Legacy Applications and Least Privilege Access Management



Similar documents
Retina CS: Using Strong Certificates

The Challenges of Managing Privileged Access on Windows Desktops and Servers

Simplifying the Challenges of Mobile Device Security

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Three Ways to Secure Virtual Applications

WHITE PAPER. Analyzing the Effectiveness and Coverage of Web Application Security Scanners

How Do IT Security Professionals Prioritize

Challenges of Managing Privileged Access on Windows and Servers

WHITE PAPER. BeyondTrust PowerBroker : Root Access Risk Control for the Enterprise

Avoiding the Top 5 Vulnerability Management Mistakes

WHITE PAPER. Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux

Reduce the Cost of PCI DSS Compliance with Unified Vulnerability Management

WHITE PAPER. Take Back Control of Your Active Directory Auditing

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

October Application Control: The PowerBroker for Windows Difference

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015

How To Manage A Privileged Account Management

SecureIIS Web Server Protection Guarding Microsoft Web Servers

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

Advantages and Disadvantages of Open Source Privileged Identity Management

Understanding BeyondTrust Patch Management

Building a Secure and Compliant Windows Desktop

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

The Economics of Desktop Transformation

Making the Business Case for IT Asset Management

The Need for Vulnerability Assessment and Remediation

ICT budget and staffing trends in the UK

Mitigating the Risks of Privilege-based Attacks in Federal Agencies

Reining in the Effects of Uncontrolled Change

Business Value Analysis-Market Research Report. Endpoint Security

AD Management Survey: Reveals Security as Key Challenge

Desktop Application Virtualization and Application Streaming: Function and Security Benefits

Applying the Principle of Least Privilege to Windows 7

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Secure Data Sharing in the Enterprise

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them.

SOFTWARE UPDATER A unique tool to protect your business against known threats

privileged identities management best practices

Password Practices and Outcomes

Privileged Identity Management. An Executive Overview

Desktop Solutions SolutioWhitepaper

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Beyond Mobile Device Security: Why Comprehensive Endpoint Security and Management is a Must-Have for Small and Medium Enterprises

MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

Internet threats: steps to security for your small business

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Driving Company Security is Challenging. Centralized Management Makes it Simple.

FileLocker. The Top Five Reasons Legal Professionals Must Adopt Private Cloud File Sharing

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

2010 State of Virtualization Security Survey

2014 Survey of Information Security Professionals Published: May 28, 2014

PowerBroker for Windows

Fusing Vulnerability Data and Actionable User Intelligence

Best Practices for Information Security and IT Governance. A Management Perspective

The Casper Suite An ROI overview

Quantifying ROI: Building the Business Case for IT and Software Asset Management

Non-Restrictive Technology in Computer-Based Businesses and Services: The Reboot-To-Restore Concept

Data Management Policies. Sage ERP Online

Did you know your security solution can help with PCI compliance too?

PowerBroker for Windows Desktop and Server Use Cases February 2014

Mobile Device Strategy

University of Pittsburgh Security Assessment Questionnaire (v1.5)

How To Protect Your Organization From Insider Threats

ICT budget and staffing trends in Healthcare

The Importance of First Contact Resolution. 24/7 Service Desk Immediate Support. Long-term Value. DSScorp.com

The 2012 Data Informed Analytics and Data Survey

The Case for Automation

Privileged Access Life-Cycle Management: How PALM Enables Security, Compliance, and Efficiency for Enterprise IT

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

DOT.Comm Oversight Committee Policy

UNDERSTANDING THE VALUE OF MANAGED SERVICES

BYOD report. Comms-care commissioned survey highlighting the change in Bring Your Own Device (BYOD) issues over the past twelve months

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

Board Portal Security: How to keep one step ahead in an ever-evolving game

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

GOT PRIVILEGE? - THE PRIVILEGED CHALLENGE Adam Bosnian EVP America s and Corporate Development

Welcome Guide for MP-1 Token for Microsoft Windows

A Guide to Consumerization & Building a BYOD Policy June 2012

Everything You Need to Know About Effective Mobile Device Management. mastering the mobile workplace

STRONGER AUTHENTICATION for CA SiteMinder

End-user Security Analytics Strengthens Protection with ArcSight

Consumerization Survey Report The Consumerization of IT

The Importance of Cyber Threat Intelligence to a Strong Security Posture

Applications, virtualization, and devices: Taking back control

4 Steps to Effective Mobile Application Security

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Integrated Accounting Desktops Featuring QuickBooks Enterprise

Office of the Inspector General United States Office of Personnel Management. Statement of Michael R. Esser Assistant Inspector General for Audits

GUIDEBOOK MICROSOFT DYNAMICS ENTERPRISE APPLICATIONS FOR SMBS

The smartphone revolution

Leaders in Windows Privilege Management. Least Privilege = Least Risk = Least Cost

Strategies for Protecting Virtual Servers and Desktops

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

AUDIT REPORT. The Energy Information Administration s Information Technology Program

2H 2015 SHADOW DATA REPORT

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Transcription:

BeyondTrust Report ` Legacy Applications and Least Privilege Access Management ~ Legacy applications reveal desktop security Wild West January 2011 Abstract In an enterprise Windows desktop environment, whether a company has 100 or 10,000 seats, the challenge of managing access is fraught with difficulty. In a study conducted by BeyondTrust, this report details the results of a survey of 185 IT Administrators and Help Desk Operatives who are collectively responsible for over 250,000 individual Windows desktops, in EMEA and North America. This report details their experiences with legacy applications in relation to their ability to effectively elevate access to the networks they manage. www.beyondtrust.com BeyondTrust Corporate Headquarters 2173 Salk Avenue Carlsbad, California 92008 Phone: +1 800-234-9072

Table of Contents Executive Summary... 3 About the Data Collection and Analysis... 4 Analysis of IT Administrator & Help Desk Operative Data... 5 Independent IT Analysts and Consultant Control Group... 10 Why Administrators View the Desktop as the Network Wild West... 11 Summary... 12 About BeyondTrust... 13 2 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

Executive Summary Whenever we hear the phrase Wild West, the first words that come to mind are old, unsecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally Wild West provides the perfect analogy for the way an enterprise s remaining legacy infrastructure interfaces with a Windows desktops environment. Though often overlooked, every IT Administrator must face the challenge of managing legacy applications that simply will not run unless individual desktops are configured for administrator access. Indeed, in an enterprise Windows desktop environment, whether a company has 100 or 10,000 seats, the challenge of managing access is fraught with difficulty. Currently, there are two options available to administrators: Option 1: Result: Option 2: Result: Adopt best practice of removing administrative rights. Overwhelms help desk with support calls and hampers productivity. Grant users administrative privileges. Can provide access points for malware, hackers, insider threats; and, the less reported though still equally damaging, fat fingered unintentional error. What has not been clear until now is that IT Administrators and Helpdesk Operatives that choose option 2 for the sake of productivity, and thus leave their desktop environment unnecessarily exposed, are not being cavalier or necessarily neglectful. The fact is they are left with no other choice because without their legacy applications running efficiently, productivity would come to a halt. Legacy applications return administrators to the Wild West. Increasingly difficult to thwart, attacks by people with legitimate access to an organization's computers, devices and networks represent a growing problem across the globe. These insider threats frustrate Admins, auditors and managers who lack the resources to properly identify them, oversee their behavior and protect mission-critical information technology (IT) assets from the misuse of privilege. In a study conducted by BeyondTrust, this report details the results of a survey of 185 IT Administrators and Help Desk Operatives who are collectively responsible for over 250,000 individual Windows desktops, in EMEA and North America. This report details their experiences with legacy applications in relation to their ability to effectively elevate access to the networks they manage. 3 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

About the Data Collection and Analysis To compile this report, we first consulted over 30 sales representatives from our reseller network. They each indicated how often legacy applications were cited as a desktop management headache by the IT managers and Network operatives with whom they spoke. This was interesting because it underlined that poor privileged access management on the desktop, and the inherent risks to network security this poses, is not always the result of neglect or lack of foresight. Instead it suggested that those charged with managing desktop access are forced to act in the way they do either giving everyone full access to the network regardless of job description, or locking the network and productivity down - because the company relies on one or more essential legacy applications which only run on Windows if users are given full administrator, or super user status. To establish whether this anecdotal evidence was uniform across organizations of different sizes, BeyondTrust polled 185 IT administrators and Helpdesk operatives across the UK and North America. Our questions sought to establish what kind of legacy application was responsible for forcing the enterprise to elevate user privileges on the desktop, as well as how much time they spent solving problems caused by the impact of over privileging users. Then, we also polled 40 IT analysts and consultants as a control group. Our rationale here was that, given their position within an organization or as a sub contractor, they would provide an alternative and independent viewpoint which would either verify our initial findings or provide an alternative viewpoint. 4 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

Analysis of IT Administrator & Help Desk Operative Data Which of the following legacy apps, requiring users to be granted either administrator or Power User status to run, do you currently have on your company s desktops? 46% 5% 25% 24% Sage Instant Accounts Intuit Quick Books In-house Bespoke Applications Other Key Findings 1. In organizations with more than 2500 desktops, it was in-house bespoke applications (51% of respondents), and a range of other legacy apps (40%) which force IT Admins to elevate privileges to Administrator or Super User status. 2. In enterprises with fewer than 2500 desktops it was Intuit QuickBooks (33% of respondents), and again other legacy apps (50%) which most often forced IT Administrators to elevate network access privileges to the more risky Administrator or Super User status. Survey respondents were invited to name which legacy app they were nominating when selecting Other, revealing over 50 different apps that were nominated, with a number citing too many to mention. This offers a revealing insight into the state of desktops today i.e. they are littered with applications, each requiring different configuration settings for different users, making effective access management practically impossible. 5 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

On Average, what percentile of your help desk time is involved in fixing problems caused by over-privileged users? 80% of Help Desk Time 60% of Help Desk Time 40% of Help Desk Time 20% of Help Desk Time 0 10 20 30 40 50 60 70 Key Findings 1. IT Admins and Help Desk personnel say they spend more than 1/4 of their time fixing problems caused by over-privileged users. 2. The average amount of time spent fixing these problems was 29% (the vast majority reported spending about 20% of their time). 3. The same results show that 1/3 of IT Admins and Help Desk personnel spend at least 40% of their time fixing these problems... some (a small handful) spend 80% of their time fixing these problems. Gartner s recent report, Organizations That Unlock PCs Unnecessarily Will Face High Costs, shows that when a user is standard user, the amount of IT labor needed for technical support is 24% or $1200 pa per desktop less than when a desktop user is an administrator. 1 1 Gartner, Inc Michael A. Silver, Ronni J. Colville, Dec.19, 2008. 6 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

If you could automate the elevation/restriction of privileges without having to use the help desk, would you do so? No 9% Yes 91% Key Findings 1. 90% of IT Admins and Help Desk personnel who admit to experiencing the headache of managing the impact of legacy apps would welcome help with automating the process of dealing with over-privileged users. 7 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

If you could save the equivalent staff costs by not having to deploy the help desk in elevating privileges for these apps, where would you invest the money? 3% 45% 2% 50% New Sales Staff Upgrading Software New Office Furniture Staff Training Key Findings 1. Their choice of what to do with the money they would save on help desk costs is revealing. Overwhelmingly, they would invest the savings on either training staff or upgrading software. In essence, the experience of IT Administrators and Help Desk operatives are legion; they want to spend more time improving user experience, with better training and software, and less time fighting fires. 8 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

How many Windows desktops does your enterprise have? 37% 14% 14% 15% 20% Less than 500 100-500 500-1,000 1,000-2,500 More than 2,500 Key Findings 1. What is revealing here is that with the exception of the use of Intuit QuickBooks as the prime suspect legacy application, in organizations with more than 2500 desktops the experience of all IT Administrators and Help Desk Operatives is uniform. 2. Legacy applications make their lives difficult and consume a disproportionate amount of their time, regardless of the size of the organization. 3. This points to the ubiquity of Windows and its inherent problems in elevating privileged access based on company policy rather than the requirements of individual applications. 9 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

Independent IT Analysts and Consultant Control Group We established this control group to provide a check and balance to the data provided by the IT Administrators and Help Desk Operatives. While the latter are arguably closer to the coal face, the former has a potentially more objective view given the number of organizations they encounter in their work. The group comprised both general IT and security analysts or consultants. The results provided by this control group were surprisingly consistent with the main group of respondents, and in particular the breakdown of legacy app type (question 1) was almost identical. The marginal differences in their responses were as follows: Question 2: 80% of analysts and consultants suggested that 20% of help desk time was devoted to managing user privileges caused by legacy apps, compared with 66% of IT Administrators and Help Desk operatives. Question 3: Only 80% of analysts and consultants said they would automate the elevation of privileges if they could. Presumably, those that viewed this solution with caution might want to provide a solution of their own. 10 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

Why Administrators View the Desktop as the Network Wild West As cited above, survey respondents were invited to name which legacy applications they were nominating when selecting Other. Revealing over 50 different applications, notable selections include: A number of respondents cited too many to mention. Old Mainframe applications. Software used for running an office (printer drivers) or the desktop itself (defragmenter). Third party point of sale software provided to retailers. Adobe and Flash software. Respondents from industries such as oil, automotive, and chemical cited technical applications which, although used by a handful of employees, still enforce the entire desktop to be set to administrator or super user status. Applications downloaded by individual employees from the web to help them do their job better: for example, financial trading software. Applications downloaded and installed by employees for their own entertainment, including: iphone applications, and in one instance, a Golf Course Game Application - many of which could violate security and compliance regulations. This paints a revealing picture of enterprise desktop environments today: they are littered with applications, each of which requires different configuration settings for different users, and makes effective access management practically impossible. Indeed, is it any wonder that today IT Admins consider desktops the Wild West, not just because of the overwhelm of managing access to multiple applications, but also because they never know what they were going to encounter on a user s workstation. One desktop manager, reported: We have limited control on what the end user can install and change on a desktop, and in many cases we have limited awareness of changes being made. In most cases it s too late if a user installs malware and adware, leaving our desktop resources left fire-fighting problems. 11 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

Summary Far too often, it s been the assumption that that IT Administrators and Helpdesk Operatives are being cavalier or unnecessarily neglectful, when they set desktops to run on administrator status, - the choice for productivity - thus leaving their desktop environment unnecessarily exposed. As this report shows, the experience is quite the contrary. They are not neglectful. They have an impossible task. One that leaves them consistently on the back foot and unable to either finance or execute a desire to make the desktop environments they manage a more efficient place. It is true that more recent editions of both Sage and Intuit, two of the programs cited here, will run on Power User status, but in terms of securing the desktop from either accidental or intentional harm caused by over privileged users, is like trying to shut the door and instead deciding to leave it ajar slightly. It is important to realize the fact that insiders are not just employees. Today, insiders also include contractors, business partners, auditors, customers... And, it is important to recognize that not all insider attacks are done intentionally. The misuse of privilege in an organization can result in accidental and indirect harm as well as intentional. Start 2011 off by understanding best practices for privilege identity management and formulating plans to implement a least privilege solution: Secure Windows, legacy applications and eliminate Admin rights: PowerBroker Desktops enables organizations to remove administrator rights and allow end-users to run all required Windows applications, processes and ActiveX controls. By eliminating the need to grant admin rights to end-users, IT departments can extend Group Policy to create a more secure, compliant and productive environment. 12 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

About BeyondTrust BeyondTrust is the global leader in privilege authorization management, access control and security solutions for virtualization and cloud computing environments. BeyondTrust empowers IT governance to strengthen security, improve productivity, drive compliance and reduce expense. The company s products eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers in heterogeneous IT systems. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, seven of the world's 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in Carlsbad, California with offices in Los Angeles, the Greater Boston area, Washington DC, as well as EMEA offices in London, UK. 13 Legacy Applications and Least Privilege Access Management 2011 BeyondTrust Software, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information