Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

A Brief Introduction to Least Privilege

October 20, 2017

  • Blog
  • Archive

As a new software release for least privilege leaves the building, it seemed an opportune time to start blogging, not to plug the release of course, click here. Alright, I’m allowed one shameless plug in my first blog given the team have worked so hard on this release. But seriously, I’m hoping that my blog will become a balance between sharing my experience in the system management space, with a bias towards least privilege, and providing valuable insights into the Privilege Guard (Edit: now Defendpoint) product.

I’ve never made the time to blog, but I’m going to make a special effort now, so I suppose we’ll see how it goes. I took the plunge with twitter a few months ago, and although I started well, my tweets fell off as the self-imposed pressures of a new software release mounted. Anyway, enough of the excuses and on with my first blog, and of course there will be a twitter link to this blog, so my tweets will be reborn too!

So I suppose an introduction to the principle of least privilege would be a good place to start my first blog, an idea that is not new, but is getting more serious attention in recent years, as companies look to improve security, reduce operational costs and adhere to various compliance initiatives. If you are looking to deploy a locked down environment then implementing least privilege has to be the first step, otherwise your efforts will be worthless.

Least privilege is a simple concept, in that users and applications should be granted the most restrictive set of privileges in order to perform their role or function. In practice, privileges are assigned to users and not applications, which results in the user being granted the privileges required to run all of their applications. This leads to an obvious problem, in that it only takes a single application to require special privileges, such as admin rights, and the user must be assigned these rights.

Least Privilege in the corporate environment

Most corporate environments have hundreds or even thousands of applications, so it’s no wonder that admin rights are still prevalent in many organizations. The problem is further compounded by the need for many users to perform basic admin tasks, such as connecting printers, and performing basic software maintenance, such as upgrading an ActiveX control or launching a software updater.

So although the principle of least privilege is a simple one, turning the principle into practice is not quite as straight forward. It’s very easy to give a user a restrictive account, but to do so without compromising a user’s ability to perform their role effectively is another matter.

In future posts I will cover the drivers for moving to least privilege, best practices, and discuss the various tools and techniques that can be used to implement a least privilege environment. I will also cover the limitations of the built-in capabilities of the Windows operating system, which is why the Privilege Guard product was introduced.

Mark Austin

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.