I’ve Been Everywhere, and the Risks it Can Bring to your Workplace
The song “I’ve Been Everywhere” was written by an Australian country singer, Geoff Mack, back in 1959, where he sang about all the towns he visited across Australia. It became famous in the US in 1962 by the country singer Hank Snow where the song hit number one. He of course did make some changes as the names of the towns were now all based in the US. And since then, many versions have been created.
You will by now be wondering what has this to do with an Ivanti blog?
At Ivanti we talk about the Everywhere Workplace, and when I think about my work journey over the past 9 years I have worked from a lot of different locations, across hotel lobbies, cafes, airport lounges, offices, the back of an Uber, and of more recent times from home. In many ways I think of myself as a pioneer in the working-from-everywhere workplace as that is what I have been doing for 9 years now. Other than my home and the office, I was always thinking about how and what should I connect to, and how much of a risk is there to my laptop, and the business files that I had in my device.
Balancing Risk and Security with the Employee Experience
As organisations are now having to adopt the Everywhere Workplace, many are now trying to work out how to secure the devices connecting into corporate systems, allow a great employee experience for them to be productive, and not overburden the IT department. This is an organisation’s biggest challenge.
Let’s look at a simple example, which I think many of you may have experienced. When you were at the office, everything worked fine, the printer was setup, the Wi-Fi is configured, and you always had the IT person up the corridor. You get sent home, and the first thing you realise you need is to be able to print to your home printer. And this is when things start to get problematic. IT have set the Standard Operating Environment (SOE) so that you can’t install software onto your work computer, and therefore you cannot install the printer drivers. After various Google searches, and several frustrating hours waiting for IT to set up a Remote Access session, you get the printer drivers installed. There are quite a few things that have happened here. (1) The employee has been unproductive, (2) IT have been overburdened with calls from employees and (3) The employee experience has been, well terrible.
Before we talk about what we can do to handle these issues, let’s look at another scenario. Jason is the CFO and needs to access the financial systems for end of year reporting. Jason is having to do this from an airport lounge on his way to the board meeting. Normally Jason is always connected via a VPN. Unfortunately, the VPN did not connect, and Jason was unaware, and Jason accesses the financial system across an open airport lounge network. The risk here is that Jason whilst accessing the financial systems is opening up that data to any malicious actor on the network.
Putting Control back into the Employees Hands
This might seem counter-intuitive to the scenarios we just discussed but giving control back to your employees will reduce the burden on IT, and greatly increase the productivity and experience for the employee.
Most organisations have a strict policy, and they remove all administrator rights to an employee’s device. Which may be the right decision on certain devices. In doing this though we raise the burden on IT as we have seen with the printer scenario just discussed.
Now we don’t want to go and open up a device and give full admin rights to everyone, as that can leave the devices vulnerable, significantly increase security and manageability costs, create legal and liability issues and make compliance difficult.
The answer is to remove full admin rights, and then provide them with the elevated privileges for the applications and tasks they need (for example add printer). Ivanti Application Control provides the ability to set privileges according to these requirements, and will greatly reduce support calls, simplify endpoint security, and reduce TCO.
Dynamic Application Security across your Desktop Device
Let’s drill into application security further, in our second scenario, Jason the CFO was using the financial system. Now typically the expectation is that the device is on a local network, or a VPN network, and as a result using the financial system would be secured. However, in the “Everywhere Workplace” if the VPN doesn’t connect, and you aren’t aware of that, then you are open to malicious actors.
What about if we put in place dynamic allow and deny lists? A dynamic allow or deny list will change the behaviour based on the rules you define. In our CFO scenario, we would set up a dynamic list which says, Jason can use the financial application if he is connected to a local network or VPN. If we see Jason is not connected correctly then he is denied the ability to run the application, until he connects to VPN or local office network again.
Putting in place dynamic allow and deny lists increases security, reduces risk, and provides peace of mind to the business. Ivanti Application Control provides a strong capability across allowed and denied lists.
Enabling the Employee
As we have witnessed over the past 18 months, we are living in a dynamic environment where one day we are in the office, the next day we aren’t, our roles change, the work requirements change, the applications we use change. And with that the employee may need legitimate access to an application or some sort of administrator access either permanently or for a short period of time.
Ivanti Application Control integrated with Ivanti Neurons for ITSM allows an employee to request access via the Ivanti Neurons for ITSM Self Service Portal. The request can be full automated for approval, and also the granting of the request. This automated approach ensures fast granting of access, reduces IT burden, and ensures that the appropriate tracking and auditing of changes are kept, and can be reported on against company policies.
Increase Employee Experience in the Everywhere Workplace
Whether you run Windows or Linux desktops you can secure the applications used across these environments and provide a wonderful employee experience. Find out more about Ivanti Application Control by attending our upcoming webinar on “Transforming the User Experience …. One Desktop at a Time."