Success Factors of Endpoint Privilege Management
July 5, 2022
Special thanks to my Digital Identity colleague, Alexej Soldatov, for his collaboration and contribution to this blog post.
It is no secret that the vast majority of successful security breaches begin at the endpoint. In fact, a 2020 Ponemon Institute study shows that over a 12-month period, 68% of respondents experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure. As revealed in a 2021 IBM Cost of a Data Breach report, the average cost of an endpoint attack is $4.27 million.
One prime example is WannaCry ransomware, which caused an estimated $4 billion in losses worldwide. More recently, a cyberattack crippled the second-biggest hospital in the Czech Republic during the Coronavirus outbreak, forcing staff to move patients to nearby facilities and postpone surgeries.
Adding to the challenges, more companies are moving to remote work, which means devices outside of the corporate network can access critical internal assets. As such, endpoint security should be at the forefront. The question then becomes how to enable users to efficiently and securely perform their work with the minimum set of privileges while preventing business disruption?
The answer is Endpoint Privilege Management (EPM).
EPM enables organizations to remove administrative rights from their user base and supplement them with on-demand application control and privilege management. Only vetted, trusted applications are allowed to run, and they do so with the lowest possible set of privileges. There is also enough flexibility to determine how to deal with applications that are not yet trusted, therefore establishing a balance between security and user experience/productivity.
When administrator rights are removed from workstations, the attack surface is significantly reduced. In addition, costs go down because there would be fewer help desk tickets to deal with, thanks to self-elevation policies allowing users to install and run applications with approved elevated privileges. This efficiency also extends to the central management of policies. Another advantage is the ability to centrally define policies while improving approval workflows, along with granular application control.
While AV software protects a device against ransomware, spyware and other attacks, its focus lies primarily on the device itself. EDR is a used when an attack has already occurred, helping to contain, investigate and respond.
EPM is designed to prevent attacks by setting up rules and policies regarding what should be allowed (or disallowed) and enforcing least privilege. As such it is a great complement to AV and EDR, not a replacement.
Yes, I’ve seen that implementing an effective program can be difficult—but not if it is approached correctly. Below are four key preparation strategies that can drive a smooth and successful EPM program.
|Strategy||Checklist||Potential issues if not considered|
|Assure clarity on expectations||
|Get the right insights||
|Roll it out in phases||
|Prepare for the transition||
I’ve been involved in many EPM solution deployments; these solutions have been proven time and time again to be the optimal choice because they enable organizations to mitigate key security gaps without compromising user productivity or overloading Service Desk teams.
For more details on these principles or help in establishing or optimizing an EPM program, please reach out.
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.
Copyright © 2022 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.