Analytics
12/11/2012
06:37 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Survey Of IT Professionals Reveals Discrepancy Between Support Of And Implementation Of Desktop Privilege Control

Nearly half of respondents, however, report privileged accounts widespread on company desktops and laptops

Manchester (UK) and Boston, December 11, 2012 – While the majority of security professionals recognize the importance of limiting administrative rights on corporate desktops and laptops, many organizations continue to lag when it comes to implementing least privilege, according to a report released today by Avecto. The survey, conducted at the McAfee Focus 2012 conference in Las Vegas, was comprised of 365 IT professionals attending the show.

While 84% of those surveyed believe their organizations need better control of user privileges on company machines, nearly 40% of respondents reported that more than half of employees at their organizations have privileged accounts and another 5% are unsure how widely privileged accounts are used throughout their organizations. These figures demonstrate a clear dichotomy between organizations’ future security goals versus their lacking practices, suggesting a need to fill this void. The survey also points towards a curtailing of the Bring-Your-Own-Device (BYOD) trend, with 70% of respondents naming security as their biggest BYOD concern. Yet, nearly 50% of those surveyed said their organizations either don’t have a BYOD policy in place (22%) or allow employees to use any device (27%).

Other notable findings include:

· 45% of those surveyed reported mitigating malware attacks as the primary reason for reducing the number of privileged accounts in their organizations, followed by 18% attributing this to either combatting insider threats (9%) or external compliance (9%).

· Nearly 17% reported their organizations limit the use of personal phones and tablets for work, while 27% do not have any restrictions in place towards devices. Only 12% reported users are not allowed to use their own devices for work.

“As we look towards the new year and beyond, the rising threat of sophisticated malware will drive more companies to look into more proactive defense-in-depth security measures, such as privilege management and application control, to make it more difficult for targeted attacks to infect the corporate network,” says Paul Kenyon, Avecto co-founder and Chief Operating Officer. “CTOs are quickly realizing that very few people within an organization require admin rights to be productive, in turn, creating a least-risk environment. Many organizations have taken the first step towards eliminating admin rights from the majority of users and we can expect fewer and fewer employees, including IT admins, afforded fully-privileged accounts – eventually resulting in the demise of the admin right.”

“Security concerns will continue to hamper BYOD and it will fail to live up to the hype,” adds Kenyon. “In 2013, we’ll see that personal devices for corporate use will be increasingly limited to checking email, so users will perform their primary work on corporate-owned laptops, desktops and tablets. Consequently, we expect to see the resurgence of corporate devices and precipitate the inevitable curtailing of BYOD – more choose-your-own-device (CYOD) than bring-your-own-device”.

Using a flexible approach to privilege management, such as Avecto Privilege Guard, organizations can deploy secure and compliant desktops, without compromising users' ability to perform their day-to-day roles. With Privilege Guard, users are empowered with the privileges they require, resulting in increased productivity and reduced desktop support costs.

Resources

Learn more about Avecto and Privilege Guard by visiting www.avecto.com. Connect with Avecto on its blog, on LinkedIn and on Twitter

About Avecto

Avecto is the leader in Windows privilege management, helping organizations to deploy secure and compliant desktops and servers. With its award winning Privilege Guard technology, organizations can now empower all Windows based desktop and server users with the privileges they require to perform their roles, without compromising the integrity and security of their systems. Customers of all sizes rely on Avecto to reduce operating expenses and strengthen security across their Windows based environments. Our mission is to enable our customers to lower operating costs and improve system security by implementing least privilege. Avecto is building a worldwide channel of partners and system integrators and is headquartered in Manchester, UK with key regional headquarters in Andover, MA and Munich, Germany.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web