Windows 7 and Windows Server 2008 R2 each comes with AppLocker, a set of features designed to enhance the software restriction policies (SRPs) supported in previous Windows releases. (For more details about AppLocker and SRPs see the Microsoft TechNet article "AppLocker: IT's First Security Panacea?" by IT and Windows expert Greg Shields of Concentrated Technology.
AppLocker can enable and support a security philosophy growing in popularity and known as "approved execution." The term means what it says -- only approved programs are allowed to execute on protected systems, whether fixed or mobile clients or servers. After all, malware can't hurt your systems if you've got blacklists and whitelists that can determine what code, malware or otherwise, actually gets to run. (For more detailed discussion of approved execution, see the Redmond Magazine article (also by Greg Shields) "Approved Execution: The Security Mentality that Really Works.")
Approved execution is one element of a larger set of challenges and solutions some vendors refer to collectively as "least privileges." Basically, this means giving each user the minimum amount of access privileges needed by that person to do their work, to reduce unauthorized execution of malware or access to IT resources. And moving to Windows 7 provides a great opportunity to review and improve the policies and technologies your company's using to increase security and to control access privileges more effectively. But it's unlikely that every user on your network(s) will be moved to Windows 7 at the same time, and it's very likely that AppLocker alone won't solve all of your privileges management challenges.
Some potential help: Viewfinity, a leading player in this market, just announced version 3.5 of its Privilege Management solution. Three elements differentiate Viewfinity's approach to privilege management from those of competitors such as BeyondTrust and Avecto. One is that Viewfinity Privilege Management provides granular, role-based privilege management that you don't have to be an IT or security expert to make work. Another is that interoperates with Microsoft Active Directory but does not require or rely upon it. This means greater flexibility and continuing functionality even if Active Directory fails. The third is that it's Web/cloud-based. This means it's easier to incorporate protection of authorized mobile users (and rejection of unauthorized access or execution attempts).
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more