The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/810339
31 WWW.ILTANET.ORG This laptop is the only computer I use, so installing soware on it is a "quality of life" issue. Assuming you have not already moved past this one with the help of client requirements and audits, see if you can turn the "quality of life" argument for control on its head and help the user understand how having IT control the soware will improve "quality of life." » A managed machine will be far more reliable. Would you not prefer consistent, reliable performance 24/7? » A managed machine will provide more protection from hackers. Look at what has happened at other firms with ransomware. If you let us manage your machine, we can greatly reduce that risk. » Is there a secure cloud-based version of the personal soware you want to have on your laptop? If so, let us help you move your personal information to the cloud, so we can focus on managing only the work-related soware on your machine. From IT: If we whitelist, it will take forever to get soware approved and installed because we cannot risk doing "one-off " emergency installations. The risks of doing one-off installations are diminished and beer contained in a whitelisted environment. When your users are logged in as local administrators, you have a network where malware can potentially spread and install on any machine with an active session. Once you have hardened all your PCs, the risk of installing a one-off application should be limited to the PC in use. If you accidentally allow a one-off installation of malware that can self-replicate, if it is not in the whitelist and all your active sessions are running with "user" credentials, it is less likely to do damage before you can mitigate it. With IT support required to assist with every emergency installation –– and IT personnel acting as a second pair of eyes to verify that it is safe to proceed –– the risk that bad soware will be installed is further reduced, and there is more awareness if it goes south. If we have to manage soware, we will spend all our time taking tickets and will not be able to do anything else. When we did our initial inventory at Stoel Rives, there were over 3,000 applications in our "open" environment (many of which were multiple versions of the same application). We initially knocked down the total number of necessary programs to about 120. In the years since then, we have kept the number to about 300, which is still less than 10 percent of what was in the open environment. Compatibility issues have almost ceased to exist in production. We now average less than five fire drills a year, and they have always been limited to one machine. Lock It Down As powerful as whitelisting and user context enforcement are, they are not a panacea. They are tools you can use in conjunction with other threat prevention and mitigation solutions. You will also want to track all installations via a regular machine inventory and set a threshold for one-off installations of any piece of soware, aer which it can become a managed soware installation with an engineered deployment. Lock it down. Do not let exceptions become the rule! P2P JON WASHBURN Jon Washburn is the Director of Information Security at Stoel Rives LLP. Since 1997, he has held a number of leadership roles in IT infrastructure, security and information management, successfully deploying national and international technology and data governance solutions. To discuss whitelisting your applications, browser extensions, Chrome plug-ins or scripts, contact Jon at jon. washburn@stoel.com. The Value of Having Locked-Down PCs CASE STUDIES Since rolling out administratively secured PCs to over 4,000 users across two firms, I have yet to see a true need to let any user be an administrator of their local PC.