Special thanks to my Digital Identity colleague, Alexej Soldatov, for his collaboration and contribution to this blog post.

It is no secret that the vast majority of successful security breaches begin at the endpoint. In fact, a 2020 Ponemon Institute study shows that over a 12-month period, 68% of respondents experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure. As revealed in a 2021 IBM Cost of a Data Breach report, the average cost of an endpoint attack is $4.27 million.

One prime example is WannaCry ransomware, which caused an estimated $4 billion in losses worldwide. More recently, a cyberattack crippled the second-biggest hospital in the Czech Republic during the Coronavirus outbreak, forcing staff to move patients to nearby facilities and postpone surgeries.

Endpoint security is front and center

Adding to the challenges, more companies are moving to remote work, which means devices outside of the corporate network can access critical internal assets. As such, endpoint security should be at the forefront. The question then becomes how to enable users to efficiently and securely perform their work with the minimum set of privileges while preventing business disruption?

The answer is Endpoint Privilege Management (EPM).

EPM enables organizations to remove administrative rights from their user base and supplement them with on-demand application control and privilege management. Only vetted, trusted applications are allowed to run, and they do so with the lowest possible set of privileges. There is also enough flexibility to determine how to deal with applications that are not yet trusted, therefore establishing a balance between security and user experience/productivity.

Key EPM benefits

When administrator rights are removed from workstations, the attack surface is significantly reduced. In addition, costs go down because there would be fewer help desk tickets to deal with, thanks to self-elevation policies allowing users to install and run applications with approved elevated privileges. This efficiency also extends to the central management of policies. Another advantage is the ability to centrally define policies while improving approval workflows, along with granular application control.

What about anti-virus and endpoint detection and response?

While AV software protects a device against ransomware, spyware and other attacks, its focus lies primarily on the device itself. EDR is a used when an attack has already occurred, helping to contain, investigate and respond.

The key to EPM's value is prevention

EPM is designed to prevent attacks by setting up rules and policies regarding what should be allowed (or disallowed) and enforcing least privilege. As such it is a great complement to AV and EDR, not a replacement.

Don't fear implementation

Yes, I’ve seen that implementing an effective program can be difficult—but not if it is approached correctly. Below are four key preparation strategies that can drive a smooth and successful EPM program.

Strategy Checklist Potential issues if not considered
Assure clarity on expectations
  • Raise awareness with key business stakeholders regarding your EPM program's requirements.
  • Define, measure and report on realistic KPIs.
  • Understand that with new applications being installed every day, 100% coverage is not feasible. Thus, it's important to implement continuous improvement.
  • Define a change management process to continuously make users aware of the changes being made, potential impacts, workarounds and who to contact if there are issues.
  • User dissatisfaction.
  • An ineffective solution.
Get the right insights
  • Allow time for a discovery phase, including collecting usage data.
  • Use that information to understand usage patterns that can be reported to the business.
  • Engage with business stakeholders on the principles, policies and rules that can be applied to those patterns.
  • Business disruptions.
  • Productivity impacts.
  • An ineffective solution.
Roll it out in phases
  • Update the EPM quick-start policy packages to fit your requirements.
  • Define a phased rollout based on the requirements for solution features such as privilege management, application control and default denials, among others. A phased approach is recommended because it's complex and risky to roll everything out at the same time.
  • Define the release management plan, which should include testing and production; piloting user and machine groups; establishing user/machine wave groups; and creating a rollback plan.
  • Business disruption.
  • Productivity impacts.
  • User dissatisfaction.
  • Increased IT support overhead.
Prepare for the transition
  • Create service transition documentation, including implementation solution design; application review principles, policies, and rules; an application review process; and an application review responsibility matrix.
  • Train the operations team using guides, presentations, trackers, playbooks, shadowing sessions, workshops, etc.
  • Shadow the operations team to ensure concepts are well understood and team is autonomous.
  • Increased issue resolution time.
  • User dissatisfaction.
  • Business disruption.

I’ve been involved in many EPM solution deployments; these solutions have been proven time and time again to be the optimal choice because they enable organizations to mitigate key security gaps without compromising user productivity or overloading Service Desk teams.

For more details on these principles or help in establishing or optimizing an EPM program, please reach out.

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.

Copyright © 2022 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.

Ruben Viegas

Associate Director – Cloud Security CoE Lead, Accenture Europe

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog