Viewfinity would like to congratulate, EagleMed, on winning the prestigious Info Security Products Guide 2011 Best Deployment Scenario for Least Privileges Management Award.   

With patient data being highly sensitive, EagleMed had to move to a locked down environment to ensure HIPAA compliance. EagleMed uses Viewfinity Privilege Management to elevate privileges for standard users who need to run applications and desktop functions that require administrator rights.   

Most of EagleMed’s workforce is mobile, and Viewfinity easily deployed to and is able to easily support these endpoints. Read the winning deployment scenario on how “Viewfinity helps EagleMed manage its locked down desktops in order to comply with HIPAA laws.” 

Read the full EagleMed case study here.   

In Q1 2011, not surprisingly there was a lot of attention within the analyst community given to the topic of desktop lockdown and using privilege management and application control as a way to further protect distributed desktop environments. We have more information on these reports on our website, but here are just a few highlights noted in these reports that we felt are relevant: 

“Removing administrator rights from end users is one of the single most-effective ways to improve overall security posture, but it must be well-planned to avoid common pitfalls and a failed project,” said Neil MacDonald and Michael A. Silver from Gartner Research. (Best Practices for Removing End-user Administrator Rights on Windows, March 14, 2011, Neil MacDonald | Michael A. Silver).  Neil MacDonald further elaborates on this topic in his April 8, 2011, blog posting, Even With Windows 7, Privilege Management Tools May be Needed.  In this posting he notes, "One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access."  I recommend reading both the report and the blog article for an independent perspective on how to approach removing administrator rights.

by Gil Rapaport, President and co-founder of Viewfinity 

• Quarter over quarter new customer average growth of 143%
• Tripled revenue bookings with 306% quarter over quarter growth
• 393% average growth in number of desktops licensed
• A significant milestone was the release of our private cloud version in June, enabling us to target enterprises bringing success with enterprise customer acquisitions.
• Nearly 70 new customers. We’ve signed on many large, premier customers such as IBM, the US Department of Energy, Benjamin Moore, Dominion, Peet’s Coffee & Tea, and more.
• Our vertical markets are becoming more defined - select examples include:
  • Energy & Utilities: Sempra Energy, Dominion
  • US Government: US Army, US Department of Energy, Ericsson Federal
  • Education: North Texas University, South Texas University, Kilgore College
  • Biotech/Biosciences: Mass Department of Health, Gen-Probe, Meridian Bioscience
• eWeek and WindowsITPro product reviews, Red Herring North America and Global finalist awards, MITX finalist award.
• Achieved Microsoft Windows 7 Compatibility and Gold Partner status, VMWare TAP Partnership, and signed up several targeted resellers.

Momentum is strong, growth is rapid, and our win rate over the competition remains solid. We have continued backing from our current investors due to their confidence in our technology, customer traction and increasing market share. We have a disruptive product roadmap release, including our “Zero Touch” feature that allows for self provisioning of privilege management policies.

We are currently scheduling briefings on our new product features and roadmap.  Please contact Matt Stubbs at our PR firm for an appointment: matt@snappconner.com

by Dwain Kinghorn, SageCreek Partners

Numerous standards have been developed that define how desktops should be configured in regulated industries.  These standards include PCI, HIPPA, and FDCC.   These standards embody numerous best practices that have been developed over many years of experience.  At their core, a number of the best practices help ensure the security and integrity of the information that these desktop system access.

Many organizations do not have to comply with these various standards and are not subject to tight regulation.  However all organizations have business confidential information such as customer lists, internal product plans, and competitive intelligence.
  

While not all information may be deemed as sensitive as credit card numbers, personal health care information, or financial data, all organizational proprietary data is an asset.  Thus the standards and best practices that have been defined for various regulated industries do have applicable principles that apply to just about any corporate computing environment.

One key principle that is part of a variety of standards is the principle of least privileged access.  In an article on “Principle of Least Privilege” on Wikipedia, it states,

“When applied to users, the terms least user access or least-privileged user account (LUA) are also used, referring to the concept that all users at all times should run with as few privileges as possible, and also launch applications with as few privileges as possible…The principle of least privilege is widely recognized as an important design consideration in enhancing the protection of data and functionality from faults (fault tolerance) and malicious behavior (computer security).”  See http://en.wikipedia.org/wiki/Principle_of_least_privilege

Removing local administrative rights from end users is a fundamental part of the principle of least privileged access.  Organizations of all sizes have more secure and stable desktops when users do not have local administrative rights on their desktops.  Systems are less vulnerable to malware and less prone to have inappropriate configuration settings when users do not have administrative rights.   

Experience has shown that just about every organization will have challenges when removing administrator rights from end users.  Some applications simply do not run.   Certain tasks such as installation of approved software may be more difficult, and some tasks such as adding new hardware may no longer work without the user seeing a User Account Control (UAC) prompt.  In order to move to an environment where all users, even remote and mobile users, do not need administrator rights on their systems, an organization will need an effective privilege management solution.   

A good privilege management solution lets organizations adhere to the key principle of least privilege and provide a more robust and secure computing environment for their organization.   The principle of least privilege is a great example of how a standard for a regulated industry applies to just about any organization.

Perspective:
With the Windows XP sunset date fast approaching, plans for Windows 7 migrations are in full swing. This has prompted most organizations to re-assess their approach to PC lockdown. Our survey indicates a 456% jump in demand to implement privilege management software for companies planning to migrate to Windows 7 in the first half of 2011. The data further shows that 63% of survey respondents deem it critical to manage administrative privileges for end users to ensure security and reduce vulnerability.

A smart approach. A privilege management system balances the rigidity of locking down end points with the needs of user customization. It provides security and operations professionals with a method for securing the end-point by elevating privileges at the application level, or for desktop functions, rather than providing total administrative privileges. Systems are less at risk without sacrificing user productivity or increasing support call volume, thereby offering a cost effective approach to providing secure and productive desktop computing environments.

Access the newsletter and resources here.

Many organizations look at the migration to Windows 7 as an opportune time to re-evaluate polices associated with granting local administrator rights to users on Windows system.  There are a number of advantages when end users do not have local administrative rights on their Windows desktops.  These include:

-         Less chance for malware to successfully attack the system.   When the end user doesn’t have local administrator rights, the malware that tries to exploit vulnerabilities in software such as media players, mail clients, and internet browsers is much less likely to succeed.   A locked down desktop doesn’t eliminate the need for firewall, AV, and other security software, however it certainly does provide another layer of defense against malware.

-         Reduce chance for the end user to make unauthorized changes to the system.   When users are not able to make unauthorized changes to their system there is less chance for something to break that will lead to a support call from the user.   The more changes that are made to a system the more chance that there will be system or application errors introduced.  Locking down the desktop results in a more stable and predictable computing environment for the end users.

-         Better control on which applications are installed and used on the system.   When end users do not have local administrator rights there are many applications that they can no longer install.   This helps organizations better ensure compliance with software license counts.  Controlling which applications are installed and run on the desktop also limits the chances for application incompatibility issues.

-         Fewer support calls to the IT helpdesk.   When end users are running in an environment that is more stable from a perspective of system changes and applications that are installed, there are problems that the end user encounters.  This results in fewer calls to the IT helpdesk.   

The Federal Desktop Core Configuration is a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency.  But as pointed out by Carter Raines, Director of Technology at PrepFire, a Service Disabled Veteran Owned Small Business, FDCC is only a small part of the problem.  Following an OMB mandate, organizations are implementing aggressive telework policies so users working remotely or on the move is growing at an exponential rate.  New devices are entering the network all the time.  New applications are required for users to do their jobs, and some of these require administrative rights to execute.  And more changes are coming. 

Listen to this recorded webcast sponsored by PrepFire to learn more about how you can effectively lockdown your environment to meet FDCC mandates but avoid the reprecussion of increasing calls to your help desk because users cannot perform the functions they need which require admin rights. 

FDCC Webcast:  https://www1.gotomeeting.com/register/986551281 

Most IT professionals are looking to take advantage of the Windows 7 desktop refresh as an opportunity to move to a least privileges environment to secure and gain better control of its PCs. With this change, however, legacy applications and routine Windows desktops tasks that require administrative rights will need to be considered. Rather than locking down 90% of desktops and leaving the remaining 10% unprotected because these end users need administrative rights to perform their job, IT professionals can use Viewfinity Privilege Management to elevate privileges as needed.

Viewfinity offers enhanced flexibility and control for managing administrator rights for locked down computers. You have the ability to control who and what applications should get administrative rights to run:

Click here for more details: http://www.viewfinity.com/Products/PrivilegeManagement/Win7-Refresh.aspx