NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Restoring user freedom in the security-first enterprise

October 20, 2017

  • Blog
  • Archive

It's been a busy year in the cyber security arena so far, and it doesn't look like the pace will be slowing down. From hacking schemes like Heartbleed to significant data breaches at Home Depot, P.F. Chang's and the Montana Health Department, criminals are stepping up their game. But as organizations adapt their security strategies in kind, there is one key stakeholder who often goes unnoticed: the end user.

Most of the next-generation attacks we see today have external origins, however they are often made worse by people within the organization, particularly users with administrative privileges. This is because once malware makes its way to endpoints it doesn't just seek admin privileges, it requires them to embed itself in IT systems and propagate across machines, causing destruction over the entire organization.

While full removal of admin rights seems to be the obvious solution, it introduces significant implications for end user productivity. Users often require admin rights to do their jobs, even for the simplest tasks, like downloading software or connecting to a printer. For IT organizations in particular, restricting admin rights presents users with a major roadblock to effectively (and happily) completing their tasks.

So, organizations are faced with a seemingly impossible trade off: should security be optimized at the expense of the user?

Let's say that security is top priority, as it is for most enterprises, and the organization decides to restrict admin privileges on their systems. Getting pushback from frustrated users is to be expected, but it also impacts the IT department. When users' rights are removed and they're forced to go through formal processes for application or software downloads, it places greater burden on the help desk, which then has to deal with explaining these processes and supporting the users throughout. Adding to this is the financial burden of those unnecessary service desk visits.

Organizations should strive to find a middle ground, a way to administer control over their systems, while at the same time providing users with flexibility in their roles, and a positive working experience for everyone involved. Let's look at a couple ways this can be achieved.

Least privilege management

Instead of full removal, a least privilege environment can be established where users' rights to download applications or make changes to corporate machines are limited to those necessary for the scope of their job. This means that privileges are assigned to applications instead of users, and elevated only when needed. With least privilege, employees can log into systems as a standard user instead of an admin user, which prevents attackers from gaining access to privileged accounts and makes it more difficult for malware to take control.

This not only yields security improvements, it also drives user empowerment by giving employees the freedom to install applications and manage application updates as needed. At the same time, IT should see a reduction in service requests and incidents, freeing up resources to allocate to bigger, more strategic projects.

A least privilege environment will be especially empowering for tech-savvy Gen-Yers, those that have grown up in the Internet era and are accustomed to (and even expecting) access to what they want, when they want. By providing them with autonomy over how they manage their systems, organizations will be better able to embrace and cater to this new breed of user.

Personalized Messaging

A big part of user empowerment is making users – especially those who might be less informed than the resident techies – feel as though they're tuned into IT's processes, providing them with education around the limitations of their downloads and what next steps might be required.

User Account Controls (UAC) are a standard pop-up feature on most Windows machines that were traditionally responsible for doing just this. But fixed-messages filled with technical jargon do more harm than good, especially when it results in repeated calls from confused users to the IT help desk or worst still, the user clicking continue to a piece to malware.

By thinking from a user's perspective about how those messages are presented, organizations can create more customized messaging that feels truly human, rather than an automated response. These messages might offer, for instance, multi-lingual support and corporate branding. And with localization, reasoning and help desk integration, all in terms that are easy to understand, users are not only provided with a better sense of what they need to do next, but a heightened user experience.

At the heart of any organization is its employees. To attract and retain talent means organizations must transform their working environment to reflect a user-first mentality, rather than one that is IT-led. By taking a more flexible approach to privileges, organizations can harness the abilities of their more tech-savvy employees that demand greater access and power.

Andrew Avanessian,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.