Using a Privileged Access Workstation

If someone has suggested that you should use a privileged access workstation, he or she was referring to a protected workstation that is only used to perform sensitive tasks.

The good news – we like good news – is that this is a simple and effective solution to the problem of securing your data. You should do other things too, but creating and maintaining a privileged access workstation can be part of an effective suite of solutions.


How to Create a Privileged Access Workstation

The first thing you should do if you are considering using a privileged access workstation is to separate sensitive business tasks and everyday operations. Consider, then, that sensitive tasks should only be performed on a protected workstation. This workstation should not be used for administrative processes.

What this means is that your staff cannot use the privileged access workstation to check emails or check-in on social network platforms. In many cases, this machine will not even go online. And it must not be connected to other workstations.

This level of restrictions means that your workers can neither unwittingly nor knowingly download anything after visiting a site with questionable security, and then jump into a secured network.

If you or your IT team decide that your privileged access workstation must be connected to the internet, ensure that internet access is restricted to a few secure, trusted sites or machines.


How to Maintain a Privileged Access Workstation

Compared to some other security measures, creating a privileged access workstation can be quick to do. Here are some ways to maintain your good work.

  • Check your workstation regularly to make sure nothing and nobody are slipping through the net.
  • Block access not only to websites, but to anything but pre-approved applications.
  • Keep your software and hardware up-to-date to avoid vulnerabilities.
  • Use strong authentication. Don’t allow your workstation to be compromised by weak, ineffective password and authentication policies.
  • Make sure anyone using this machine is trained in how to do so.
  • Only allow access to necessary applications. This way, if someone does get unauthorized access, there is only so much damage they can do.
  • Keep it in a secure location. For example, this might mean making sure the door to the room is locked when not in use.


There are many ways to protect your staff, your data, and your business. We can help. Get in touch with us today for more information and for help getting started with any IT solution.

Share this article

Browse other Categories

Sign up and stay current!