In previous articles, we discussed why users want administrator rights and why they need them. Now let’s explore why they shouldn’t have them. In today’s increasingly dangerous threat landscape, every organization’s security strategy should include the goal to remove administrator rights. Here are the reasons.
- Zero-Day Threat Protection: Arellia research has proven that running with reduced privileges can mitigate a majority of software vulnerabilities in Microsoft, Adobe, and Mozilla products. Any vulnerability has the potential to be a zero-day: meaning it is exploited before the vendor or security vendors know about it and have a chance to stop exploits with patches or antivirus \ intrusion prevention signatures. Running software with reduced privileges protects commonly software when exploited by vulnerabilities that take advantage of the privileges of the running user.
- Regulatory Compliance: When an organization does not remove administrator rights, users can change system settings, which affects compliance to regulatory standards. Failure to meet standards can result in more audits and remediation work.
- System Stability: Every time a user adds a new piece of software, installs a driver, or changes a setting, the stability of the system is affected. Forrester Consulting published a paper in 2009 finding that 1 out of 7 helpdesk calls were due to users corrupting their system with unauthorized software. If you can take away the user’s ability to make changes, systems will be more stable.
- License Compliance: The Business Software Alliance (BSA) estimates that 1 in 5 pieces of software in the United States are unlicensed. When users have full control over what is installed on their computers, there is nothing to prevent them from intentionally or unintentionally using unlicensed software. In the BSA’s 2010 Piracy Study, they noted, “Many PC users lack a clear understanding of whether common ways of acquiring software are legal or illegal, especially in high-piracy markets.”
- Cost Savings: This reason is as much of a summary of all previous reasons as it is a reason alone. Successful vulnerability exploits often result in lost time, intellectual property, productivity, brand value and customers’ trust. System instability results in lost productivity. Lack of license compliance can result in unbudgeted expenses not to mention costly fines.
An organization can remove administrator rights most commonly by moving users from an administrator to a standard user account. This can create problems around applications that require administrator rights. Some benefits can be achieved by or only with removing rights from applications with a privilege management tool.
Arellia Local Security Solution and Application Control Solution help organizations find users with administrator accounts, find applications that require administrator rights, transition users to standard accounts and elevate applications that require administrator rights, and remove privileges from applications to mitigate vulnerability exploits. The end result is improved protection, compliance, and stability with decreased liability and costs.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.