Why eliminate administrator rights?

The foundation for security and enterprise management

In the 20-plus years I've spent consulting, hand-holding, troubleshooting and securing networks one of the most frequently asked questions I hear from business leaders is "How do I keep sensitive data from the prying eyes of the network administrators?" The answer has always been "trust." It was that way because we really had no way to remove administrative privileges from the administrators. But a new e-book by IT consultant Greg Shields promises to help. In fact, it's titled "Eliminating Administrator Rights" and is a part of Realtime Publishers' Essentials series. If you have a Windows network, this is essential for you.

It’s a small book as are all the entries in the Essentials series but packs a wallop. The three chapters (with a synopsis) are:

1. Understanding Least Privilege: Any discussion on the right-sizing of administrative privileges starts with a solid understanding of how Least Privilege works. This article will define Least Privilege and discuss why simply handing out Administrator privileges doesn’t provide the necessary levels of granular control.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In the 20-plus years I've spent consulting, hand-holding, troubleshooting and securing networks one of the most frequently asked questions I hear from business leaders is "How do I keep sensitive data from the prying eyes of the network administrators?" The answer has always been "trust." It was that way because we really had no way to remove administrative privileges from the administrators. But a new e-book by IT consultant Greg Shields promises to help. In fact, it's titled "Eliminating Administrator Rights" and is a part of Realtime Publishers' Essentials series. If you have a Windows network, this is essential for you.

It’s a small book as are all the entries in the Essentials series but packs a wallop. The three chapters (with a synopsis) are:

1. Understanding Least Privilege: Any discussion on the right-sizing of administrative privileges starts with a solid understanding of how Least Privilege works. This article will define Least Privilege and discuss why simply handing out Administrator privileges doesn’t provide the necessary levels of granular control.

2. The Business Benefits of Eliminating Administrator Rights: Once you understand the right ways in which rights should be assigned as learned in Article 1, your next job is in recognizing how their correct assignment benefits the business. In Article 2, you’ll learn how the business benefits along the lines of operational, security, and compliance when admin rights are eliminated in favor of granular privilege assignment.

3. Limitations in Native Solutions for Privilege Management: Tools are natively available today in the Windows OS that go only part of the way in achieving the goals of Least Privilege. But each of those tools remains too coarse in rights assignment. In Article 3, you’ll learn about those native tools and read about the critical omissions in how they assign privileges to users and applications.

Now obviously Article 3 is where you’ll hear the sponsor’s message (it’s sponsored by BeyondTrust, which markets privilege management products) but it’s still useful information. There are a number of organizations in the privilege management field; even Internet2 the higher education consortium, offers the open-source Signet package for privilege administration.

Download and read the book, then start thinking about your own (and your staff’s) privileges and how your organization can be protected.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.