- Don't use words like "Locked Down Desktop." The end users will freak out if you say this. Even though the end user doesn't own the desktop, they still think it is theirs. It's better to brand any project to improve desktop security as "Trusted Desktop Initiative” or "Secure Desktop” instead of using the words "lock down."
- Do explain to the end users why improving security is good for them. More security means fewer viruses and malware. A well-managed desktop means fewer application conflicts. Following security best practices like removing admin rights from users, means less configuration drift and more stability, reliability and speed in the long run.
- Don’t try to do too much. Many organization want to roll out too much security, all at the same time. Some organizations want to deploy more control at the same time they roll out a new operating system. The most successful organizations that we have worked with set the foundation first. By implementing security best practice (Anti-virus, Least Privilege, Vulnerability Scanning, etc.) and then layering on additional tools (Application Whitelisting, Device Control, etc.), you will end up with a more robust implementation in the long run.
- Do get executive buy-in. Everything goes much more smoothly when the boss sponsors what you are trying to do.
- Don’t go it alone. As we learn more about our industry and what is available, we realize just how much we don’t know. Technology is constantly changing, and no one person can keep up with all of the knowledge, so seek out advice from others. Talk with your vendors, peers at other organizations and your colleagues. They can be a huge asset when undertaking a project to improve security.
- Don’t forget to communicate. End users hate surprises. All they want to do is get their job done. That’s how their performance is measured. If they are surprised by some new security restriction that slows them down, they are going to kick and scream, but if you’ve communicated appropriately, your chances of headaches are lessened.
- Privileged Password Management
- Discover, manage, audit, and monitor privileged accounts
- Endpoint Privilege Management
- Manage privileges on Windows, Mac, Linux, and Unix endpoints
Universal Privilege Management
Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.