To give or not to give — that is the question.
Here’s a common dilemma. One day your boss comes into the IT department and asks you for admin rights. Because the boss needs to be in control and be able to do and access everything in the IT environment. So, what do you do? Just add the account to the default administrators group and hope for the best?
The short answer is NO. And here is why.
Executives are no different from other categories of users in any way. This means that there is no special reason to give them extra permissions that they don’t need. Actually, sticking to the least privilege principle is even more important with high role accounts than with ordinary users.
The Least Privilege principle is the core of your security system. Always stick to it as closely as possible. No exceptions!
The only scenario when executives can have admin rights is when they actually are IT administrators. This can apply to small businesses that don’t have separate IT department. If your executives are performing administrative IT tasks, that is the only excuse for them to have sufficient rights.
In all other cases, it is a very bad idea.
Executives Are Prime Targets for Attacks
In most cases security breaches will be focused on the high rank accounts. So, giving them extra access rights effectively gives more power to the potential attackers’ hands if a breach occurs. This is one of the main arguments that you can use to explain to your boss why you won’t make him or her an administrator even if you are specifically asked to.
There Must Be No Privacy Abuse
Having too much power IT-wise can hurt compliancy. Many executives might overuse their privileges (e.g. having ability to read the emails of employees or see all the personal data associated with their accounts, etc.). That can have its consequences that not everybody might realize straight away: starting from misuse of information to actual legal actions against your company.
Execs Don’t Have Sufficient IT Skills
And they don’t have to. It’s not their job to have knowledge and skills required to properly run the IT environment. That is yet another reason why they don’t need to have admin rights. You don’t give out tools to those who don’t know who to operate them. This can result to serious damage. Literally.
Don’t Do That!
The next time your boss comes to the IT department and ask for admin rights, just don’t do that. Use the discussed arguments as your prime weapon against them.
Remember that if you show signs of weakness and surrender, you will be the one who must clean up the mess that will eventually and inevitably happen. Protect yourself and your IT environment. Stand firm!