WALTHAM, Mass.--Viewfinity (www.viewfinity.com), the innovator of systems and privilege management via cloud-computing, was named a finalist in the Seventh Annual MITX Technology Awards today. The MITX Technology Awards recognize emergent and innovative technologies developed in the New England area, as well as the individuals and organizations responsible for driving these advancements. The Massachusetts Innovation & Technology Exchange (MITX) is the country’s premier Internet business and marketing association.

Viewfinity Cloud-Based Systems and Privilege Management Named as Finalist for the 2010 MITX Technology Awards

We all know that eliminating Admin rights on workstations is a best practice for securing the environment.  I find it amazing, though, that even though we know it, we have a hard time implementing it.  There are a number of reasons, and when you get right down to it, the reasons are definitely valid.

For most its an issue of driving up the cost of support.  There are number of poorly written apps on the market that require admin rights to install, and sometimes those apps require admin rights to even run properly.  Supporting these scenarios can take additional time and resources, and ends up frustrating both IT and the end-user.  It really is a huge dilemma.  Its a serious pain point that *someone* should address.

Well, guess what?  Viewfinity has addressed the issue – and addressed it in a way that makes the issue completely manageable so that you can lock-down your environment, protect your corporate assets, and all while elevating the level of service you provide.

In a recent article, OSNews said:

“Of the total amount of security vulnerabilities put out by Microsoft in 2009, across all versions of Windows and Office, 64% are mitigated by removing administrator rights. Microsoft published 190 security vulnerabilities last year, and 121 of them are thwarted by running without administrator rights.”

That’s a serious statement and something worth addressing.

When you get a chance, check out how Viewfinity can solve your desktop security issues:

http://www.viewfinity.com/Products/PrivilegeManagement/Default.aspx

Of the total amount of security vulnerabilities put out by Microsoft in 2009, across all versions of Windows and Office, 64% are mitigated by removing administrator rights. Microsoft published 190 security vulnerabilities last year, and 121 of them are thwarted by running without administrator rights.

Read this excellent blog post…  64% of MS Vulnerabilities Mitigated by Removing Admin Rights

….and, then jump back to the Viewinifty web site to see how we can eliminate that 64%:

http://www.viewfinity.com/Products/PrivilegeManagement/Default.aspx

Viewfinity is a cloud and agent based privilege elevation program. It features a drop dead simple web based interface. Viewfinity doesn’t require active directory and changes you make with an easy to configure policies are applied near instantly.

Read the rest of what the IT Guy had to say: Privilege Elevation Made Simple… | My Life as an IT Guy

Here's a continuation of the Top 10 Windows Desktop Lockdown Tips & Tricks recently written by Darren Mar-Elia in WindowsITPro:

#2 Elevate as needed: As a corollary to No. 1, sometimes you need to elevate user privileges to allow them to get their jobs done, especially if they are mobile users. Look for third-party products that let you selectively elevate on a per-application or task basis to let users do what they need. This is an important capability because, as you move to least privilege, help desk calls from users who can no longer perform certain tasks will increase. Having a solution that lets you elevate specific tasks can reduce these calls while ensuring security.

Learn how one Viewfinity CIO customer, Lathrop & Gage, is using our Privilege Management product to move from its Wild Wild West environment to more of a least privileges operation.

Elevating security rights to administrative levels on a per application basis

An important and challenging problem for IT Administrators to maneuver around is managing administrative privileges on the desktop. Many applications that are developed in-house as well as some commercial products, such as Visual Studio, require running the application as an administrator. If the user doesn't have administrative privileges, the application components will not function or even worse, the application will not run at all. A typical situation facing IT administrators is where an end user needs to run such an application and must either grant full local administrative rights to the user account or utilize the native Windows command "RunAS" and provide the administrator password. Allowing users to have administrative rights or exposing the administrator password is risky and creates a less secure environment, which opens the door for desktop problems to occur.

This problem is especially challenging for IT Administrators working for the government as the recent US Government Federal Desktop Core Configuration (FDCC) mandate stipulates that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops.

Granting administrator rights at the application level and removing privileges from end users is the best approach for optimum desktop security. With this approach, the desktop operates within the least privileges mode except for applications flagged for elevated privileges.

Here's a 70 second video clip demonstrating Viewfinity Elevate Privileges. Feedback is welcome.

Darren Mar-Elia recently published his Top 10 Windows Desktop Lockdown Tips & Tricks in WindowsITPro magazine.  We thought we'd share these with you.  Below is tip #1.  Stay tuned, more to come.

1.  Least privilege is the best privilege:  The single biggest thing you can do to ensure your desktop security is to run your desktops using a least privilege model.  This means not making your users Administrators or Power Users on their desktops.  While this can be challenging to accomplish, with users as administrators, you have no control over what they can do on their systems.

The chart below was taken from data gathered from a recent systems management survey run with Redmond Magazine's audience.  It reveals that while 2/3 of organizations agree with Darren's #1 tip, most have taken an all or nothing approach to lockdown.  Are you hesitant to move to a locked down desktop environment?  If so, why is that?

Since Sarbanes-Oxley, there has been a lot of buzz about "compliance" and the hoops IT must jump through to ensure its adherence. But everybody views it differently. One organization demands all PCs are locked down completely, another one keeps the environment wide open and resets to a golden image when issues occur, and yet another has different policies for laptops and desktops or different polices depending on the end user’s functional role within the organization. Many argue that there is no such thing as privacy on company’s computer, and others insist that there are privacy issues to be considered. Regardless, these policies create tension between IT personnel and end users. And since more and more people are telecommuting, it is very difficult to keep everything as restrictive as management would like. Many enterprise level organizations have conceded the fact that the corporate PC, while primarily a tool to conduct business, is also the same device used for “personal computing” and separating these two uses may not be necessary. This allows employees to use their PC for both business and personal needs. With this approach, however, what should be the role of tech support and how is corporate compliance enforced?

Maintaining "blacklists" or "whitelists" for unauthorized and authorized applications can be time consuming. Since fluctuations between blacklists and whitelists occur frequently, flexible application lockdown rules based upon groups, connectivity status, application, and time of day would best support the needs of the end user, the system administrator and the company. Configurable compliance policy support would help to eliminate critical problems that might occur if, say for example a laptop is stolen. If the laptop isn’t connected to the corporate network, specified data and/or applications cannot be accessed. Or, to disable iTunes or IM during business hours.

So what is the norm today and can an automated method for managing privileges help your company protect itself if complete lockdown is not the ideal approach?