Nearly half of respondents, however, report privileged accounts widespread on company desktops and laptops.
While the majority of security professionals recognize the importance of limiting administrative rights on corporate desktops and laptops, many organizations continue to lag when it comes to implementing least privilege, according to a report released today by Avecto. The survey, conducted at the McAfee Focus 2012 conference in Las Vegas, was comprised of 365 IT professionals attending the show.
While 84% of those surveyed believe their organizations need better control of user privileges on company machines, nearly 40% of respondents reported that more than half of employees at their organizations have privileged accounts and another 5% are unsure how widely privileged accounts are used throughout their organizations. These figures demonstrate a clear dichotomy between organizations' future security goals versus their lacking practices, suggesting a need to fill this void. The survey also points towards a curtailing of the Bring-Your-Own-Device (BYOD) trend, with 70% of respondents naming security as their biggest BYOD concern. Yet, nearly 50% of those surveyed said their organizations either don't have a BYOD policy in place (22%) or allow employees to use any device (27%).
Other notable findings include:
- 45% of those surveyed reported mitigating malware attacks as the primary reason for reducing the number of privileged accounts in their organizations, followed by 18% attributing this to either combatting insider threats (9%) or external compliance (9%).
- Nearly 17% reported their organizations limit the use of personal phones and tablets for work, while 27% do not have any restrictions in place towards devices. Only 12% reported users are not allowed to use their own devices for work.
"As we look towards the new year and beyond, the rising threat of sophisticated malware will drive more companies to look into more proactive defense-in-depth security measures, such as privilege management and application control, to make it more difficult for targeted attacks to infect the orporate network," says Paul Kenyon, Avecto co-founder and Chief Operating Officer. "CTOs are quickly realizing that very few people within an organization require admin rights to be productive, in turn, creating a least-risk environment. Many organizations have taken the first step towards eliminating admin rights from the majority of users and we can expect fewer and fewer employees, including IT admins, afforded fully-privileged accounts - eventually resulting in the demise of the admin right."
"Security concerns will continue to hamper BYOD and it will fail to live up to the hype," adds Kenyon. "In 2013, we'll see that personal devices for corporate use will be increasingly limited to checking email, so users will perform their primary work on corporate-owned laptops, desktops and tablets. Consequently, we expect to see the resurgence of corporate devices and precipitate the inevitable curtailing of BYOD - more choose-your-own-device (CYOD) than bring-your-own-device".
Using a flexible approach to privilege management, such as Avecto Privilege Guard, organizations can deploy secure and compliant desktops, without compromising users' ability to perform their day-to-day roles. With Privilege Guard, users are empowered with the privileges they require, resulting in increased productivity and reduced desktop support costs.
Update: Privilege Guard is now Defendpoint
Privilege Guard has now evolved into the new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.