Is complete desktop lock-down the best way to adhere to corporate compliance policies?

by Alex Shoykhet 30. September 2009 11:36

Since Sarbanes-Oxley, there has been a lot of buzz about "compliance" and the hoops IT must jump through to ensure its adherence. But everybody views it differently. One organization demands all PCs are locked down completely, another one keeps the environment wide open and resets to a golden image when issues occur, and yet another has different policies for laptops and desktops or different polices depending on the end user’s functional role within the organization. Many argue that there is no such thing as privacy on company’s computer, and others insist that there are privacy issues to be considered. Regardless, these policies create tension between IT personnel and end users. And since more and more people are telecommuting, it is very difficult to keep everything as restrictive as management would like. Many enterprise level organizations have conceded the fact that the corporate PC, while primarily a tool to conduct business, is also the same device used for “personal computing” and separating these two uses may not be necessary. This allows employees to use their PC for both business and personal needs. With this approach, however, what should be the role of tech support and how is corporate compliance enforced?

Maintaining "blacklists" or "whitelists" for unauthorized and authorized applications can be time consuming. Since fluctuations between blacklists and whitelists occur frequently, flexible application lockdown rules based upon groups, connectivity status, application, and time of day would best support the needs of the end user, the system administrator and the company. Configurable compliance policy support would help to eliminate critical problems that might occur if, say for example a laptop is stolen. If the laptop isn’t connected to the corporate network, specified data and/or applications cannot be accessed. Or, to disable iTunes or IM during business hours.

So what is the norm today and can an automated method for managing privileges help your company protect itself if complete lockdown is not the ideal approach?

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , , ,

Compliance | Privilege Management

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0) | Post RSSRSS comment feed

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  May 2013  >>
MoTuWeThFrSaSu
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook