Desktop security may seem to have little to do with an organization’s profit and loss, share prices and overall bottom line, but going beyond antivirus protection can have a significant impact on productivity, total cost of ownership and IT support costs. In an era where companies are under pressure to reduce overheads and find new sources of revenue, operating an efficient IT infrastructure has never been so important. Whether that involves virtualization or getting more from your existing hardware, desktop security plays a vital role in ensuring systems run securely with maximum performance and uptime.
Security is often viewed like an insurance policy - an expense that’s hard to quantify in terms of return on investment. But skimping on well secured endpoints or assuming that antivirus is enough to keep end users out of trouble is a false economy. Even if your company isn’t subject to regulatory compliance, properly secured systems still bring important advantages that shouldn’t be overlooked.
Anyone who’s run Windows Vista or 7 as a standard user will know that these PCs perform consistently, more reliably, are less prone to malware infection and rarely require support from an IT professional if compared to an equivalent system running with administrative privileges. Application allow listing can further improve this record, significantly reducing problems caused by malware or application conflicts.
In an ideal world, users would be able to install any application in an isolated container without having to worry about the impact on system performance, malware infection or compatibility problems. And while the technology does exist to virtualize applications, it’s not yet mature enough that users can be left to choose what to install without some assistance from IT.
Striking a balance between a curated least privilege desktop, productivity and the ability to install approved applications on demand is the best way to provision fast, responsive and secure systems that enable users to be as productive as possible. Privilege Guard (Edit: now Defendpoint) can help IT departments manage the balance between security and flexibility that is crucial in any least privilege deployment, and improvements in Privilege Guard 2.8 make it even easier for IT to manage privileges across multiple desktops.
But user productivity can be difficult to measure and proving that it provides a competitive advantage or positively impacts a company’s end of year results is not always easy. To get management buy-in, analyze the organization’s helpdesk logs, and give users who generate the most support tickets a fresh build of Windows with least privilege enabled from the outset. Once they’ve run with it for a couple of months and any initial problems have been ironed out, make a before and after snapshot of helpdesk calls to show the reduction in IT support costs. Extra uptime for end users can be translated into additional sales or improved customer service. The results will be significant enough to convince management that a secure desktop is less expensive to support and has added productivity benefits for users in exchange for minimal IT administrative effort and cost.

Russell Smith, IT Consultant & Security MVP
Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.
Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.