Survey reveals IT security not necessarily sure who has admin rights on their system and who does not.
An obvious survey conducted by privilege management provider Viewfinity has revealed a not so obvious result. IT security employees are not necessarily sure who in a company has admin rights on their system and who does not.
According to Viewfinity and a survey among 600 "IT security professionals", 68 percent indicated that they have no idea who in their organizations has local administrator rights. Viewfinity did not reveal more detail about the respondents and it is not clear how many of those surveyed had managerial roles.
20 percent of all respondents said that about 15 to 30 percent of users still had administrator rights on their Windows-based endpoints. Among those who still have admin rights, 35 percent noted they need the rights to do their job, 30 percent said the rights simply have not been removed, 19 percent said that it is due to a local reinstatement and 16 percent said they had been unaware that they had admin rights.
Of course, the presence of more-than-necessary admin rights represents a security problem for organizations as admin-equipped systems could be penetrated by malware and used for distribution in a network. “One of the most popular ways to infiltrate servers is to exploit administrative rights on endpoints and, through that path, get into a position that allows for an attack on the vital part of the enterprise infrastructure,” said Leonid Shtilman, Viewfinity CEO. “Companies wouldn’t go without antivirus – so why would they give administrative rights to users when there is a way for properly managing privileges without exposing the company to unnecessary security risks?”
Shtilman said that especially in a process when admin rights are granted temporarily, the number of admin-rights users climbs and the number of admin rights is suddenly hard to track: "This leads to what we call 'privilege creep' and it is a serious security risk for a considerable number of enterprises.”
Looking for long-term job security? Check out our top 5 certification options.
VIDEO: The Cloud Is Inevitable - Get Training Now!
Organizations are adopting cloud solutions at a rapid pace. Don't be left behind as local data centers shrink.
VIDEO: Move Ahead With Server Virtualization Certification
Server virtualization is hot and its at the heart of data center convergence. Learn more about it and the top 5 training options.
VIDEO: Get Ready For A Career In Unified Communications
Learn about Unified Communications and training opportunities in this growing area so vital to business success.