The power in numbers
Remember our school days, when we were taught in Mathematics, that if a particular task is completed by 5 people in 10 hours, then 10 people would complete the same task in 5 hours? The conventional adage suggests that the more number of people, the less number of time and energy taken to accomplish a particular task.
Similarly, from corporate perspective, any organization can come to a standstill without adequate manpower. In order to propel business volume or speed, the management very often banks on an efficient group of people to fulfill the objective. Sometimes, it requires to add more heads to attain strategic objectives. In a nutshell, the more number of efficient people, the more productivity and business revenue.
Is it always the same?
There is a say – “Too many cooks spoil the broth!”
Apparently, it is contradictory to the proverb we mentioned earlier. When too many people gather in a place to complete a single task, then there are high chances that the task might be spoiled. There can be several reasons behind the same:
Too many opinions and clash of those opinions leading to disastrous results
Too many people appointed for a very simple task leads to unproductive consequences
The more number of people means more dependability on others instead of taking own responsibilities.
There are several instances where we find that a greater number of people, even if having enough efficiency, fail to accomplish a task. This happens when organizations fail to realize that a work which can be done by two people, should be assigned to two people only. More number of people might unnecessarily hinder the output.
Is ‘more the better’ idea relevant to Privileged Access security?
Enterprise IT ecosystem expands continuously due to increasing IT operations. Confidential information, personal data, databases, applications, among many other kinds of sensitive data keep on generating and accumulating.
To manage this ever-increasing large volume of data, organizations often create privileged accounts which provides access to confidential information. IT managers create privileged accounts and assign trustworthy users who can access, process, and manage data assets as per the prescribed role and rule. However there are two common mistakes in managing privileged accounts.
Firstly, Privileged Identities that are typically created on ad-hoc basis, have a tendency for escalation. The higher number of privileged identities demand greater IT oversight, which in turn increases IT operational and security challenges.
Secondly, it has been observed that many times administrators fail to revoke privileged rights after completion of the task and eventually the number of privileged accounts keeps on increasing in the network. This indirectly creates a huge risk for an organization because there are chances that the unmonitored accounts could be misused by malicious insiders or even suspicious third party users with privileged rights. Malicious elements typically eye privileged credentials to steal confidential information.
In the case of Privileged Access security, the more number of privileged accounts higher the IT risk. A higher number of privileged accounts might not be a smart idea because too many accounts increase administrators’ challenge. It creates a security gap. Less is better when it comes to the number of privileged accounts because it reduces the attack surface. Organizations should adopt Least Privileges principle. The concept of least privileges means that IT administrators limit allocating new privileges as far as possible. If the task can be done without privilege escalation then administrators should resist the creation of new privileged accounts.
To sum up, the conventional idea of the strength of more might not be always right when it comes to privileged access security. Less (number of privileged accounts) is better as far as IT security risks are concerned.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real-time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.