The holiday season is in full swing. Here in the U.S., the Halloween candy is gone and the turkey is digested. It's finally ok to bask in the splendor that comes with this time of year.
And with the holidays come holiday parties and excursions. One of my personal favorite things to do this time of year is “visiting the lights” with a caravan of family and friends. Getting there isn't quick, though; it’s a three-hour drive without traffic. Add that to the time spent there, and the drive back, and it's an all-day affair.
So what's the last thing in the world I want to be doing while enjoying this time with family and friends? If you said, “Pulling over or stepping aside to walk one of my users through fixing what they clearly didn't break ... again, or installing a shiny new printer or some other piece of software needed for their jobs,” you'd be correct.
Part of working in IT means you put in your time “on-call.” Unfortunately these kinds of things happen all the time. Companies either don’t realize there is a better way to allow users to maintain administrative access to endpoints, or they go the other way and remove admin rights from users but don’t account for the resulting operational inefficiencies.
What can be done? As a guy who has lost huge spans of time being “on-call” (or rather, "I'll be there in a minute, I'm on the phone"), and had to decline invites because I wouldn't be available for that inevitable phone call, I’ve been there. I get it. Or perhaps you're the one signing off on the on-call pay, or trying to be fair with the schedule and constantly having to rearrange things because people can't or just don't want to do it that week. Either way, that task before you is this:
- End users need the ability to do their jobs and a few other “we're ok with it" tasks.
- Corporate security needs to be considered by not over-privileging user or application rights.
- The helpdesk can't be burdened by constant break/fix issues at the user's desktops.
- You need a way to reduce the number of machines you have to reclaim/reimage due to malware getting onto user's machines.
Pretty straightforward, right? Well it can be. Using PowerBroker for Windows from BeyondTrust, you set user rights down to standard, while still allowing those users to carry out the tasks and processes the require to do their respective jobs. In other words, give the rights to the applications that need them, rather than to the users themselves. In addition, with its patented technology, PowerBroker for Windows can adjust the privileges an application is allowed based on its risk to the company, providing unmatched levels of security and increased operational efficiency.
We’re not looking to eliminate the need for on-call staff. However, by reducing the ability for the user or malware to in some way break the system and, at the same time, allow users to be self-sufficient, we can greatly reduce the amount of time IT staff needs to spend with users on yet another, “Didn't we already fix this before?” call. Try PowerBroker for Windows yourself with a free trial -- and maybe you'll be able to go to that holiday party after all!
Jason Silva, Sr. Solutions Architect
Jason Silva is a Senior Solutions Architect focused in Privilege Access Management (PAM), Identity and Access Management (IAM), and Least Privilege. Jason brings over 25 years of experience in solutions management to BeyondTrust's Privileged Access Management Solutions enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Reporting.