IDC acknowledges that in the absence of fixing applications that require administrative rights [not a reality in many enterprises] organizations must deploy software such as BeyondTrust [Privilege Manager]. By doing so, organizations will be able to securely manage Group Policy and realize an average IT labor savings of $120 per PC per year.
"The fundamental security principle of Least Privilege is getting a lot of visibility these days, and for good reason. Excessive end-user permissions on enterprise desktops is a significant contributor to endpoint security issues that continue to allow the most widespread and potentially damaging threats to proliferate…. [BeyondTrust Privilege Manager, formerly PolicyMaker Application Security] allows administrators to easily target certain applications or tasks to run with increased or lowered permissions. This adds substantial granularity to application privilege management for the Windows environment, helping to significantly minimize attack opportunities."
- Scott Crawford, Enterprise Management Associates
"The ability to define access policies against applications that may require some level of local administrative privileges, while still maintaining the concept of least privileges, is a problem that many organizations face."
- Amrit Williams, industry analyst with Gartner Inc. in San Jose, Calif.
"Ideally you'd like users to run with user privileges so that you can prevent them from compromising their own security by adding software that's not allowed. By giving software more rights than the user needs, any malicious program they accidentally run makes it easier to deeply infect the machine at the kernel level."
- Peter Firstbrook, research director at Gartner Inc. in Toronto, Canada.
