Combining privilege management and application control can help to reduce expenditure on IT operations labor by over 25%, according to Gartner. The research company’s 2013 desktop total cost of ownership study also concluded that a ‘locked and well managed’ environment with respect to user privilege results in TCO savings of almost 30% – $1,264 per desktop per year – against a ‘moderately managed’ environment.
There’s lots of data supporting the need for – and benefits of – a least privilege approach, but most organizations aren’t aware of the concept, and when they do learn about it, find it too complicated, said Avecto CEO Mark Austin. A McAfee SIA Plus and Microsoft Gold Partner, the company focuses on privilege management solutions, announcing a 92% increase in sales for fiscal 2013 at the end of July, and last week released Privilege Guard 3.8.
The principle of least privilege (also known as the principle of minimal privilege or the principle of least authority) requires that each part of the system has only the privileges that are needed for its function so that even if an attacker gains access to that part, they have only limited access to the whole system. Privilege management is fast becoming the foundation of a defense-in-depth security strategy for both desktops and servers, as it promotes the best practice of least privilege, stated Austin.
Most large enterprises (86%) either do not know or have grossly underestimated the magnitude of their privileged account security problem, while more than half of them share privileged passwords internally, according to a recent study. Xceedium, a network security software and privileged identity management vendor, found that approximately 80% of organizations attempting to use existing PIM solutions from their physical environments quickly recognize that these solutions don’t have the controls or architecture to allow them to safely maximize the benefits of the cloud.
Administrator rights is the root cause behind today’s top security concerns, said Avecto, what Austin calls “the good, the bad and ugly with admin rights”. The company’s least privilege approach assigns admin rights to processes and applications, as opposed to users or computers, which is just as easy as rolling out signature-based AV protection, but with a defense-in-depth advantage that traditional solutions lack, it says.
“Security is always about defense in depth,” said Austin.