The challenge of finding the right balance between giving too many admin rights vs. too little admin rights is often talked about from the end user perspective, however the same challenge applies to those managing the IT department itself and this is a part of the journey that is often overlooked.
Taking a collaborative approach between IT and the end user goes some way to helping find that fine line of privilege. Empowering the employee by asking the right questions and working together to establish requirements helps both parties understand the reasons why admin rights need to be properly thought through and why they are so dangerous. This is an education journey for any IT department.
Least privilege is especially important within the IT team, so working with my team to achieve the right balance allows everyone to understand what is required to do their role while ensuring security isn’t compromised.
The benefits to this approach for me as an IT Manager are that my colleagues are better informed, they don’t feel dictated to or restricted in their role and ultimately it means their perception of IT is positive and isn’t one of ‘computer says no’.
Using a combination of delegated rights and Defendpoint, we have defined a role whereby the IT admin not only feels empowered to contribute towards removing carte-blanche access over the network but also understands the impact of “why”.
We have been able to successfully outline admin rights for the IT team across the estate and reach a point whereby my team can carry out their day to day work and at the same time, they feel that they’re not restricted by the principles we’ve collectively put in place.
Why does working with your team to define admin rights work better than dictating?
Taking a collaborative approach means that as a team we’ve arrived at the same goal, but more importantly, we feel like the measures we’ve put in place are joint ones. I have to stress though that this process is ongoing and not one that should be put in place and left, it needs to be reviewed constantly as it’s an ongoing journey.
In my honest opinion, I feel that adopting a least privilege principle of allowing an IT admin to be able to do their job without providing full rights is absolutely the right thing to do. Controlled, audited access also allows the IT admin to feel relaxed about their day to day activities, without the pressure of them feeling they know more than they should. Knowing you have access to everything and in theory, having the ‘big red button’ can be daunting.
In summary, education and involving the team to understand the end goal and getting them on board with the principle is so important. Security risks are an ongoing journey and working as a team to remove admin rights is a massive step forward that can only benefit everyone involved.