Desktop Lockdown doesn’t mean taking the personal out of PC
The technical problems associated with using Windows pre-Vista as a standard user, i.e. without administrative privileges, has left an expectation that users should have full control over their PCs, including the ability to install unauthorised software and change key operating system components. User Account Control (UAC) in Vista and Windows 7 had made it more practical to run with a standard user account and led many organisations to look seriously at removing administrative rights from end users. Yet if not planned thoroughly, this can not only bring unexpected technical problems, but a mutiny in the ranks.
Change and Company Culture
In many companies, the IT department and the value it adds to the business is well respected and employees cooperate to develop the business. But in some organisations, IT may find itself in a position where users resist change at every step and demand an unrealistic level of service and autonomy that has a negative effect on the IT department’s ability to offer a good service.
Before embarking on a least privilege security project for desktop PCs, start by creating a portfolio of services that the IT department provides and outline what users can expect. For example, when a request to install software is made via the helpdesk, what’s a reasonable amount of time that users can expect to wait? What might be the business reasons for rejecting such a request and the justifications? Your portfolio should also contain a list of authorised software and hardware so that the IT department is able to provide a good service when support is needed.
Laying down foundations will make the move to least privilege easier for both the IT department and users. If employees are accustomed to demanding software be installed immediately and escalating requests to managers if they don’t get their way, least privilege on the desktop will be problematic, as software needs to be carefully vetted for compatibility with standard user accounts.
Least privilege is quick and responsive but users will have to be prepared for a new corporate culture where everything is not on instant offer. They will have to be weaned away from ‘fast food software’ and it is best to be honest with them and tell them that any delays are due to a more careful consideration of additions to the desktop. This will make them aware that any delay is not due to IT being inefficient but that their demand may have knock-on effects on others that the organisation must plan for.
A lack of policy on hardware can lead to the company acquiring so many different devices, configurations and drivers that support costs become much higher than necessary. Specifying particular brands that users are permitted to purchase helps minimise support issues because it’s not always the hardware that causes a support issue, all of the software and hardware which an enterprise intends to deploy needs to be thoroughly checked beforehand to ensure compatibility with all other deployed software for all devices and peripherals to function properly.
Getting buy-in from top management
Backing from senior management is crucial for a successful least privilege security desktop project. Management need to understand the business benefits, so presenting data on how IT support costs can be reduced and user productivity increased is preferable to focusing on security and technical benefits. Metrics can be used to present the benefits of least privilege to management in a language they understand and the data gathered from a pilot project where a selection of users run with standard user accounts. Other benefits that can be pitched to management might include the necessity to comply with industry regulations or meet standards, such as International Organization for Standardization (ISO), that demonstrate to clients your company has measures in place to protect their data should they choose to do business with you.
This type of standardisation also brings is on to compliance which is a very powerful argument to use of the senior management when talking about the cost benefits of least privilege. Depending upon your industry sector it will be necessary to be compliant with Payment Card Industry Data Security Standards (PCI DSS) if you are a retailer, The Health Insurance Portability And Accountability Act (HIPAA) regulation impacts those in healthcare that exchange patient information electronically and Sarbanes-Oxley (SOX) lays down compliance and corporate responsibility for financial reports.
Desktop refresh projects, i.e. installing a new desktop image or moving to a new operating system, are often used as a vehicle to implement least privilege, helping IT sell multiple benefits and get the seal of security approval. It also increases the chances of getting acceptance from end users, as an operating system upgrade is almost always supported.
There will be users and managers who decide that they should be exempt from the least privilege security project without any genuine business justification. It will be at this point that upper management must show their resolve and ensure that there are no exceptions without a valid business reason.
Communicating the benefits of least privilege to end users and fully justifying why the decision has been taken to restrict use of administrative rights on the desktop will help ease the transition to a least privilege desktop. Employees should understand how running as a standard user can increase productivity, improve the company’s bottom line and protect customer data. Here’s an analogy that you can use to help your argument:
In the same way that the Highway Code maps out the behaviour society expects of us on the road, least privilege security on the desktop provides rules while enabling users to carry out their responsibilities while maintaining the performance, security and reliability of the PC so that tasks can be completed in a timely manner without crashes or breakdowns.
Users respond negatively if privileges are removed without explanation. In companies where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned so the IT department doesn’t face a user revolt. Make sure you set users’ expectations accordingly and before they arrive to work one morning to find their administrative privileges have been removed.
Secure and Flexible
If it’s difficult to share files, users find workarounds even if it breaks company policy, such as telling colleagues their account passwords or using removable USB drives. IT policy should be balanced so that users can do what they need without any significant barriers in the way, and that applies equally to security.
By applying a well-documented least privilege policy with a proper education program when it is introduced to ensure that staff realise why it has been put in place organisations can ensure against many data breaches. The latest privilege management technologies can act as a powerful tool to empower organisations to remove administrative privileges from end while at the same time ensuring that the end user experience is not negatively impacted. With the use of application whitelisting and the ability to customise UAC prompts, these solutions can further help to secure PCs and at the same time maintain the flexibility and customisation that users have become accustomed to.
In a world of social media where bring your own device into the enterprise has led to many critical failures it is essential that staff realise the damage they could unintentionally cause by seemingly innocuous changes to their desktops. It is important to have a policy in place because many employees will have friends in other enterprises which are not as security conscious when he can bring their smart phones in and use Dropbox with impunity. Once the dangers are outlined and they realise they are being treated like adults these fears will drop away.
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder
If the last nine months have made anything clear, it is that the pandemic has fundamentally changed both buying and driving habits for UK motorists. The latest Tempcover research has revealed that online-only used car sales had increased fifteen-fold during the pandemic among 2,000 survey respondents.
Before lockdown, just 4% of used car sales were fully-digital. The vast majority of those surveyed opted for either a physical purchase (50%) or a digitally-assisted purchase (45%), relying on a combination of digital tools and an in person viewing or road test before buying.
While car sales overall are down on last year’s figures*, one in six (17%) of those surveyed had bought a used car during lockdown, with two thirds (64%) relying on a fully-digital purchase journey. Digitally-assisted purchases counted for one in five (20%) used car sales, while in person sales fell to just 15% – no surprise considering the ongoing social distancing measures.
And when it comes to arranging insurance for their recently-purchased vehicle, our survey participants displayed an equal balance between telephone and online as the preferred method (48% each). Nearly a third of those (28%) said they wait up to ten minutes for their policy to be confirmed, and a further 22% wait as long as 20 minutes to get cover.
The switch to digital insurance, driven by InsurTech
In the midst of rapid and significant market changes, many traditional insurers have lacked the agility and flexibility to adapt accordingly. InsurTech can provide immense value in bridging that gap, as the digital solutions are entirely scalable, with the flexibility to substantially increase in size and across multiple geographies, with minimal disruption.
The ongoing decline of physical transactions in the motor retail industry is a perfect example of how InsurTech is adding value. Several national blue-chip dealerships, with both physical and digital showroom floors, are already streamlining their online purchase process by offering temporary driveaway insurance policies to cover the vehicle for a fixed-term, usually between five to seven days, as part of the purchase journey.
The entirely online one-step user experience is the first of its kind in the traditionally outdated and inflexible driveaway insurance industry and it is dramatically simplifying the process of how insurance is purchased and consumed. Due to the flexibility and agility of the digital solution, each retailer has its own unique URL, where the customer can obtain a simple single-cost policy in just 90 seconds through an entirely digital process, which fits in line with the evolving consumer purchase trends.
For the dealers, this technology means more efficient stock clearance times and greater profitability. For the buyers, it takes the stress out of searching for annual insurance on the spot, and provides the driver with near instant cover so that they can immediately drive their new car, while giving them the opportunity to thoroughly research the best annual policy to suit their needs. An added benefit is there’s no risk to any existing No Claims Discount, as it’s a separate and standalone policy.
While there is a chance these trends will reverse to some extent post pandemic, it is clear that the consumer appetite for digital purchase and consumption is here to stay, and InsurTech will continue to lead the way in making motor insurance more easily-accessible across digital platforms, while offering consumers the best value for money.
Five ways enterprises are using the public cloud
By Michael Chalmers, MD EMEA at Contino
The public cloud is the most significant enabler in a generation. It’s causing a massive shift in how businesses are operating and tearing apart previous business models.
Amid challenging economic times, it’s inevitable that spending within IT is dropping. However, the cloud is the only segment that is still growing. The public cloud is increasingly becoming a central element of enterprise IT.
Contino asked 250 IT decision-makers at enterprise companies across Europe, USA and APAC within companies of over 5,000 employees about their views on the state of the public cloud within their organisation at the beginning of 2020. Nearly all of them (99%) saw a significant technical benefit compared with on-premises.
Here are some other ways public cloud is being used by enterprises:
- Widely, albeit not yet business wide.
A whopping 77% of enterprises are using the public cloud in some capacity. Overall, 50% of businesses are utilising a hybrid cloud, 22% single private cloud, 20% multi-cloud, 7% single public cloud and only 1% are using only on-premises.
But only 13% of businesses have a fully-fledged public cloud program. The largest set of respondents (42%) have multiple apps/projects deployed in the cloud. 24% were still working on initial proofs-of-concept, and 18% were in the planning stages.
83% of respondents said they want to grow their cloud program. Almost half (48%) do wish to grow, but with caution, while 36% want to move as quickly as possible.
Only 4% plan to revert to on-premises but are in no rush to do so.
- To enhance security and compliance versus on-premises, although these are still also seen as barriers to adoption.
A massive 64% of respondents stated they find this more secure than on-premises, and only 7% see it to be less secure. 72% found it easier to stay compliant with business data in the cloud versus only 4% who found it harder. However, 48% cited that their biggest barrier for not using the cloud was security, and 37% stated the need to remain compliant was the most prevalent blocker.
Other challenges also posed a barrier: a lack of skills, the cost to purchase and cloud-native operating models not working with existing investments made up 29-32% of responses.
19% stated that lack of leadership buy-in is the biggest barrier, reflecting that a significant number of IT departments have a need for this solution but have not been provided with the support to do so. However, relatively speaking, this was one of the least-cited barriers.
- For improved efficiency, scalability and agility, but vendor lock-in is still a major concern.
The top three cited technical benefits of public cloud were better efficiency, agility and scalability versus on-premises. However, 63% of IT professionals were ‘somewhat’ or ‘very much’ afraid of the commitment that can come with investing in the cloud. This is another major barrier that is preventing businesses from migrating to the cloud.
Only 23% are not afraid of being locked in and a meagre 5% have no fear at all. However, the fact that 77% of businesses are using the cloud shows any risk of being locked in is outweighed by the benefits of the cloud.
- To align IT with the business.
This is by far the most cited business benefit of the public cloud. 100% of those surveyed witnessed varied business benefits versus on-premises. Other major benefits include the ability to focus on new revenues (43%), accelerated time-to-market (43%), and increased ROI (40%).
- To accelerate innovation and increases cost-effectiveness.
Innovating in the cloud was quicker for 81% of respondents. What’s more, not one person surveyed said the cloud slowed down their innovation. 79% have saved money with the cloud and only 5% have found it more of an expense than on-premises.
Another ‘new normal’? Five challenges CTOs will face in 2021
By Amit Dattani, Director of Technology at Conosco
We’re one year into the new decade, and arguably technology has guided the 2020’s so far. Chief Technology Officers (CTOs), responsible for taking ownership across IT networks, have faced new challenges as they spearhead the rapid adoption of a number of digital services.
CTOs have a lot on their plate. Many are responsible for managing production workflow, defining technology roadmaps and budgeting the cost of technology. However for smaller businesses, CTOs will also be responsible for leading the cybersecurity strategy, and defining the data protection guidelines.
We’re at an exciting time for innovation in the UK, and CTO’s need to provide sound technical leadership to the board and to employees. What challenges will CTOs need to overcome in their IT strategy for 2021?
1- Data compliance
After a number of GDPR lawsuits, there is growing concern over the state of business’ data handling. And post-Brexit, the ‘new normal’ will change again for data management and CTOs. GDPR will no longer be binding in the UK after 1 January 2021, leading to new data laws being introduced. Fear not – the UK government has said it intends to incorporate GDPR into UK data protection laws, but it’s still incredibly likely there will be tweaks and amendments to it.
The number of data privacy cases will likely continue to increase, but with every case brings further clarity to other businesses learning lessons about data protection. CTOs need to consider who will be responsible for the flow of personal data, reviewing information and ensuring that the correct processes are in place for business continuity and disaster recovery.
2 – Changing mindsets on data
Data is not the devil – but CTO’s already know that. Their customers and others in the leadership team, however, may not be comfortable with that thinking. The demand for data as a product is through the roof, providing value-added digital transformations and acting as a virtual decision-maker.
The growing complexity of the nation’s habits and desires means that data has had to fast track the growth of knowledge. Data removes the ‘intuition’ that senior decision makers have to go on, and instead validates the course of action you choose for your business.
CTOs need to ensure they have transparent processes in place about the status of their data integrity. Be open about the processes, and what you use your customer and employee data for. And for the leadership team, it will become harder and harder to avoid the benefits of using Big Data – such as improved operational efficiency, greater transparency into costs, and smarter decision making.
3 – CFOs will try to claw back early 2020 investments
Technology has proved it’s the beating heart of business continuity during these unusual times. But Gartner’s IT spending report found that budgets were down 6.5% overall in Europe.
One of the things on top of all Chief Financial Officers (CFO) priority lists is to reduce any overspend and improve budgeting. Cuts to IT aren’t because leaders need convincing of the importance of technology – it’s a priority.
But due to the increased spending on short-term fixes to enable businesses to work from home in the first ‘new normal’ of 2020, many businesses are scrutinising any extra investments to claw back some of the overspend. It will be a case of proving why it is crucial for businesses to gain an innovation edge and speed up digital transformation.
Especially for public companies – their share prices can increase or decrease value just by public perception – which is definitely something which board members care about. Consider looking into better tools, services and solutions which can allow for better budget use and a deeper understanding into the benefits your investments are making to your company.
4 – Tackling the talent shortage
Another main challenge of CTOs is a lack of knowledge by employees on new technologies, such as blockchain, artificial intelligence and machine learning. A 2020 PwC survey finds that 74 percent of CEOs are concerned about the availability of key skills. A company is only as good as its people, but when the purse strings have tightened, there may be less scope for hiring externally, and instead you turn to upskilling.
Outsourcing talent can help you to keep innovating, get you on your feet and provide a better service. But continuing to innovate must mean that you have the skills to align with new projects that are in the pipeline. You should be prioritising time on training, but you can also bring in skill sets by working with targeted recruiters and external partners.
5 – Delayed technical debt
After the shift to an almost-fully virtual world in March, many companies faced new challenges that they needed quick fixes for in the race to appeal to the market.
But while quick solutions can generate business sales, if you only focus on the ‘essentials’ at the time and not the full picture, you risk facing vulnerabilities. For example, if you prioritise your employees need to work from home, but don’t invest in data management and security planning such as a VPN, issues will eventually begin to surface.
Opting for cloud and SaaS solutions will remove the issue of foresight, and avoid your team being faced with the decision between the urgent and the important. CTOs will need to have their fingers on not just the technology, but also the timing of their investments.
To avoid technical debt, ensure good policies and governance are in place for all technology under the CTO remit. This could include a regular analysis of your strategy to ensure overall architecture is needed. This limits technology creep, which leads to technical debt. You should also add technical debt into your agile development cycles – e.g. every sprint must have 10% tech debt work, or every 5th sprint is a ‘bug bash.’
EU Commission sets out new intellectual property action plan affecting SEPs, patent pooling and EU design protection
By Andrew White, Partner and UK & European patent attorney at intellectual property firm, Mathys & Squire The EU Commission...
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder If the last nine months have made anything clear, it is that the...
Five ways enterprises are using the public cloud
By Michael Chalmers, MD EMEA at Contino The public cloud is the most significant enabler in a generation. It’s causing a...
Another ‘new normal’? Five challenges CTOs will face in 2021
By Amit Dattani, Director of Technology at Conosco We’re one year into the new decade, and arguably technology has guided...
An inside look at how both the global pandemic and the March and November 5th National Lockdowns are affecting mental health within the workforce
By Lianne Harrington, Director SMP Healthcare Ltd Part One: Real life insights into the deteriorating mental health of three employees...
Data Unions, fisherfolk and DeFi
By Ruby Short, Streamr In the fintech world it seems every month there’s a new trend or terminology to get...
Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19
Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting...
One in five insurance customers saw an improvement in customer service over lockdown, research shows
SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement in...
ECOMMPAY expands Open Banking payments solution to Europe
Open Banking by ECOMMPAY facilitates fast, secure and simple payments International payment service provider and direct bank card acquirer, ECOMMPAY, has...
Bots Are People Too: Robotic Process Automation in Finance
By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting As technology has advanced, Robotic Process Automation...