Privileged user accounts pose a great challenge, which is often exploited by cybercriminals. Therefore, you are well advised, as IT manager, to limit such accounts. Our experience shows that too often enterprises still grant local administration rights, which implies remarkable security risks. How can you keep security under control, without restricting your users' productivity and flexibility? Read on for our answer!
The threat posed to enterprises by ransomware has greatly increased, with no foreseeable reduction on the horizon. Criminals are well organised, technically highly proficient and have your crown jewels specifically in their crosshairs: your data, the most valuable asset in your enterprise. Attackers work their way beyond your perimeter security and provide themselves with access to your network. Once inside, they get hold of critical resources. In this way, hackers can wreak disastrous damage on your enterprise, which will endanger your reputation and can lead to financial loss or theft of intellectual property. This threat has its origin in two major circumstances: the ever more sophisticated techniques adopted by cybercriminals and on the other hand the enterprises' management of access rights, sometimes excessively complicated.
Privileged accounts ‒ a real threat for enterprises
Privileged user accounts, no matter whether local or central, represent a very high security risk. But why do attackers concentrate themselves precisely on privileged accounts?
- Privileged accounts are found in workstations, network devices, databases, applications, servers, social media accounts, on-premise and cloud services and ICS systems.
- They grant their users full rights ‒ often way beyond what they need to carry out their duties. This allows access to sensitive data and systems.
- Privileged accounts often use shared administrative access, which makes the actual user effectively anonymous.
- Activities performed by these accounts are seldom monitored or logged, which represents an even higher security risk.
To put it plainly, privileged user accounts allow (by design) controlling an enterprise's resources, disabling security systems and accessing a wealth of sensitive data. All forecasts predict that the abuse of privileged accounts in the future will grow, unless enterprises take measures ‒ and that means now!
Protection of privileged accounts should be a central component of the IT security strategy in every enterprise. This is also the reason why several IT administration guidelines are very restrictive and only grant administrative rights to few trustworthy employees. Is this the case in your enterprise?
Local administrator rights ‒ the creeping danger
Many of your employees need to run, install or update applications every day; to do this, they need administrator rights. Users are quietly upset ‒ sometimes not so quiet, though ‒ because due to security restrictions they can hardly run any application without support of the IT function. The outcome is frustrated, partly unproductive employees. The number of enquiries at the IT help desk grows, and so do costs; and this is something that no enterprise really wishes.
What can you do then? A possible approach is to grant local administrative rights, so that users can go ahead with their work without needing support from the IT function. However, experience shows that administrative rights granted as “temporary”, will end up staying and never being revoked. The consequence is a “creeping” extension of privileges and an undefined number of users with wide access rights, of which over time all knowledge is forgotten. Control is lost and guidelines on rights management are undermined – and the attack surface keeps growing. Therefore, this is not the best solution.
“Everything or nothing” ‒ the key to (in)security
Here is another approach: By the principle of “everything or nothing”, only a limited number of people in the whole enterprise are granted administrative rights: this way, the risk that privileged accounts are forgotten is reduced. This leads to having a small number of very influential accounts which is precisely what attackers hope to find. These accounts, with far-reaching access to the enterprise network and its data, are exactly the target of cyberattacks: when compromised, they open countless doors for the attacker. At the same time, these administrative accounts can be a threat for the IT function itself. For instance, an inexperienced IT administrator can issue a command which due to the wide access rights of his/her account does a lot of damage. Not to mention the possibility of an insider attack… Unfortunately, neither this solution works unconditionally.
Least privileged ‒ balancing between security and user friendliness
What can you do then? Sadly, there is no miracle solution. However, it is a fact that only very few people really do need unlimited access to all contents. Therefore, to protect your enterprise in the best way, access rights should be restricted to the necessary minimum level, based on the need-to-know principle. You can only achieve this, when you have full clear understanding of who absolutely needs access to which data, so that you can attribute appropriate security levels to system administrators, application owners, data base administrators etc. – to each their own, instead of “flat-rate” rights.
To achieve an effective security strategy you need to plan, implement and enforce security guidelines for privileged accounts, if you wish to minimise the risk of a severe security incident. The appropriate balance between rights and application controls will then foster a corresponding balance between security and user friendliness, effectively reduce the attack surface and ensure that your users stay productive and secure.
There are flexible tools for the automated management of local administrator rights and application control which can support you in the task. These tools can be used, for instance, to identify which rights are required to execute reliable applications and derive the corresponding guidelines. At the same time, local administrative rights can be extended or restricted as required, in order to enforce a least-privilege guideline for administrators. In this way, both the risk of an attack on your enterprise and restrictions imposed on your users are reduced to a minimum.