BeyondTrust. Applying Zero Trust Principles to Privilege Management for Windows & macOS

Over the past two years, organizations worldwide have increased the velocity with which they are moving operations into the cloud and adopting and maturing DevOps, edge computing, edge security, IoT technologies, and a multitude of other digital transformation initiatives. The long-time mindset of perimeter-focused security is clearly no longer tenable in this environment. Fortunately, the understanding that IT environments must evolve to embrace and embody zero trust principles is now almost universal. With that said, zero trust is not an effective strategy for every use case, or even for every company.

Zero Trust and Endpoint Privileges

More and more resources and tasks that require elevated privileges and authentication are being accessed via technology that is not protected by corporate security measures. And with the explosion of remote work, the best practice of removing local administrative rights from corporate endpoints has frequently been neglected in favor of broad provisioning.

While giving end users admin privileges enables increased efficiency in the short-term, it drastically increases organizations’ exposure to online threats. Since least privilege is a core tenet of zero trust, this trend of loosening privilege controls runs afoul of zero trust principles—even as organizations increasingly embrace the zero trust mindset.

BeyondTrust’s 2021 Microsoft Vulnerabilities Report found that 56% of Microsoft vulnerabilities could be mitigated by simply removing admin privileges. So how can organizations secure their privileged assets without adversely affecting end user efficiency? How can they also improve their zero trust posture via privileged access management?

In our paper, A Zero Trust Approach to Windows & Mac Endpoint Security, we explore what zero trust means for Windows & Mac environments, how it can be achieved, as well obstacles that important to understand. The paper also maps BeyondTrust’s Privilege Management for Windows and Mac product to the NIST model’s zero trust principles.

The BeyondTrust product brokers connections between end users and privileged assets based on user roles and access policies defined by system administrators. Once the connection is established, all connections are monitored and audited, and application control is performed. All this is done without the sharing of privileged passwords or the granting of administrator rights to the end user, so only the approved tasks are performed according to strict parameters, and employees can do their jobs without having to jump through hoops.

An added advantage of BeyondTrust Endpoint Privilege Management solution (comprised of Privilege Management for Windows & Mac and Privilege Management for Unix & Linux) is that in-house, legacy, and peer-to-peer technologies can be wrapped in a protective layer, preventing malware from moving laterally through an organization through software that is either outdated or less secure.

In addition, BeyondTrust’s other solutions, Privileged Password Management and Secure Remote Access, can be layered on in an integrated fashion to extend zero controls furthers throughout your environment, while creating powerful cyber defense synergies with Endpoint Privilege Management.

Source: BeyondTrust