasingly limited to checking email, so users will perform their primary work on corporate-owned laptops, desktops and tablets. Consequently, we expect to see the resurgence of corporate devices and precipitate the inevitable curtailing of BYOD – more choose-your-own-device (CYOD) than bring-your-own-device.”