Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Whose job is it to watch the Admins?

October 20, 2017

  • Blog
  • Archive

Administrators, privileged network deities or just a type of ordinary network user much the same as anyone else? Years into an age where IT security has become a mainstream topic, this remains the sort of polarizing question that can provoke one of two reactions; shock or relief.

Those in the ‘shock’ camp will probably have grown up used to the traditional divide in which there were only two types of network being; the queen bees at the center of chaotic and uncertain network who needed absolute power and were called ‘network admins’. Everyone else was mortal and had to make do with a support number stating the hours of service.

In too many organizations, the power of admins was not only seen as natural so much as necessary, a benign dictatorship of those ‘in the know’.

This model persists, especially in smaller organizations, but it is obsolete because, quite simply, it creates unquantifiable risk. For anyone who agrees with this analysis, the realization that admins are just a specialized type of user is more likely to elicit the second response... that of relief.

The arguments that justify the second world view are myriad. Privilege management for users is a cornerstone of good IT governance; an essential mechanism for making the actions of each and every employee visible regardless of job role. Everyone is a risk and handing out unaccountable rights to any network user is dangerous because it creates a single point of failure. Privilege management introduces accountability which benefits everyone, admins included.

Organizations that ignore such principles risk adding their names to the long and dark catalogue of anecdotes about unhappy admins running amok on networks for one reason or another or those where an error caused a botched configuration change with embarrassing consequences.

So much for the theory…but what about making privilege management work on a practical level?

The basic mechanism of control for all network users remains the old-fashioned login, which for standard users will be to access applications and data and for admins is to access the datacenter servers where these resources are located.

Introducing privilege management such as that offered by Avecto’s Defendpoint into this setup allows admins to be granted the on-demand elevation of rights to a server as well as verified elevation where access is best authorized by a second admin. This adds a layer of authentication for mission-critical resources – those on which the organizations depends – and does so by creating an audit trail recording access through the Enterprise Reporting Pack.

Server access can then be divided very strictly by responsibility so that in the heat of the ‘admin moment’ individuals aren’t tempted to stray on to servers in ways that might have unintended consequences. All server access is visible through comprehensive dashboards.

The old world of the admin worked satisfactorily at a time when organizations were still working out how IT was going to be used in their business model. These days, IT is more likely to be the business model and the risk calculation has been turned on its head. Admins, users, applications and data are the four corners of a secure network and they are all equal. This is how grown-up organizations work.

John Dunn

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.