Tuesday, March 15, 2011

Viewfinity Beefs Up Privilege Management in the Cloud(s)

Got business-critical IT resources? Got users? Got mobile users? Got or getting Windows 7 across your enterprise?

If you answered "yes" to any or all of the above questions, here's something else you've got: a need to manage user access privileges and administrative rights. Especially if any of those users are being moved to Windows 7 and/or are mobile.

Windows 7 comes with AppLocker, a set of features designed to enhance the software restriction policies (SRPs) supported in previous Windows releases. (Windows Server 2008 R2 also supports AppLocker.) I'm not going to go into details about AppLocker and SRPs here; instead, I'll refer you to two great pieces by IT and Microsoft expert Greg Shields of Concentrated Technology. One is on AppLocker itself. The other is on a security philosophy AppLocker and related offerings can enable and support: approved execution. After all, malware can't hurt your systems if you've got blacklists and whitelists that can determine what code, malware or otherwise, actually gets to run.

Approved execution is one element of a larger set of challenges and solutions some vendors refer to collectively as "least privileges." Basically, this means giving each user the minimum amount of access privileges needed by that person to do their work, to reduce unauthorized execution of malware or access to IT resources. And moving to Windows 7 provides a great opportunity to review and improve the policies and technologies your company's using to increase security and to control access privileges more effectively. But it's unlikely that every user on your network(s) will be moved to Windows 7 at the same time, and it's very likely that AppLocker alone won't solve all of your privileges management challenges.

Some potential help: Viewfinity, a leading player in this market, just announced version 3.5 of its Privilege Management solution. There are three things I really like about Viewfinity's approach. One is that it provides granular, role-based privilege management that you don't have to be an IT or security expert to make work. Another is that interoperates with Microsoft Active Directory but does not require or rely upon it. This means greater flexibility and continuing functionality even if Active Directory fails. The other is that it's Web/cloud-based. This means it's easier to incorporate protection of authorized mobile users (and rejection of unauthorized access or execution attempts).

There is no single solution that is going to guarantee complete security for any business computing environment. However, tools such as Viewfinity Privilege Management can give you a significant leg up on the continuing "arms race" between malware developers and those attempting to defend their environments against malware. Check it out and see if it can help you to protect your environment, especially if you're facing a move to Windows 7, a growing requirement to support mobile users or both.