Endpoints – the laptops, devices and workstations that employees use daily – are inviting targets for cyber attackers. If they can gain access to an organisation's systems via just one endpoint, they have a launchpad from which they can move laterally across the network in order to steal data or plant ransomware, for example. They may even be able to elevate privileges to gain access to the entire corporate IT environment.
This risk is amplified if the user at the endpoint has credentials that allow them to perform privileged admin tasks and processes – such as setting up new accounts, installing software or changing configuration settings. Accidentally exposing these credentials or misplacing a device linked to local admin accounts could result in significant damage.
Reining in risk
The fact is, every organisation has too much privilege, with too many employees having permissions they don't need. Controlling this is a significant step towards reducing cyber risk. However, this must be done without impairing users' ability to carry out their work or leading to a deluge of requests for the IT helpdesk for simple tasks. Removing rights across the board isn't the answer.
Endpoint privilege management (EPM) allows these powerful, privileged accounts and credentials to be removed from users who don't need them on a permanent basis so they can't be exploited by attackers.
The approach strikes the balance between protecting endpoints – and, in turn, systems and data – against compromise and allowing employees to continue to be productive.
Instead of elevating a user, EPM switches the focus to elevating the applications and processes they need to carry out specific tasks. In other words, the IT team is able to grant approval for users to run the tools with elevated privileges for a limited period of time, with the absolute lowest level of privilege required.
Separate people from passwords
Even users who have received approval are separated from privileged credentials, which means these are never exposed to anybody. EPM software will directly inject logins into target systems. With no access to them, employees have no way of misusing or leaking them.
Reducing the friction
Of course, it's essential to avoid IT being buried under an avalanche of approval requests from staff. EPM tools should, therefore, make it possible to create rules and policies determining who can access what and with what level of privilege and apply them at scale.
They should also provide visibility over all users' activities in case they need to be stopped, as well as audit trails in case an incident has to be investigated later. Demonstrating best practices in the management of privileged access is required to meet many cybersecurity regulations today.
Any EPM solution that is implemented should run these processes automatically in the background – not only to ensure security but also to avoid slowing down or interrupting anybody's work.
The adoption of EPM to protect an organisation's endpoints is rising in importance as a crucial cyber security defence. Even the most experienced and well-trained staff can make mistakes, especially in a hybrid working environment where people access company resources from multiple locations using multiple devices. EPM puts control over privileged accounts back into the hands of the IT team. They can manage exactly what users do and how to reduce the attack surface by removing rights where they're not required while prioritising productivity – ensuring staff can continue to safely access the IT systems, services and data they need to be effective.