A flexible, highly granular privilege management solution. Users can get work done while reducing your risks. Make implementing least-privilege approaches easy.
The least-privilege principle states that every module (in this case a user or application) must be able to access ONLY the information and resources that are necessary for its legitimate purpose.
But what exactly does that mean? Let’s look at it from a different perspective:
You’ve just bought a brand new house in a new, well-kept but unfamiliar neighborhood. You go to the local hardware store and have a bag of keys cut that will unlock your front door.
As you walk home, you decide to give a brand new, freshly cut key to everyone you meet. You think “the neighborhood looks safe. These people look fine. I trust them with access ” Perfectly ok right?
So, let me ask you a question; if you wouldn’t give people free access to your home why would you give a user or application free access to your network or computer systems?
You network ecosystem can be opened up to a host of potentially harmful actions if you don't privilege people or applications correctly.
It’s a prime example of Murphy’s Law; “what can go wrong, will go wrong.” Centrify will help you avoid potential disaster.
Over time, using the least-privilege principle and Centrify’s Privilege Management can provide you with three simple but important things:
It’s surprisingly easy for a company to fall into a privileging pitfall. Let’s look at some bad practices:
Default Administrative Account/Shared Credentials - Rather than setting up your network administrators with their own, unique administrator account they use one, shared account to access all of the administrative features.
Using one shared account not only makes a network or computer system insecure, but it also strips out any user accountability. If everyone is using the same credentials how would you be able to determine who might have changed a setting or caused a problem on your system?
You can’t. At least not easily.
Individual Administrative Accounts without User-Level Accounts - Setting your admins up with unique administrative accounts is a step forward from sharing credentials, but you’ll still potentially run into issues if those administrators don’t use complementary user level account as well.
A user level account a “computer account that has user-level privileges (and) can be used to access email, browse the internet and run programs that the account is authorized to access.”
In comparison, an administrative account is a “computer account with administrator-level privileges can do all of the same things as a user level account, and also can be used to install software on the system and configure computer and network settings.”
Even though you’ve got users who are administrators, it doesn’t mean they should always log into the system with an administrative account. Using administrative accounts all the time opens you up to a host of potential threats like malware, viruses and hostile takeovers of your system if that administrator isn’t careful.
Using the principle of least privileges as described above and Centrify Privilege Management, you’ll be able to: