The historic Edward Snowden NSA breach has brought home the importance of controlling admin rights but many security teams have yet to act on the lesson, a snapshot survey by privilege management firm Avecto has found.
Asking 340 attendees of McAfee’s FOCUS 13 conference for their views, the UK firm found that the intelligence agency's darkest hour caused half to re-evaluate their systems for managing admin rights even if three quarters admitted that their policies had not changed as a result.
Although a third believed rogue admins posed a major security risk, this was still less than the 40 percent who cited malware as the primary worry.
Those organisations that had reduced admins privileges had done so to counter malware in 33 percent of cases; 14 percent were worried about external auditing, 11 percent about internal compliance and 11 percent the insider threat.
Admin privileges are a complex issue that affect security on a number of levels, including both insider thtreats and malware. But only 20 percent of organisations believed they even knew how many server admins they had, an extraordinary admission.
“Media attention around the NSA's high-profile breach has created a significant turning point in how organizations think about security, with the IT function now increasingly aware of how attacks can stem from users and system admins with excess privileges,” said Avecto CEO, Mark Austin.
“But awareness alone is not enough for network protection,” he said. Businesses could minimise the possible damage form a rogue admin by ditching excessive rights, he said.
A better approach was to move to a system based not on absolute admin privileges but on privilege elevation as and when it was required. In this model admins became standard users like any other who were given elevated privileges to specific resources in a time-limited way.
Avecto markets its Privilege Guard software (including a version for McAfee’s ePO console) to perform this task, so you’d expect the firm to argue in favour of the technology. But the notion that privilege management and least privilege should be seen as a mainstream technology has some independent support, with a Verizon noting earlier this year that many breaches it had been consulted on could have been avoided using relatively simple controls.