As an executive, at some point you probably did have a thought about going to the IT department and asking them for Full Access privileges. After all, you are the boss. You are in charge. This means you need to have all the possible permissions in your IT system, right?
Wrong!
Of course, it’s tempting to have things like ‘Full access’. That sounds nice and makes you feel even more powerful. But do you need it? In fact, having the IT permissions you don’t need can come out as a very bad idea that will have its consequences.
The general best practice is to follow the Least Privilege Principle. In a nutshell, it’s pretty much self-descriptive. Every user at all times must have the exact amount of permissions they need. No more, no less. This applies to absolutely everyone: regular users, managers, admins, help desks, executives. No exceptions.
The Risks
If you request full access rights from the IT and get them, you impose some serious risks on your organization. As some say, with great power comes great responsibility. Literally.
Target for attacks
Executives’ accounts are an often targeted by all sorts of attacks. Such accounts get compromised much more often than, say, regular users. That’s because the reward for the attacker is bigger. And by giving yourself admin permissions you simply increase this reward and make a potential breach much more serious than it could be.
Competence
There’s also the competence question. Do you really know, how all your system work? Do you really know, exactly what permissions are you getting by giving yourself ‘Full Access’? Are you sure that you won’t mess something up without even noticing? Just be honest with yourself.
There’s nothing bad or shameful about not being fully competent about all the IT things that happen under the hood. You have your own job, admins have their own. But acknowledging that you shouldn’t have the instruments you don’t know how to use, is a serious step that has to be taken. Even if it comes with a grain of salt for some.
Privacy
Also note that there might be legal reasons why you shouldn’t get admin rights. It will very much depend on your country and the industry you are working in, but generally, there might be severe risks. The fact is that if you just get full admin access to your system, you automatically get access to personal info of your employees.
Your IT staff most probably don’t have law degrees, so they won’t be able to tell if it’s illegal to give you access to some personal information of the users stored in your system.
The Solution
If after considering all the risks you still need admin permissions, there is a way to do that. Just create a separate account with all the relevant permissions and only use it when it’s needed. Never assign admin privileges to the account you use every day. You should also use a separate and more complex password and have all the strict policies applied to it.
There are multiple approaches you can achieve the least privilege principle. We at Softerra prefer the Role-Based Access Control Model (RBAC) that we use in Adaxes. It allows you to granularly and efficiently delegate permissions and easily manage the whole thing from a centralized place.
Delegate your permissions properly. And don’t overuse them if it’s not needed.
Written by:
Anton Pozdnyakov, CMO.
Softerra provides Adaxes, a comprehensive management and automation solution for Active Directory, Exchange and Office 365. It helps enterprises to increase IT security, reduce workload on IT staff and enforce data standards.
Add CEOWORLD magazine to your Google News feed.
Follow CEOWORLD magazine headlines on: Google News, LinkedIn, Twitter, and Facebook.
This report/news/ranking/statistics has been prepared only for general guidance on matters of interest and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, CEOWORLD magazine does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
Copyright 2024 The CEOWORLD magazine. All rights reserved. This material (and any extract from it) must not be copied, redistributed or placed on any website, without CEOWORLD magazine' prior written consent. For media queries, please contact: info@ceoworld.biz
SUBSCRIBE NEWSLETTER
