While IT professionals recognize the dangers that unauthorized applications cause to their networks, most are letting these dangers go unnoticed, according to survey released today byAvecto.
The study, conducted at TechEd North America 2012 in Orlando, and TechEd Europe 2012 in Amsterdam, surveyed more than 1,500 IT professionals, many of whom hold decision-making and purchasing power in a wide array of work environments, vertical sectors, and job functions.
The survey unearthed the extent to which unfettered, unmanaged and infected applications can potentially sneak onto networks, wreaking havoc before being noticed. Seventy-six percent of those surveyed said they don't know how many unauthorized applications have been downloaded on their networks. This disconnect suggests that organizations will continue to invite infection to their networks if they provide excessive administrator rights to users. This is especially problematic, as noted in the findings, with younger workers increasingly demanding elevated rights on corporate PCs.
Among the survey's notable findings:
- More than one-third of respondents had first-hand experience with the dangers of elevated admin rights, with nearly 40% reporting a network infection as a result of at least one unauthorized application being downloaded on their network.
- 80% of those surveyed pointed to male employees, between the ages of 20 to 35-years-old, as the most likely to demand elevated rights. When considered in parallel with other trends blurring boundaries at work, such as BYOD, a troubling trend emerges in which younger workers have potentially dangerous expectations regarding technology and the workplace.
- IT professionals are largely aware of the benefits of removing admin rights, as more than 50% of respondents would expect a decrease in support calls, and affiliated costs, as a direct result of removing admin rights. Yet, many feel mounting pressure from younger, tech-savvy employees for full administrator rights.
"Staff who have admin rights can unwittingly or irresponsibly download applications that contain malware and cause significant problems if entered into the corporate network," says Paul Kenyon, Avecto co-founder and Chief Operating Officer. "The answer is simple - don't give admin rights out to everyone, only to the few key IT administrators who really need them. You will see an immediate decrease in security risk and associated downtime as well as an increase in productivity from IT."
"We're also seeing the impact of Gen Y, a technically savvy generation that has grown up in an online and freedom-of-access world," adds Kenyon. "They often come into the enterprise with the same expectations of access and availability and - in many instances - have the skills and experience to be able to work around basic security protocols to get what they want. On top of this, many IT departments elevate users to admin rights as a means to quickly solve IT problems. Considering these factors, it's more important than ever for organizations to have a solution in place that enables the quick and secure removal of admin rights from users and the ability to deploy policies that elevate all of the legitimate business applications that require privileged access using privilege management technology."
Windows desktops that run with full administrator rights will continue to put organizations at real risk of infection as the sophistication of privilege escalation malware continues to evolve. Once malware gains access to administrator rights, it will continue to burrow deeper into the organization's infrastructure.
Using a flexible approach to privilege management, such as Avecto Privilege Guard, organizations can deploy secure and compliant desktops, without compromising users' ability to perform their day-to-day role. With Privilege Guard, users are empowered with the privileges they require, resulting in increased productivity and reduced desktop support costs.
Update: Privilege Guard is now Defendpoint
Privilege Guard has now evolved into the new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.