With a background in computer science and graphic design, Sophie is a passionate writer and communicator of all things technical.
Hailing from New Zealand, she provides documentation and research, commentary, and analysis on current cybersecurity topics at Fasttrack Software.
Finding the Balance Between Productivity and Security
The million-dollar question: how do you please your CISO, hell-bent on having air-tight security controls on all endpoints, while also keeping your end users and Helpdesk happy? Doing both concurrently has proven challenging in the past. What usually happens is you have to favour one over the other: productivity OR security.
Thankfully, times are a’changing, and we’re proud to bring you a solution designed with the productivity vs. security problem at the forefront.
The Approach to Security
Admin By Request’s Privileged Access Management (PAM) solution ticks all the relevant boxes for effective security:
The cybersecurity solution applies the Principle of Least Privilege (POLP): the idea that users should only be granted the privileges they need to function in their role. More privileges means greater access to the system and network, which in turn presents security holes. Remove unnecessary admin rights and those security holes are plugged. Applied with POLP at the core of Admin By Request is JIT – Just-In-Time access. For users who do need elevated access in their role, this should only be provided on an as-needed, just-in-time basis, rather than around the clock. Decrease the amount of time your users have elevated access, and you decrease your attack surface. Admin By Request applies these key principles by revoking all users’ statuses to that of standard user.
Malware protection comes as a prominent part of the Admin By Request package. OPSWAT’s MetaDefender Cloud API is integrated into the solution, scanning all file downloads with more than 35 antimalware engines. Malicious files are flagged and quarantined to be dealt with before they can infect your system.
The User Portal is essentially the control and visibility center for all users and endpoints in your organization. It features a full hardware and software inventory, detailed, tailorable reports, a comprehensive Auditlog of all elevated activity, and settings and sub-settings for every feature and aspect of the software, which can be used to dictate how it works for your users.
Significant events and suspicious activity trigger alerts which appear in your User Portal and your email inbox as configured.
Plugging in Productivity
Despite extensive security measures, productivity is maintained for all users whose main concern is to be able to do their jobs, uninterrupted by over-the-top security controls.
Productivity for the End User
- Self-Service Access: Although user access is revoked across the board, users can still gain access when they need it. Access is self-initiated, and self-serviceable – users simply request the access they need, and their request is approved or denied with the click of a button by your IT admins.
- Intuitive User Interface: The software is so simple it doesn’t require relearning. Most users are already familiar with Microsoft’s User Account Control (UAC); Admin By Request essentially replaces UAC, but makes it possible for standard users to gain the much-sought-after admin access when required.
- Range of Elevation Methods: It’s not a case of ‘only X users can gain access’ – there’s a method of elevation to suit everyone in your organization, be that developers who require extended periods of elevated access, or third-party contractors who require provisioning of a temporary local admin account.
- Multiple Operating Systems: Let your users stick to their preferred OS – Admin By Request is available on the three main operating systems: Windows, macOS, and Linux.
Productivity for the IT Admin
Efficient Deployment: The installer package is a meagre 15-something megabytes and takes all of 20 seconds to install on endpoints. From there, it’s a matter of tailoring settings to suit your organization’s needs with simple toggles and controls.
Freed Resources: The self-service nature of the application takes menial tasks (such as installation of everyday, trusted applications) out of the hands of Helpdesk, whose time is better spent focusing on significant issues. The application-whitelisting feature further helps with freeing up valuable resources from unimportant tasks.
Artificial Intelligence & Machine Learning:
Admin By Request reduces your IT Admins' manual workload by incorporating AI and Machine Learning features which can learn on the go and handle secure application elevation for you. Find the documentation on these breakthrough features here
Bulk Actions: Contributing to the efficient deployment of Admin By Request is the ability to apply settings, create rules, and run actions in bulk. E.g., require all users in the HR department to provide a reason for requesting admin access, but allow the development team to bypass this requirement; remove groups of unknown / unwanted local admins in one click; lock down all devices to the owner of that device.
Finding the Balance
The balance between productivity and security is unique to each organization – but at no point should either one compromise the other. Admin By Request’s local admin rights solution is designed to provide all the tools needed to find that perfect balance, completely tailorable to your company’s individual needs.