December 18, 2006; 03:29 AM
IDC, the premier global provider of market intelligence for information
technology markets, concluded that organizations save an average of
$120/PC/year and increase service levels by removing administrative
rights from PCs and pushing down configuration settings with group
policies. Many IT departments find removing administrative rights from
PCs challenging according to the Microsoft sponsored study, “The
Relationship Between IT Labor Costs and Best Practices for Identity and
Access Management with Active Directory.” Many
critical business applications require these rights. IDC notes that
deploying BeyondTrust software will enable enterprises to overcome these
challenges and enable the best practice of removing administrative
rights.
“If an organization is unable to stop using
applications that require administrative privileges, then they will
benefit greatly from deploying software such as BeyondTrust Privilege
Manager to enable ‘standard users’
to run those applications,” said Thomas
Dawkins, Sr. Security Marketing Manager for Microsoft. “Many
companies have corporate security policies that mandate the removal of
administrative rights from PCs and users to prevent the users from
changing Group Policy settings and installing unauthorized applications,
whether intentionally or through the inadvertent installation of
malware. Support for least privilege with products like BeyondTrust
Privilege Manager further demonstrates that Windows Vista is the best
choice for businesses that require a secure IT ecosystem.”
Marco Peretti, CTO of BeyondTrust and architect of the first product to
enable the security best practice of Least Privilege in Windows
environments, agrees with IDC’s
recommendations. “Allowing a user to be an
administrator on their PC ensures that they can manipulate and modify
client-based Group Policy data to their heart’s
content, effectively gutting the Windows security model and eliminating
the value that Group Policy provides in managed Windows environments,”
said Peretti. “With BeyondTrust Privilege
Manager, all users can be restricted users while securely using
applications that require administrative privileges. Privilege Manager
accomplishes this by reducing or elevating privileges on a
per-application or per-task basis."
The IDC study states that IT labor savings are achieved by managing
fewer PC configurations. If administrative rights are not removed,
within a few hours of deployment users often begin to change settings,
jeopardizing security and reliability.
“A huge security problem that Windows
enterprises face is that many users must be given administrative
privileges in order to run required applications. However, as we have
seen, administrative privileges are easily exploited by zero-day threats
and malicious users. So you have to ask yourself if you trust your users
and existing security defenses,” said John
Moyer, CEO of BeyondTrust. “BeyondTrust helps
customers move beyond the state of trusting users and systems with
excess privileges, enabling the implementation of a Least Privilege
security model. All users can be restricted users by securely elevating
the privileges of selected applications.”
About BeyondTrust
BeyondTrust Privilege Manager was the first product to allow
administrators to assign permissions to applications and tasks, enabling
the security best practice of Least Privilege in Windows environments.
BeyondTrust Privilege Manager has won many prestigious awards, including “Excellence
in Management of Least Privilege - Customer Trust 2006“
(Info Security Products Guide), “Best of
TechEd 2006 - Security Finalist “ (Windows IT
Pro/SQL Server Magazine), and “Best Product
of 2005 - Policy Management” (MSD2D People’s
Choice Security Award). For more information, visit www.beyondtrust.com.