The Department of Transport Turns to Ivanti for ASD Top 4 Compliance

The Department of Transport (formally VicRoads (Roads Corporation of Victoria)) is the road and traffic authority in the state of Victoria, Australia. The Department of Transport plans, develops, and manages the arterial road network and delivers road safety initiatives and customer-focused registration and licensing services.

Industry: Infrastructure

Website: https://www.vicroads.vic.gov.au/

Solutions

Application Control
Ivanti Patch for Configuration Manager
Xtraction

  • Simplified whitelisting enablement
  • Precise provisioning of admin privileges
  • Streamlined third-party application patching
  • Enabled compliance with ASD Top 4

Preventing Risk Exposure

Victorian residents in Australia rely on the Department of Transport (formally VicRoads) to provide license and registration services, implement road safety strategies, develop sustainable transport options, and manage a road network spanning over 52,000 kilometers.

Employing approximately 4,300 people, the Department of Transport was at risk. Its agile workforce depends on more than 4,500 devices across 92 sites, but a large number of employees had full admin privileges on devices due to business support requirements and the applications they utilised. On top of that, employees were using an array of unapproved applications and there were no clear controls to manage employee application access.

The Department of Transport needed to quickly minimize its risk exposure while complying with the Australian Signals Directorate’s (ASD’s) top 4 recommended cybersecurity controls: implementing application whitelisting, patching operating systems and applications, and minimizing admin privileges.

Whitelisting to the Rescue

To safeguard its environment and comply with ASD recommendations, the Department of Transport sought a solution that would deliver both application control, including whitelisting capabilities, as well as privilege access management to minimize the amount of untrusted software being executed on corporate client computers. It was also important that the selected solution offer lightweight operation without introducing excessive additional overhead for the operations teams to manage.

Ivanti Application Control met these requirements. Combining dynamic whitelisting and privilege management, Application Control prevents unauthorized code execution without making IT manage extensive lists manually. It also features a comprehensive central management console. Additionally, it leaves users unconstrained. On-demand change requests mean that the Department of Transport’s users can request emergency privilege elevation as required.

“We’ve created user profiles, so employees get exactly what they require to do their job. We will elevate apps as needed, but full admin access is now only provided on an absolute as needed basis,” said Umair Saleem, IT Team Leader, Department of Transport.

Automating Patch Management Madness

Another headache—and risk—for the Department of Transport was the extensive process it would take to stay current on third-party application updates. Due to the time this largely manual task would take, some patching simply wasn’t happening.

“We were manually pushing out patching updates, first testing on a desktop, then pushing out to other computers. Some updates just never happened,” recalls Saleem.

The Department of Transport solved this update lag with Ivanti Patch for SCCM. The solution automates updates by downloading and pushing out patches to all devices—saving a considerable amount of staff time. Not only has this solved patching gaps, but security exposure from outdated applications has also been minimized. “We don’t have to worry anymore that updates are current. Our employees are all able now to be the most productive with the latest applications,” said Saleem.

Compliant, Productive and Secure

Ivanti was able to solve the Department of Transport’s critical security and compliance exposures while further freeing up time for IT staff for other strategic projects. Now the organization is confident in its compliance with ASD controls and finds comfort in knowing it has mitigated risk exposure with greater security confidence.

Since implementing Ivanti, the Department of Transport has seen the following results:

  • Implementation across 4,500 devices was completed in under three months, with no slowdown in employee productivity
  • All workers now have access to current thirdparty applications to increase productivity
  • IT spends only a small fraction of the time it once did to maintain patches and applications
  • The Department of Transport has confidence that its endpoint estate is secure and current

“We have cut overhead and staff time as a result of Ivanti’s automated patch updates, and the interactive dashboard makes the entire program easier to manage. Ivanti, in all aspects, has exceeded our expectations,” Saleem said.

As a result of the successful deployment, the Department of Transport is now considering the roll out of Ivanti Application Control for its servers as well. “Our server teams are jealous of our results!” he laughed.

Note: The Department of Transport's results are specific to its total environment/experience, of which Ivanti is a part. Individual results may vary based on each customer’s unique environment.