Information is the lifeblood of the modern organization – but if improperly guarded, it can be an Achilles’ heel, which is why information security is essential.
IT administrators are therefore tasked with performing a sort of balancing act: How much freedom can they give users without jeopardizing data? It’s a tricky position to be in, but it’s a pickle that can be remedied with refined measures. Here are some key examples for how these information security measures can benefit an organization:
1. Lockdown for Public-Access Machines
Many organizations such as libraries, airports, testing centers and retailers are in the position of providing public access on certain machines. From a security standpoint, this is risky since every single endpoint on a network is also an attack vector. At the same time, not granting access to increasingly common amenities such as self-service kiosks could result in lost opportunities for excellent customer service.
The more effective way around this problem is to use a computer management tool that enables desktop lockdown. Specifically, unauthenticated users would have restricted access to a specific set of applications, and even then, they would be unable to launch any unauthorized executable through those applications (i.e. a web browser). Likewise, USB ports and disk drives can be deactivated to prevent malicious uploads or attempted data theft.
2. User Login and Software Compliance Tracking
User tracking and software compliance are critical components of endpoint management.
The ability to track user login sessions is important for several reasons. For one, it helps administrators understand when certain accounts are being accessed, and the duration of that access. If nothing else, this creates behavior baselines that make it a little easier to identify unusual patterns in account access – especially when visualizations are used to organize this information.
Drilling down further, IT administrators can put themselves at an advantage by also knowing what software is being accessed and how often. This includes software that may be over-utilized, or applications that fall under the umbrella of shadow IT. This is the use of third-party applications that are not sanctioned by IT department for work purposes, and it can ultimately put company data at risk. So, while some users may have a greater degree of access than others, it’s important to monitor for software that may put company information at risk. This is often inadvertent, but it’s dangerous nonetheless.
3. Regular Computer Sanitation
Computer sanitation is an important component of data security. This is true for enterprise work stations, but also for machines and kiosks that are used by the public – where personal data might be compromised.
Traditionally, re-imaging was the go-to method that IT administrators used to maintain ongoing control over computer configurations. That said, manual system restores are incredibly time-consuming. A better option is to setup automated maintenance schedules using ‘reboot-to-restore’ software. With such tools, IT admins can lock down optimum configurations & ensure persistence, with every restart, despite any abuse and alterations (accidental or otherwise).
To learn more about how ‘Reboot to Restore’ software can help your organization, contact Faronics today.