Ivanti Blog: Posts by

Not Another Blog about SolarWinds – 3 Ways Ivanti can Help Protect You

Fri, 05 Mar 2021 19:49:13 Z

The SolarWinds exploits have been widely reported, fully covered, and basically as we would say in Aussie – Done to Death Mate.

But some of the info got me thinking, especially this article from my buddies at Microsoft which gives some great background and flows for that how the attacks were actually working.

I’ve been working with Ivanti Application Control – formerly AppSense Application Manager for over 17 years. I luv it 😊

I’ve installed it in hundreds and hundreds and hundreds of Customer sites and trained hundreds of people on its use.

Even then, some new use cases come up, and some if its features lend themselves to protecting against new and old styles of attacks, as the world and our hackers evolve.

How did the Attack work, What can we do?

So, let me give you my spin on what the attack style and steps mean to me, through the lens of someone who helps customers with Ivanti Application Control (AC).

Trusted Applications can still do bad stuff. Yes, I know it may be hard to believe and hard to stomach, but trusted applications can be hacked. Exhibit A is of course the SolarWinds attack. We know that the process SolarWinds.BusinessLayerHost.exe downloaded a compromised dll, which then created a couple of files on the disk. After some jiggery, pokery in the registry, script files were then kicked off by dllhost.exe – a very valid system process. Rundll32.exe – another well trusted system process - was also roped in to go and run some of the dodgy files as part of the attack and cleanup.
Tracing and Hunting is great, but prevention is even better. It’s great to have visibility, and capture traffic running around your network, and calls out to hacker sites, but my view has always been - I like to see security issues blocked at the source. Two philosophies in Security, fix it fast when it breaks, or stop it breaking in the first place. I am very firmly in the second camp there, let’s stop things first.
Know what your Apps should and shouldn’t be doing. Do Trusted Applications really need to be executing batch files and VB or PowerShell scripts? Under what circumstances should that be allowed. A little testing and planning will give you visibility, and from there you can make some informed decisions, and take some protective steps.

3 Ways Ivanti Application Control can Help.

Given all that info above, here’s 3 areas of Ivanti Application Control configuration that can help you protect yourself against compromised TRUSTED applications – DISCLAIMER – PLEASE TEST ANY OF THESE RULES FIRST IN AUDIT ONLY MODE IN YOUR ENVIRONMENT BEFORE DEPLOYING:

Remove SYSTEM as a Trusted Owner. Out of the box, SYSTEM is added as a Trusted Owner. Now that might seem logical, and you might even think that is a 100% no brainer requirement – not so fast Mate. I remember back when I was doing my GCIH certification training with SANS, and we were using Metasploit to attack a Windows Spooler service and drop a copy of netcat.exe on a server, the context of the service we were attacking was SYSTEM. Which meant, when the file hit the disk, it was owned by SYSTEM. Removing SYSTEM from the AC config would block the execution of any file copied to the disk as part of a compromised service. The Instructor was very impressed!
Add Microsoft Recommended Blocks. Now his one is mandatory for level 2 and 3 Maturity levels for the ASCS Essential 8 “Application Control’. The listed applications are ones that have security implications or are just downright dangerous. The current list can be found here. One I wasn’t initially aware of was good old BGInfo.exe (prior to version 4.22), until a Customer asked me about it and I then realised it could be used to run VB scripts and bypass the built in Windows VB compiler. We found that by blocking the relevant dll’s you could stop the VBScript backdoor, but as it was on the Blocked App list, it’s safer to just block it. BGInfo version 4.22 fixed this issue so you could use that version if you really need to.
Process Rules are your Friend. Yes, one of my favourite functions in Ivanti Application Control is the ability to run Process Rules. So, with these, you would lock down the .exe with metadata, or even in some cases a signature, and then create a rule allowing that exe to either run or be blocked from calling additional components. So you could say – I trust the exe, so let it run .dll’s, BUT there is never any circumstance where it should run a .bat, .vbs, or .PS1 file so block those, and throw in blocking Powershell.exe while you’re at it. This could even be implemented across the platform as a blanket rule, and only allowed on a “Need to Run” basis.

Implementing the above rules will stop attacks like the SolarWinds one in its tracks.

SYSTEM processes will not be able to create their own files and execute them, any dangerous system tools listed on the MS Recommended Blocks will be denied, and valuable system process like dllhost.exe and Rundll32.exe can be locked down to stop them kicking off batch files, VB or PowerShell scripts.

Thanks for tuning in.

I’m one of those Weird People who “Eat their own Dog Food” or “Drink their own Champagne” so I have all these rules on my laptop 😊

It runs fully locked down Application Control and I only ever log on as a standard user. Our Privilege Management functionality elevates the things I need to do my job at Ivanti and protects me against any credentials compromise.

I hope that helps give you a bit on an insight into where Ivanti Application Control might help, and if you have any questions please feel free to reach out to me.

Thanks for tuning in and to be clear, Solarwinds is not affiliated with Ivanti and does not support or endorse Ivanti, Ivanti IAC, or any other Ivanti solutions.

Raising Your Security Posture: 3 Things You Should Look at Next

Mon, 07 Sep 2020 16:41:22 Z

It’s been a busy year in security so far for 2020. Apart from all the other challenges we deal with, we’ve now seen how quickly security threats can pivot when an opportunity presents itself.

Widely reported in April 2020 was the 30,000% increase in phishing and malware attacks against Remote Workers. A massive increase in work from home (WFH) initiatives signals a great opportunity for threat actors to exploit these new WFH users.

So where is your next target to improve your security posture? Whether it’s based around remote workers or not, where should you be concentrating your efforts?

Here are three areas we highlighted during our recent Ivanti Interchange Virtual World Tour. I hope they give you some info and ideas on where to head next in your security journey:

1. App Hardening

Block those macros. We hear it all the time. Office macros are bad; just block them all. Great security idea, but not the most practical for all businesses. Some rely on spreadsheets and documents embedded with complex macros to make complicated work and calculations simple. Take them out of the business, and the business takes two steps backwards at a time when we all need to be taking steps forwards.

So how do we tread that fine line between block ‘em all, and only allowing those that are trusted?

Obviously, there are some built in mechanisms in Windows, group policy settings, digital certs etc. and the settings in the Trust Center options of Office 365 to block and allow only some macros.

How Ivanti Can Help

Often around this discussion with customers, we talk about use of our Ivanti Environment Manager (EM) and Application Control (AC) products as a highly flexible solution.

EM allows for granular, contextual policy control of all macro settings rather than a “one size fits all” approach from Group Policy.

Our AC product allows us to control any external files or processes called from parent processes like Winword.exe or Excel.exe or even Chrome.exe.

On my laptop, I have AC configured to block all PowerShell, java, and cmd executions from my standard Office apps like Office 365, Acrobat, and Chrome. I can’t see a reason why they need to call those mechanisms, so as a security measure they’re blocked.

2. Connected Devices and Removable Media

You’re probably familiar with the ACSC Essential 8 Strategies described here, and hopefully you are all some distance along the way to measuring your maturity level against this model. But something that’s not obvious is the absolute number one priority when assessing your risk from malicious Insiders: “control removable storage media and connected devices” to mitigate data exfiltration.

What’s the best way to do that; what’s the best solution?

Well, there are a lot of differing solutions and strategies around locking USB keys and controlling connecting devices. Your best solution revolves around your own use cases, and what you need to achieve to mitigate your organisation's specific risks. Simply blocking USB storage can even be covered by Group Policy so if that’s your only need, happy days.

How Ivanti Can Help

We have regular conversations around Device Control and I’m always pushing for people to discuss their requirements first. Our Ivanti Device Control (DC) is used around the world by the most super secure organisations, all who have multiple, and sometimes complicated requirements.

I call it the Rolls Royce of Device Control and make sure I let customers know that during discussions. After all, there’s no point buying a new Rolls Royce when all you really need to do is buy milk at the shop. That Corolla in your garage will probably be good enough. 😊

But, if granular control of ALL devices—not just USB Storage—is important, and if you need to enforce encryption, restrict file copies by type of file (PDF,DOCX etc.), or even to look inside files for key words, and shadow copy every document printed, our DC solution has you covered.

We can help you meet those extensive controls to ensure a high level of data loss prevention and compliance.

3. Automated Reporting

Part of the previously mentioned ACSC Maturity Model, and a requirement for Level 3 on patching operating systems or third-party applications is an “automated mechanism” being used to record patches and drivers that have been deployed and installed. Not only does this record compliance, but it also simplifies updating exec’s in the event of a specific threat they have questions around.

How should you do that; where should you start?

Many of my friends in security worked all weekend when WannaCry struck, not patching machines, but collecting data for reports for execs. If that was you, consolidating, and automating your compliance reporting will save you manpower and overtime.

Every security product will have some level of reporting built in. Most will offer some form of scheduling reports, and potentially email them automatically to important people.

We typically hear consolidated reporting is a big issue. Grabbing information from multiple sources, centralizing it and monitoring compliance can be a big challenge.

How Ivanti Can Help

I’ve loved our Ivanti Xtraction product since the first time I saw it back in April 2016. I’ve been blown away by the value it offers to customers, and the flexibility of its centralized business value dashboards reporting from multiple data sources.

It not only talks to every Ivanti Security product with a bunch of out-of-the-box dashboards pre-configured, but can also connect to other databases with a suitable connector like Microsoft SCCM and Active Directory. These connectors also include a bunch of OOTB ready built dashboards.

Scheduling reports or dashboards for execs is very simple and easy to configure. All your compliance reports centralized and managed in one place.

What next?

So that’s it. I hope you’ve found some value from the info across these three areas and how you can look to raise your security maturity level.

For more info, and to see some Live Software, you can also watch our session “ACSC Essential 8 – Prioritizing Your Next Step” on demand by registering here.

Please stay safe, and if you have any further questions please feel free to reach out to Ivanti.

ASD/ACSC Maturity Model 2019 – Three Things You Need to Check

Wed, 16 Oct 2019 09:32:04 Z

The Australian Signals Directorate (ASD)/Australia Cyber Security Centre (ACSC) Top 4/Essential 8 has been around for a few years now, and at Ivanti we’ve always promoted this framework to our customers—follow the experts, do the boring basics first, and then focus on the smart, pretty, next-gen stuff.

If you choose the ‘follow the ASD/ACSC’ Guidelines, one of the first things you need to do is a self-assessment to find out where you are right now. How does your organization measure up against the Maturity Model—are you Level 1, 2, or 3 across the controls of the Essential 8.? And what steps do you need to take to go from where you are to where you want to be?

Thankfully, the ASD/ACSC Maturity Model makes that easy.

We are told that for most organizations, the goal should be Level 3 maturity across the board. If it takes a little while that’s fine. As long as you know where you’re heading, you can plan and make progress. Some organizations that are more secure will be required to achieve higher levels of security. In those cases, you really need to work with the ACSC directly for advice and guidance.

For those of us who’ve been monitoring this maturity model, the year 2019, has been one of updates and changes. Some updates were made in February 2019, and then again in July 2019. It’s these latest changes I want to talk about, in order to give you three simple things you need to check for your self-assessment.

The Three Things to Look At for Level 3 Maturity

1. Application Whitelisting

ALL desktops and ALL servers need to be whitelisted for executables, software libraries, scripts, and installers. Historically, this moved from being only “high-risk” workstations for Level 1 and 2, which allowed you to nominate a subset of endpoints and AD/Email/Authentication servers.

Now it’s a simple blanket: ALL workstations and servers. So, if you’ve employed the previous measures to reach Level 2 or 3 for example, you need to go back and plan how you’re going to move that along in order to meet the new requirements. If you need help with this, reach out. We’ve helped all sizes of organizations tick that whitelisting box with minimal fuss—and most importantly—minimal ongoing maintenance.

2. Microsoft Recommended Blocks

Microsoft released a new Application Whitelisting recommendation earlier this year. Essentially this is a list of Microsoft applications a threat actor could use to bypass application whitelisting. For Level 3 maturity, you must include these in your whitelisting for all workstations and servers.

Thankfully, this is easy for our Ivanti Application Control customers to add. We have a config snippet people can just import to block these recommended apps.

3. Patching

Organizations require an automated mechanism to confirm and record deployment of updates and patches. So, as a new requirement for organizations to be considered Level 3 mature, you MUST include automation in your patching solution. What would be ideal is an automated patching solution that records and reports on patch success/failures, and that gives you a live position on your organization’s patch status ideal.

This is exactly what Ivanti Security Controls will give you.

So, in summary, if you’re following the ASD/ACSC Maturity Model:

It’s a good time to reassess where you are.
Plan out what your next move must be to stay compliant
Talk to Ivanti if you need assistance. We’ve been doing this successfully for a long time.

Hit me up at shane.wescott@ivanti.com if there is anything else I can do to add value.

Three Simple Keys to Improving the User Experience

Thu, 29 Oct 2015 12:00:00 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

I hear a lot about user experience and everyone talks about how the user is the main focus for a new project or service – and I agree 100%. What I find a bit confusing in the market is that after all the talk – people continue to roll out projects the same way, feeding users the same style of experience they always have, but claim it's “better”.

Based on my customer visits and experience working with clients to deliver real improvements, here are three simple keys to improving user experience.

Measure. You can’t manage or improve ANYTHING until you can measure it. So if you’re looking to improve your user experience, you need to know where you are now in order to make a call on whether any project you deliver has made things better or worse.

The reality is though, many IT pros have no simple way of getting a feel for their user experience.

Walking around the company and asking people will get you one view, but this qualitative data can greatly vary, influenced from a crap login experience to something like their favorite footy team getting beat over the weekend.

It’s not really helpful because it is very subjective.

We need to see what the login times are like quickly and easily. If we can break down the elements of the login process and see what should be happening and what shouldn’t, then we have room for improvement. We also need to get that “snapshot” of what the environment for the user looks like today, so we can prove if we’ve made things better or worse after a change.

Having simple access to REAL user experience data, where we can easily compare the before and after of changes is the first key to improving user experience.

Faster, more flexible login experience. Login Times – directly related to profile delivery, and when you want flexibility – read roaming capability - for your users, is a major element of any user experience.

The analogy I use is this – it’s like a grumpy or rude receptionist at a new company you visit – the rest of the staff may be awesome, but your visit is always tarnished by the first bad experience.

Logins are the same. The IT department can work any magic in the background with applications, emails, or any other service, but if the user has to wait minutes every morning to login– that affects the user perception of any backend improvement.

But if we want to change the login experience for the user, we MUST change the way we deliver elements of their session to them.

This one just makes me shake my head.

Most people would acknowledge that a roaming profile is far from perfect from a user flexibility and login perspective. One of the reasons for this is the mechanism it uses to deliver key elements of the users's session to their endpoint – SMB file transfer protocol.

So if that’s the case, and most people who have worked in the industry for a while know it is, why do people assume that using the same mechanism (SMB) to deliver similar user elements (like profile settings) will give them a much better user experience?

Sounds like madness to me!

How about changing the delivery mechanism to something we all use and rely on everyday – http (or https for those who are security challenged).

By changing the underlying delivery mechanism we can GUARANTEE a change in the user experience. It just so happens that this also goes a long way to curing scalability and corruption issues as well, happy days.

So the second key to improving the user experience – change the underlying mechanism used to deliver key elements the login process and profile.

Desktop Performance. Now this is one of my favorite subjects, and another one that over the years had me scratching my head.

Most people who’ve been around the Microsoft Terminal Server/Citrix XenApp world understand that controlling rogue applications leads to an improved user experience, and more scalability – less servers for the same users – less cost.

Over the last couple of years, I’ve noticed the same understanding has found its way into the VDI/Desktop virtualisation world where again, there is a recognition – controlling application resource usage leads to more efficiency, greater scalability and less overall cost.

But what if my users have a traditional desktop or laptop? Hands up who has ever heard a user complain – “My Desktop or laptop is slow” or “It just hangs sometimes”. It’s the same problem IT has fixed in the TS/Citrix/VDI world, but we now hunt around for a different solution.

Managing CPU threads and processes at a granular level, controlling the memory usage of applications, improving the work of the Windows Process Scheduler, preventing 100% CPU hangs, all improves performance and responsiveness for users on the Windows platform – Period.

Whether it’s a physical Windows platform, or a virtual Windows platform is irrelevant. You have a user running Windows, with applications that may misbehave and thereby affect the User Experience.

So that’s our third Key to improving the User Experience, control the resource usage of their Windows platform.

So there you have it, just my view based on my experience, and yes you guessed it, AppSense has solutions for each of these Key Areas.

Our Insight solution lets you quickly and simply find out where you are NOW, and measure and track where you want to be.

AppSense Environment Manager delivers Users “Profile” settings using http/https to make sure you can deliver a scalable, reliable login experience.

And good old Performance Manager helps you granularly control CPU and Memory usage, as well as installing a Smart Scheduler, and patented Thread Throttling technology to make sure the user ALWAYS has a responsive Windows desktop, physical or virtual.

Feel free to contact one of our team members around the world to assist you with planning your next big improvement in user experience, but until next time.

My name’s Shane Wescott. I’ve been at AppSense for almost 12 years, and I’m here to help.

Three Simple Tips to Avoid Massive Software License Cost Blow Outs

Thu, 02 Jul 2015 21:06:37 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

As July begins, many organizations have just wrapped up their financial year. At this time of the year, we speak to many clients who are in one of two positions: 1) Some money left over at the end of the year – spend it or lose it, and 2) Unbudgeted software licensing compliance bill – where will I find the money for that?.

So, being a helpful sort of person, I thought I would share three simple tips I've picked up over many years helping customers solve the the “I’ve been audited and need to find cash” challenge.

Cards on the table first: AppSense has been helping our clients solve this challenge since 2004 in the Terminal Server/VDI world. License compliance has been a great way for us to add value and save money for organisations around the world. I've personally been involved in hundreds of these, and there are common themes that create happy client every time.

So here they are: my three simple tips for avoiding massive software license blowouts:

Implement Whitelisting on the Desktop

Now I know what you’re thinking: that’s security, dude, not license compliance. I know, I know. But the reality is that one of the easiest ways for license costs to get out of whack is for an employee who has a valid need for a software package to share the key and install with a friend who would also like to use the package. When an audit eventually occurs, you are licensed for 100, but 150 copies are installed!!! Most software vendors consider installation of the software consumption of a license, so get your credit card out and pay up.

Whitelisting by nature will ensure that ONLY valid and approved software packages can be installed and run. Therefore, it provides an excellent mechanism of control. Protection from zero day attacks and the current crop of "ransomware" is a side bonus of whitelisting. Just make sure that your whitelisting mechanism of choice is simple to maintain on an ongoing basis. For example, many customers like the the Trusted Ownership feature of our Application Manager product for this reason.

Audit Application Installs

Here’s a radical concept: put some responsibility back on the user. I’ve spoken to many IT departments lately who are sick of bearing the brunt of responsibility for “protecting the user - no matter what they do”. Rather than allowing a user to simply click on an app to install, try making them save the file in a specific area (fully audited of course), and then require them to make a conscious decision and answer a prompt before the application can be installed or run. Of course, you need to elevate the application’s rights as well so it will install, but all of this can be achieved simply and in a centrally managed way.

How does this help? They know they are being audited for every application install. We know and they know we know that they were the ones who made the decision to install the app. Once users know they are being audited, and are therefore held to some level of accountability, behaviour changes, and the end result is less software licensing creep and compliance risk.

Match License Control to Licensing Models

If your organisation changes the way you choose to deliver the applications to the user, that doesn’t change any of the product use rights you are bound toby from your friendly software vendor. So, in cases where applications are delivered as part of a Virtual Desktop/Terminal Server/ Streamed Application deployment, be sure to check your product use rights for your applications.

Most desktop applications are licensed per device. Office 365 and other cloud-based applications are typically licensed per user, so they are no issue as long as you stay within the guidelines. But traditional desktop applications are a challenge. Most vendors have a definition of “Run” or “Install”, so you need to check that out and understand what they mean.

For example, any application included as part of a virtual desktop build will be licensed, not by the image it is part of, but by the number of devices that can connect to that image and control/run/install the application. If you stream applications to the desktop based on a user group, be aware that if one of your users logs onto a new PC, and the application then streams down to that device, that may incur an additional license fee.

These are all things to be aware of and things that AppSense has been helping clients with since 2004. Microsoft Project and Visio are the key applications that many organizations miss when they move through a process like this.

I know they are boring, but get someone (maybe a boring person) to read the product use rights to make sure you are covered, regardless of how the applications are being delivered to your users.

So there you have it: thee simple ways to avoid that “please explain” when it comes to software compliance conversations.

I hope these have helped, and if you would like any further advice or just to ask some questions, feel free to reach out. My door is always open.

Three Keys to Understanding and Improving Your UX

Wed, 24 Jun 2015 01:33:41 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

We hear a lot about user experience these days in IT. People say “It’s all about the user...”, or “The user experience is the most important thing." But how do we really understand the user experience and make strides towards improving it?

Here’s my view based on years of experience helping clients help their users.

Monitor

Sounds simple – we need to monitor, and if possible measure the user experience. Let’s take logon times as an example – this is the receptionist to your IT services, if you like. A poor logon time is like visiting a company where the receptionist is rude or unhelpful; the rest of the company might be great, but there’s always that bad experience you had as your first experience. Poor logon times are the same; no matter how good the rest of the IT services are, if the user has to endure a slow logon every day, it’s going to put a damper on the rest of their experience. There’s also a tangible dollar cost in productivity – so any solution will have a direct ROI.

Being able to monitor logon times in a quick and simple way – then identify ways of improving them – is a great first step towards improving the User Experience.

Improve

Once we’ve monitored and gained some insight into what’s happening, it’s time to take some simple steps towards improving things. For example: If we see logon times are long and we can see this is due to the number or style of group policies being applied then maybe we can look at either rationalizing policies, or deploying them a different way so they don’t hold up the logon process.

The key point here is that you can’t improve until you can quickly and simply identify areas for improvement, and that comes down to achieving step 1 – Monitor.

Review

Step 3 is the most important to your user experience strategy in my opinion. With any new policy or change to the user’s IT environment we need to review where we are before we start and where we are at after we make the change. This review will not only allow us to see the value of the changes we make but also to help plan our next steps. It also lets us be proactive if something we do has a negative effect – we can catch any issues quickly and find a solution.

Before and after snapshots of the user experience can make it quick and simple to review progress, which verifies our investment of time and effort in the changes we make. So review is critical when we are doing step 2 – improving.

So that’s a simple view of what we all know we need to do, but the big question is: can you do all three today?

Here at AppSense, we’re working with a rapidly growing number of clients to achieve exactly what you see in this article – a better way to monitor, improve, and review the user experience. Our new product Insight does just that. It's simple to deploy and simple to collect metrics around user experience.

My name’s Shane Wescott. I’m from AppSense, and I’m here to help.

The Power of Three: IT Challenges of 2014

Thu, 22 May 2014 19:17:16 Z

*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

Hi Guys,

It’s been a while since I have written a blog but there is so much we’ve been doing lately I thought I had something of value to share.

No this is not just a blog about lovely brunettes zapping people with magical powers, it’s about focus, it’s about what we see in the market right now, and it’s about a lesson learnt from Steve Jobs.

We sit and talk with customers every day and there is usually a long list of challenges and issues they are trying to overcome. You’ve all seen those lists and you would know as well as I do that they are more of a WISH list than a TO-DO list.

Steve Jobs famously used to meet with his 100 Best and Brightest where he asked them to come up with the 10 most important things Apple should be doing. Of course all of these people had their own agenda to push so you can imagine how long the list became. Gradually he drove them to refine the list to a Top 10. Then came the kicker. He turned to them and said “We will only do the Top 3”. Now think about that. Here’s a room full of highly intelligent people – most of which have had their pet project put in the bin. Or you could look at it from the other angle – here is a room full of highly intelligent people – who moving forward – will ALL be focusing on just three things. So how does that help our customer with their list of 15 important IT challenges they must resolve ASAP – same same – they need to focus on their Top 3 – get them done, and then move onto the next most important Top 3.

When we talk to customers today, across enterprise and medium size organizations, their Top 3 typically fits into one of these three categories:

Desktop Migration – O/S life cycle is getting shorter and shorter, clients need to keep up and also make sure that any benefits from a new OS, a new application deployment method, or a new platform for users is rolled out rapidly, smoothly, and with as little impact on the users as possible. The ability to find solutions for project roadblocks, along with eliminating future migration projects are key benefits AppSense adds to any migration project.
Security – With all the focus on XP End of Life and concerns about Zero Day attacks post April 8, organizations are taking another long hard look at white listing, and the removal of local admin rights. Recommendations and guidelines are flying think and fast from organizations like so to remain compliant with those directions, organizations need to implement a solution quickly. Now you could argue (and people do) that the return on investment from extra security measures is limited – how much does it cost me if I do nothing – well nothing really – until it all goes bad and then the costs could be significant.
Desktop Virtualization – I put this one last because quite often it’s being driven by the needs from point 1 and 2. When we need to migrate, one way is to give the user a virtual desktop rather than a physical, and that may simplify the migration process. If we have issues with security of files, let’s centralize and give people a “View Only” way of accessing sensitive corporate data. Everything is kept in a central data center and is easily backed up and controlled. The VDI experience varies for users from the brand new Alfa Romeo that everyone wants ( hey I want one – you can insert your own favorite car if you like), to an aging VW Beetle – cute and funky to drive, but still has some issues with the experience.

The great news for AppSense customers is we have proven market leading solutions for each of these key areas. Santos used our technology as a key part of their Desktop Migration Windows 7 rollout – read how we removed the drain on staff resources and productivity by improving the user’s login experience.

For whitelisting and security, our technology is used at organizations like Department of the Environment (SEWPAC), and Department of Defense – organizations that need a reliable, easy to manage solution. Royal Melbourne Institute of Technology (RMIT) for example. Brian Clark the Executive Director of IT Services talks about their VDI project in this article and states “AppSense completed the solution by providing user virtualization which ensured students had a consistent experience regardless of the device they used.” All 70,000 odd RMIT students are clearly driving the Alfa.

So that’s my advice - and I suppose some advice from Steve Jobs – pick your top three and focus on getting them done. Once they’re ticked off - move to the next three most important things.

Talk to us – we are happy to listen and see where we can help your organization move forward in these rapidly changing times.