A new study from BeyondTrust underscores what many IT administrators should already know - less privileges can mean more security.
In an analysis of Microsoft security bulletins from 2009, BeyondTrust - which specializes in privilege management - found that removing administration rights is a mitigating factor in 90 percent of the critical Windows 7 vulnerabilities. It was also a mitigating factor in 100 percent of Microsoft Office vulnerabilities and 94 percent of all Internet Explorer vulnerabilities from last year as well.
All together, 64 percent of Microsoft vulnerabilities reported in 2009 could be mitigated by least privileges.
This shouldn't come as a surprise. By limiting the rights of a user, you can limit the ability of malware to do damage should a machine get infected. However, sometimes companies fail to set their machines with the lowest possible privileges for fear of disrupting business.
It is part of an old battle waged in IT between security and usability, or in this case, productivity.
"It comes down to productivity ... granting privileges for the sake of productivity is obviously problematic because it opens up the enterprise to countless security vulnerabilities," said Steve Kelley, executive vice president of corporate development at BeyondTrust. "Conversely, companies who have been left with a throbbing reminder of a security breach sting that have had massive implications like this incidence will sometimes react with an IT lock-down that brings business productivity to a halt.
"Well-established boundaries set by managing privileged access across the enterprise provides the balance between security and productivity that business-critical objectives depend on for maintaining market share and their industry reputation," Kelley said.
The report can be downloaded here.