Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Centralized management: ignore the user at your peril

October 20, 2017

  • Blog
  • Archive

Admins must immerse themselves in the complex world of the endpoint

Centralized management has been an everyday part of computing since the era of the mainframe and yet many decades on its design, operation and ultimate purpose is still undergoing a fascinating and restless evolution.

History should have ended with the mainframe: centralizing the management of computing resources was the natural order; simple, time-efficient, obviously cheaper and absolutely predictable. Then a bunch of clever people came up with the microprocessor and its revolutionary progeny, the personal computer, and centralization built on a simple top-down hierarchy was swept away.

The desktop PC was a big enough challenge but at least it sat in a known environment. Add in today’s mobile devices and the way that the distribution of data in real time has come to be fundamental to modern business, and one might pity the notion that an admin sitting in a room full of servers could ever retain meaningful control over anything.

These days there is an understandable tendency to reinvent management as being about protecting data but heed must be paid to the way the PC also brought into existence another increasingly powerful, unpredictable and challenging force – the user.

Today’s centralized management platforms are designed on the assumption that business must serve the ‘user’, whose brainpower and ability to micro-innovate is what fuels every successful organization. If PC management started life as a technical exercise, management in the age of the user is becoming as much a social and political challenge.

The primacy of the user tells us that simply locking up or restricting access to data is no longer realistic, which raises the obvious question: how can the insecure era of users and data be made to work together without turning data security into a free-for-all?

Over the last decade, vendors addressed this issue with what came to be known as ‘point solutions; jargon for products that secured or monitored – managed if you like - one bit of the security puzzle. Many added user management to the mix. As these discrete systems piled up, organizations started to invest in even bigger systems that could integrate all these disparate elements into one console.

Prominent examples include Microsoft’s Active Directory, built to administer Windows environments through user permissions and group policies, and parallel approaches such as McAfee’s ePolicy Orchestrator (McAfee ePO) platform, oriented more towards securing devices or endpoints.

McAfee’s ePO platform stands out as an interesting example of the way that old-style security management is evolving from simply configuring security controls to one in which administrators set out to gain visibility as to how users are behaving under real conditions.

This is a complex world that needs sophisticated tools that can accommodate third-party tools as well as the vendor’s own, another feature of McAfee ePO. Security systems must be integrated rather than isolated to allow the correlation of events between them, if possible in real time. With real-time monitoring comes a greater need for security automation and security information and event management (SIEM) as well as trend-based reporting, the analysis of security events over time.

Better trend analysis in turn feeds back into better policy formation, a learning stance in which security assumptions are constantly assessed against a real rather than idealized view of the world.

Security management is not, then, simply about designing policies which are defined against a static division of users into different roles, responsibilities and rights. Admins need to see what users are actually doing, adjusting, re-assessing, and tweaking policies so that they keep up with constant change. Policies are always in flux because the world is constantly changing.

The attraction of an endpoint-oriented view of the world is simply that it gives admins insight into the place where users interact with data and applications and which therefore generates most quantifiable security risk.

Even as these ideas enter the mainstream, it is still worth reminding ourselves that in a surprising number of IT setups the endpoint and the user are still largely invisible, only noticed should something obvious actually go wrong. Without a change of heart and more insight into this world, we should assume that the long periods of calm are not as reassuring as they seem.

John Dunn

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.