Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Whose job is it to watch the Admins?

October 20, 2017

  • Blog
  • Archive

Administrators, privileged network deities or just a type of ordinary network user much the same as anyone else? Years into an age where IT security has become a mainstream topic, this remains the sort of polarizing question that can provoke one of two reactions; shock or relief.

Those in the ‘shock’ camp will probably have grown up used to the traditional divide in which there were only two types of network being; the queen bees at the center of chaotic and uncertain network who needed absolute power and were called ‘network admins’. Everyone else was mortal and had to make do with a support number stating the hours of service.

In too many organizations, the power of admins was not only seen as natural so much as necessary, a benign dictatorship of those ‘in the know’.

This model persists, especially in smaller organizations, but it is obsolete because, quite simply, it creates unquantifiable risk. For anyone who agrees with this analysis, the realization that admins are just a specialized type of user is more likely to elicit the second response... that of relief.

The arguments that justify the second world view are myriad. Privilege management for users is a cornerstone of good IT governance; an essential mechanism for making the actions of each and every employee visible regardless of job role. Everyone is a risk and handing out unaccountable rights to any network user is dangerous because it creates a single point of failure. Privilege management introduces accountability which benefits everyone, admins included.

Organizations that ignore such principles risk adding their names to the long and dark catalogue of anecdotes about unhappy admins running amok on networks for one reason or another or those where an error caused a botched configuration change with embarrassing consequences.

So much for the theory…but what about making privilege management work on a practical level?

The basic mechanism of control for all network users remains the old-fashioned login, which for standard users will be to access applications and data and for admins is to access the datacenter servers where these resources are located.

Introducing privilege management such as that offered by Avecto’s Defendpoint into this setup allows admins to be granted the on-demand elevation of rights to a server as well as verified elevation where access is best authorized by a second admin. This adds a layer of authentication for mission-critical resources – those on which the organizations depends – and does so by creating an audit trail recording access through the Enterprise Reporting Pack.

Server access can then be divided very strictly by responsibility so that in the heat of the ‘admin moment’ individuals aren’t tempted to stray on to servers in ways that might have unintended consequences. All server access is visible through comprehensive dashboards.

The old world of the admin worked satisfactorily at a time when organizations were still working out how IT was going to be used in their business model. These days, IT is more likely to be the business model and the risk calculation has been turned on its head. Admins, users, applications and data are the four corners of a secure network and they are all equal. This is how grown-up organizations work.

John Dunn,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.