So far, our series on privilege elevation has looked at why the abuse of your control mechanisms is a significant challenge and why conventional approaches to privileged accounts need to change.
We’ve explored why turning users into administrators is risky and why using UAC is only part of a best practice approach.
All of which leaves one key question: if users shouldn’t be in charge of their own privileges, who should?
When in doubt, raise a ticket
IT teams will know this one well.
If users need privilege elevation, it makes sense that the IT team takes responsibility. However, IT is now an intrinsic part of everything a business does. It’s there at every stage. And that means the IT team to-do list is getting longer by the minute.
Designing an approach where users raise tickets to request privileged access increases this burden, drains resources and can be a slow process. Worse, it’s little more secure than putting the power in the hands of your users. After all, your support desk faces the same fatigue and is prone to the same human error.
The answer isn’t your IT team any more than it is your users. In fact, it’s not a person at all.
The value of automation
In theory, all your privileged account security can be driven by people. But it’s just not a feasible or sustainable approach – let alone a secure one.
That’s why the answer is in automation, striking the balance between security and productivity while removing human input and, in turn, human error.
Platforms like Thycotic Privilege Manager work because they take on the role of arbiter, not based on how busy they are but based on your defined, customised policies.
Your users get an instant answer to the request for privilege elevation. Your IT teams can focus on other tasks that really deliver value. And your attackers come up against a layer of protection that can’t be manipulated, tricked or exploited.
Learn more about Thycotic Privilege Manager.
Missed any part of this blog series. Catch up now.