Principle of Least Privilege (POLP)

Term Definition

The principle of least privilege (POLP) is the promotion of minimal user profile privileges on a computer. It is based on the user’s job requirements and can also be applied to the processes themselves. POLP states that every component of a system should have the least authority possible to perform its job.

POLP helps keep a computer as secure as possible by assuring that unnecessary privileges are kept to a minimum. The user or component starts off with no privileges and is only given those considered necessary. POLP can be very important in meeting integrity objectives.

Steps for implementing POLP include:

1. Map job functions privileges.
2. Avoid assigning privileges directly to a guest or the public.
3. Untangle the Web of user entitlements.
4. Monitor privileges.

Viewfinity 3.6 – GA July 25, 2011

Viewfinity’s End-to-End Non-Disruptive Move to Least Privileges process encompasses the following automated steps:

1. Discovers user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.
2. Silently discovers applications requiring administrative rights prior to revoking privileges.
3. Provides “Readiness Statistics” based on end user activity that is collected over a period of time to ensure all events requiring administrator rights are captured.
4. Once the collection and analysis has completed, policies to elevate privileges are automatically created and prepared in advance so that when administrative rights are removed, the policies are in place to ensure a non-disruptive move to least privileges.
5. Supports future needs, exceptions and maintenance. Viewfinity:

• Collects user requests with corresponding business justification
• Provides a policy authorization workflow management & approval process

6.     Ongoing auditing and reporting for compliance validation

For a detailed description on all feature updates and enhancements for this release, please review our 3.6 Release Notes.

No one wants to have to deal with the threat of malware, and having an anti-virus solution or an alert system like Google’s is not enough.  Layer up on your defense against IT security threats by removing administrator rights from end users and managing approved applications and privileges with a reliable privilege management solution.  After all, if a user doesn’t have the proper rights to install an application, neither does the malware.  No malware means no warnings or alerts and a peace of mind for companies.

More details about the HIPAA Audit Program emerged as KPMG wins contract to perform audits, as reported by Howard Anderson, Executive Editor, HealthcareInfoSecurity.com in his article titled “HIPAA Audit Program Details Emerge.”

The chances of your healthcare organization being audited by KPGM may sound small or unlikely because they are only expecting about only 150 audits to be completed by the end of 2012.  Just think for a second- what if your organization was one of the 150 selected- are you prepared to pass the HIPAA Audit Program?  If not, are you prepared to face possible fines or run the risk of being made an example to other healthcare organizations?

Viewfinity has helped EagleMed, LLC comply with HIPAA compliance mandates with its award winning Privilege Management solution.  After locking down PCs and moving to a least privilege environment while using Viewfinity Privilege Management to manage administrator rights, EagleMed has been able to effectively prevent the sharing of patient data.  Also, EagleMed is widely reducing the security risks introduced through malware. The successful and meaningful deployment of Viewfinity Privilege Management at EagleMed has won them the 2011 Info Security Products Guide Best Deployment Scenario Award.

 Don’t delay, get started now on the path of complying with HIPAA.

“Staying ahead of the threat curve is the key to preventing breaches,” said Frank J. Ohlhorst of Ziff Davis Enterprise. Frank recently wrote an article for SmarterTechnology.com entitled “Smarter Security Needed to Fend off Smarter Attacks,” where he talks about the exponentially increasing cyber attacks for personal information that have financial motives for cyber criminals.  He mentions how “old” firewalls can no longer protect against these targeted attacks and that the “next-generation” firewalls today are being designed more sophisticatedly with the ability to detect application-specific attacks and enforce application-specific granular security policy for both inbound and outbound traffic, rather than simply blocking ports. 

With next-generation firewalls, comes the next generation of added layers of protection as well.  A multi-layered approach to security protection puts your company ahead of the threat curve.  Simply having a one dimensional security structure is not enough in today’s era of rapidly increasing cyber attacks.  As with every structure, there is a foundation layer that supports all other aspects of the structure and without the foundation layer in place that would defeat the sole purpose of the structure.  

The foundation layer of security protection is removing administrator rights from users. When users are running without administrator rights, the security risks of malware and other intrusions from unapproved installations and downloads is widely reduced. After removing admin rights, IT needs a method to support end user needs.  This is accomplished by using a privilege management solution such as Viewfinity, which allows IT admins to manage policies and privileges at a granular level.   

Take the time to assess your company’s security situation and layer up on security protection; just don’t forget to build the foundation first.  With the right security protection in place and continuous security awareness training for your employees, you are already staying ahead of the threat curve.

On June 17, 2011, Christopher Drew and Verne g. Kopytoff of The New York Times recently talked about Deploying New Tools to Stop the Hackers. Christopher and Verne discuss security tools such as firewalls, anti-virus solutions, black listing, and white listing.  There is arguement that these are great tools for security protection, especially when layered together to provide the most secure defense against attacks. However, there is one crucial piece missing that cannot be overlooked and that is the removing of administrator rights from users and moving to a least privilege environment.

When users have administrator rights on their corporate machines, they often will treat it as their own.  Users will install and download unapproved applications and software that can ultimately be the breaking point of a security breach.  A company is at a higher risk when their users have administrator rights.  You can mitigate these risks when your users are not running with administrator rights.  Once administrator rights are removed from your users, it is important to provide a way to manage privileges and policies that is non-disruptive to your end users.  This is where a solution like Viewfinity’s Privilege Management can help.  Viewfinity’s Privilege Management Solution is implemented without disrupting the productivity of your end users.  IT administrators have granular-level control over what applications and privileges are approved for end users.  This crucial step of removing administrator rights and managing applications and privileges in a least privilege environment provides the solid foundation and firewalls, anti-virus solutions, black listing, and white listing are the layers of additional protection.

Now that you are aware of how much cyber criminals are benefiting financially, take action to not be part of the growing $150 million scheme and protect against Advanced Persistent Threats.