PwC Switzerland buys Avecto privilege management to secure 3,500 laptops

Rapidly-growing UK firm gets foot in door

Rapidly-growing UK security firm Avecto has announced a major contract with the Swiss arm of consultancy PwC that will see the firm's Privilege Guard security platform installed to manage 3,500 laptop users.

PwC Switzerland decided to adopt the system to restrict and manage user privileges as part of a Windows 7 migration project that also had to accommodate a large percentage of employees who move between locations.

Privilege Guard will be used by PwC's 65-strong IT team to limit the issue of Windows admin privileges needed by many older applications to function correctly. The danger is that admin privileges are also abused by malware and, potentially, by users tying to install non-approved software.

PwC already uses anti-virus, laptop whole disk encryption and "aggressive" patching to secure its mobile workforce.

"Avecto's Privilege Guard fitted the bill perfectly in terms of keeping user desktops flexible and customizable, while at the same time guaranteeing secure access," said PwC Switzerland chief information security officer, Lee Barnet.

"It allowed us to remove default administrator privileges from all users and processes, using elevation on demand to assign rights when required. This approach allows us to increase platform stability and reduce security risk."

When users asked for access to a resource or application requiring admin rights, they could now be given a customised message to smooth acceptance, he said. Using Avecto's system made it possible for the workforce to use applications with safer standard user privileges.

"Auditing was a particular area of focus for us as we wanted to be able to better package the applications that we offer staff to ensure that they meet with their personal needs. With Avecto, we have a much better view of which applications or software staff are installing on a regular basis."

In addition to the contract's size, gaining a foothold in PwC could pay off if other wings of the global firm adopt Privilege Guard.

Are admin rights that important from a security point of view? Not in all cases but more than enough that closing this layer of vulnerability cuts an organisation's risk.

An analysis by Avecto earlier this year noted that of the 147 most serious vulnerabilities reported in Microsoft products during 2013, 92 percent would have been mitigated by removing admin rights according to Microsoft's own assessment.

Avecto itself is an unusual company - a UK security success story that hasn't been bought. Last November's Deloitte Fast 50 competition rated it as the second fastest-growing tech company in the land.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecurityAvectosoftwarePwC

More about DeloitteMicrosoftPricewaterhouseCoopersSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place