Contributor:
Paul Kenyon
June 20th, 2013

How Least Privilege Delivers ROI: Insights from Gartner

In an era where 67% of security professionals believe that they do not have ample resource to minimize IT endpoint risk throughout their organization (2013 State of the Endpoint, Ponemon), it has never been more crucial that the IT security projects you prioritize deliver maximum return on investment as well as exceptional security benefits.

Within their 2013 desktop total cost of ownership (TCO) study, research from Gartner continues to advocate the movement of organizations towards a ‘locked and well managed’ environment with respect to user privilege.  The cost profile associated with this landscape is coveted by global organizations as it results in TCO savings of almost 30% against a ‘moderately managed’ environment; that’s $1,264 per desktop per year.

Reducing Cost of IT Support

But how does moving to a least privilege environment allow you to deliver these savings?  Further studies from Gartner analysts conclude that a combination of effective privilege management and application control can help to reduce expenditure on IT operations labor by over 25%.

“Users who have more rights on their PCs than they need will cost more to support because they cause problems by installing unsupported software that can increase organizational complexity or interfere with execution of critical enterprise applications” (Gartner)

Consider Adam.  Adam has administrative rights over his PC.  He just can’t seem to sort the problem that started when he was prevented from opening an email attachment. He thought he resolved the issue himself by downloading some software from the internet. When IT investigates, it’s revealed that Adam has made an endless stream of ‘little tweaks’ to the system for months. Each new modification has inadvertently clashed with other elements, eventually causing the system to crash.

Sound familiar?  The reality is that your application suite is littered with legacy and ‘problem’ apps which are simply incapable of delivering the required functionality to users where they operate under a standard account.  At first consideration, deploying some users as administrators seems to be a sensible way to overcome costs associated with the labor intensive process of ‘packaging up’ individual, often low demand applications and remotely installing these via support.  Adam’s ‘tinkering’ story reveals that awarding administrator rights to all and sundry will hit your IT budget in the longer term.

“Users who don’t have sufficient rights on their PC will cost more to support because they will bother the service desk unnecessarily and be less productive as they wait for IT to respond” (Gartner)

Do your IT department spend hours a day assisting standard users with administrative tasks?  Niggling jobs like changing the system time or connecting to wireless networks cannot be completed by the standard user.

In Windows 7, deploying users as standard will result in an energy-sapping barrage of UAC requests which are a drain on you help desk resource.  Demand for autonomy and flexibility in relation to corporate PC usage is only set to increase as the tech-savvy generation Y make up a greater proportion of your workforce.

The ‘all or nothing’ scenario with respect to tools native to Windows is ‘catch 22’ as deploying users as standard rather than allocating administrative accounts also mitigates over 90% of Windows security vulnerabilities.

The Solution

Implementation of a least privilege environment will dramatically reduce the cost of IT support as applications are automatically elevated in association with individual user need: each user has the ability to seamlessly install and run the applications necessary to the effective performance of their duties without compromising the integrity and security of their systems.

More from the Blog

Related technology and security insights