SlideShare a Scribd company logo

Sites Collaboration Ma Resources Res

GuardEra Access Solutions, Inc.
GuardEra Access Solutions, Inc.

Device Centric and User Centric Approaches to desktop Security

1 of 3
Download to read offline
RES Software and Security: Realizing Asset Centric and User Centric Approaches to Security Executive Summary In the rush to meet regulatory or customer although assets still need to be kept secure, the mandates, organizations have spent millions of need arises for a user-centric security approach dollars implementing security and compliance where security rules are aligned with the use of measures either issue-by-issue or regulation-by- those assets. regulation. This has resulted in an asset-centric security approach, where we focus on the IT This white paper presents an overview of both the infrastructure and make sure that this is secure. asset-centric and the user-centric approaches to security. These approaches will be mapped towards However, in the current versatile user community, the standard for Information Security: ISO 17799. a user is no longer bound to a single device. So, Security Why Does Security Matter? Availability Information is an important asset in our current Currently, an important job for many market. As a result, businesses want to manage administrators is to ensure that authorized users information as an asset, but at the same time, they have access to information and the associated are evolving towards collaboration with other assets when required. companies in order to fulfill customer needs more quickly. This approach has increased the pressure Focus on Assets on IT departments. On the one hand, they need to Currently, the most common approach is to focus make information available for more users. On the on assets. This approach originates from a risk other hand, they need to keep this information management approach: secure and share it only with the appropriate individuals and organizations. In a Microsoft Windows environment, this means that the following tasks need to be performed on a So security matters, and any approach will have to regular basis: focus on two things:  Scanning machines for vulnerabilities, i.e. querying installed operating system patches  Availability: making sure that information is and installed software, querying NTFS and available for use. share right assignments, querying service  Confidentiality: making sure that only prop-erties, and running MBSA queries. authorized people can access it.  Taking counter measures for certain risks, i.e. installing patches, changing service parameters, changing NTFS and share rights assignments. These standard, frequently repeated tasks can be easily automated with a solution for IT run book automation for Windows, such as RES Automation Manager. RES Software and Security: v.1.0-9.30.10 Page 1 of 3 Realizing Asset Centric and User Centric Approaches to Security
Users are No Longer Bound to a Single Device Ensuring that information is accessible only to The question arises whether this asset-centric those who are authorized to access it is a approach that defines threats as external forces is challenging task in the current environment. If a enough. Does this approach ensure availability of user is not bound to one single workstation, it is no the service? In the current user environment, users longer possible to allow or disallow access based on no longer have their own desktop (asset) on which the workstation (asset). The asset-centric they use their services. In today’s IT world, a user approach, though important, is not sufficient. A can have a laptop or desktop for use at the office user-centric approach is needed as well, so that a during the day, and a desktop made available via user can get access to the services, but only after server-based computing for use from home or from the following checks: any other place outside the office. This results in new challenges for IT departments because the  Who is the user? This question is answered main focus is on ensuring availability of a user’s using authentication based on username services. and password.  Where is the user? This is important, Users want their services (applications plus their because where a user starts a service can settings) to be available, whatever the method of determine whether that service (such as delivery, and they want changes made in one the application plus its settings and environment to be reflected in all the others resources) should be available. automatically. This results in the next approach to  What time is it? Some services may have availability: the user-centric approach, which is scheduled maintenance windows during achieved through user workspace management. In which they are not available. this approach, all user settings are disconnected  Does the user have the necessary from the underlying application delivery solution, credentials? In some cases, you may want and are applied when a user starts an application. to base access to a service on additional This gives the user a unified workspace levels of authentication, because the independent of an application delivery solution. application contains too much sensitive information. New Challenges: Confidentiality Focusing on the availability of services to users, Besides the internal user, businesses are both in and outside the office, enhances user collaborating more with other companies. These productivity and business performance. collaborative initiatives will need to share information, and so they need to be supported by However, this approach does pose new challenges IT. The asset-oriented approach tries to make sure to the IT department, and these challenges need to that external threats don’t come in. This is not be addressed. A user now has access to the possible in a collaborative enterprise because company network from outside the office too, but people from other companies do need to get inside some services and their corresponding resources your network. But you only want to grant them should not be available from outside the office. access to the services they need. This requires a different approach— one that starts from the inside Once you have established the availability of a and works out, instead of the other way round. This service to a user, you need to make sure that this is what you deliver with a user-centric security service is only available for those who are approach. authorized. This is confidentiality, the focus of the next part of this whitepaper. You grant a user access to a service, namely the application with its settings. Based on this access, you can then grant the user access to related:  Files and folders  Local storage  Removable storage  Network resources Confidentiality RES Software and Security: v.1.0-9.30.10 Page 2 of 3 Realizing Asset Centric and User Centric Approaches to Security
Conclusion The ISO 17799 standard is related to information centric and user-centric. The asset-centric security. This standard defines information as an approach ensures that the infrastructure is asset that may exist in many forms, and that has available, and helps protect it against external value to an organization. The goal of information threats. But in the current versatile user security is to protect this asset suitably, so that environment, this approach by itself is not enough business continuity is ensured, business damage is to make services available to users. Because the minimized, and return on investments is user is working from multiple desktops both in and maximized. According to ISO 17799, information out of the corporate network, a user-centric security is characterized as the preservation of: approach is needed as well. Combining these  Integrity: safeguarding the accuracy and approaches will result in better availability, but, completeness of information and of even more importantly, will greatly improve the protection methods. confidentiality as described by ISO 17799. The user-  Availability: ensuring that authorized users centric security approach is delivered through user have access to information and associated workspace management. This gives the desired assets when required. availability of the services to end users, without  Confidentiality: ensuring that information compromising the necessary security policy. is accessible only to those authorized to have access. Together, the RES Software products RES Automation Manager and RES Workspace Manager As discussed in the previous paragraphs, there are deliver both the asset-centric and the user-centric two approaches in Information Security: asset- security approach. RES Software RES Software, the proven leader in dynamic desktop solutions, is driving a transformation in the way organizations manage, maintain and reduce the cost of their desktop infrastructure. The RES Software award- winning, patented products enable IT professionals to manage and deliver secure, personalized and compliant desktops independent of the underlying computing infrastructure – thin clients, virtual desktops, physical desktops, or server-based computing environments. The company empowers customers, from small to medium- sized businesses to global enterprises, to reduce desktop complexity and meet the essential needs of a dynamic workforce that requires on-demand access to their personalized workspaces. For more information, follow updates on Twitter @RESSoftware and visit www.ressoftware.com. RES Software and Security: v.1.0-9.30.10 Page 3 of 3 Realizing Asset Centric and User Centric Approaches to Security

Recommended

Change Management, some brief insights
Change Management, some brief insightsChange Management, some brief insights
Change Management, some brief insightsNick Hester
 
Leveraging Post-Click Marketing for Successful Online Demand Generation
Leveraging Post-Click Marketing for Successful Online Demand GenerationLeveraging Post-Click Marketing for Successful Online Demand Generation
Leveraging Post-Click Marketing for Successful Online Demand GenerationSean O'Donovan
 
Conferencia voltmodding (1)
Conferencia voltmodding (1)Conferencia voltmodding (1)
Conferencia voltmodding (1)campus party
 
By All Reasonable Means: Planning Access Improvements to Public Greenspace
By All Reasonable Means: Planning Access Improvements to Public GreenspaceBy All Reasonable Means: Planning Access Improvements to Public Greenspace
By All Reasonable Means: Planning Access Improvements to Public GreenspaceGeoAnitia
 
Imelda lambkin - H2020 For SME - June 5th - Athlone
Imelda lambkin - H2020 For SME - June 5th - AthloneImelda lambkin - H2020 For SME - June 5th - Athlone
Imelda lambkin - H2020 For SME - June 5th - Athloneei_Midlands
 
Seo And Trending Topics How You Can Use Trending Topics To Get More Visitors
Seo And Trending Topics How You Can Use Trending Topics To Get More VisitorsSeo And Trending Topics How You Can Use Trending Topics To Get More Visitors
Seo And Trending Topics How You Can Use Trending Topics To Get More VisitorsfaiM
 
Global Warming Destroys Coffee Industry
Global Warming Destroys Coffee IndustryGlobal Warming Destroys Coffee Industry
Global Warming Destroys Coffee IndustryGeoAnitia
 
Vuvuzela flow and wireframes
Vuvuzela flow and wireframesVuvuzela flow and wireframes
Vuvuzela flow and wireframesPeter Blom
 

Recommended

Change Management, some brief insights
Change Management, some brief insightsChange Management, some brief insights
Change Management, some brief insightsNick Hester
 
Leveraging Post-Click Marketing for Successful Online Demand Generation
Leveraging Post-Click Marketing for Successful Online Demand GenerationLeveraging Post-Click Marketing for Successful Online Demand Generation
Leveraging Post-Click Marketing for Successful Online Demand GenerationSean O'Donovan
 
Conferencia voltmodding (1)
Conferencia voltmodding (1)Conferencia voltmodding (1)
Conferencia voltmodding (1)campus party
 
By All Reasonable Means: Planning Access Improvements to Public Greenspace
By All Reasonable Means: Planning Access Improvements to Public GreenspaceBy All Reasonable Means: Planning Access Improvements to Public Greenspace
By All Reasonable Means: Planning Access Improvements to Public GreenspaceGeoAnitia
 
Imelda lambkin - H2020 For SME - June 5th - Athlone
Imelda lambkin - H2020 For SME - June 5th - AthloneImelda lambkin - H2020 For SME - June 5th - Athlone
Imelda lambkin - H2020 For SME - June 5th - Athloneei_Midlands
 
Seo And Trending Topics How You Can Use Trending Topics To Get More Visitors
Seo And Trending Topics How You Can Use Trending Topics To Get More VisitorsSeo And Trending Topics How You Can Use Trending Topics To Get More Visitors
Seo And Trending Topics How You Can Use Trending Topics To Get More VisitorsfaiM
 
Global Warming Destroys Coffee Industry
Global Warming Destroys Coffee IndustryGlobal Warming Destroys Coffee Industry
Global Warming Destroys Coffee IndustryGeoAnitia
 
Vuvuzela flow and wireframes
Vuvuzela flow and wireframesVuvuzela flow and wireframes
Vuvuzela flow and wireframesPeter Blom
 
HIPAA Regs
HIPAA RegsHIPAA Regs
HIPAA RegsGuardEra Access Solutions, Inc.
 
HITECH Modifications to HIPAA
HITECH Modifications to HIPAAHITECH Modifications to HIPAA
HITECH Modifications to HIPAAGuardEra Access Solutions, Inc.
 
Patrick Notley1
Patrick Notley1Patrick Notley1
Patrick Notley1GuardEra Access Solutions, Inc.
 
Awarenesstechnologies Intro Document
Awarenesstechnologies Intro DocumentAwarenesstechnologies Intro Document
Awarenesstechnologies Intro DocumentGuardEra Access Solutions, Inc.
 
Mx Pb En 100929
Mx Pb En 100929Mx Pb En 100929
Mx Pb En 100929GuardEra Access Solutions, Inc.
 
Rp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xgRp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xgGuardEra Access Solutions, Inc.
 
Deepwater Horizon
Deepwater HorizonDeepwater Horizon
Deepwater HorizonGuardEra Access Solutions, Inc.
 
Cloud Computing Payback
Cloud Computing PaybackCloud Computing Payback
Cloud Computing PaybackGuardEra Access Solutions, Inc.
 
10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate SecretsGuardEra Access Solutions, Inc.
 
Security Breach Laws
Security Breach LawsSecurity Breach Laws
Security Breach LawsGuardEra Access Solutions, Inc.
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1GuardEra Access Solutions, Inc.
 
2010 Hipaa Rules 011310
2010 Hipaa Rules 0113102010 Hipaa Rules 011310
2010 Hipaa Rules 011310GuardEra Access Solutions, Inc.
 
Og Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact ReportOg Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact ReportGuardEra Access Solutions, Inc.
 
Accel Ops Brochure0609
Accel Ops Brochure0609Accel Ops Brochure0609
Accel Ops Brochure0609GuardEra Access Solutions, Inc.
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security UpdateGuardEra Access Solutions, Inc.
 
HITECH Act
HITECH ActHITECH Act
HITECH ActGuardEra Access Solutions, Inc.
 
EMR Yes- No
EMR Yes- NoEMR Yes- No
EMR Yes- NoGuardEra Access Solutions, Inc.
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS OverviewGuardEra Access Solutions, Inc.
 
Closing the Clinical IT Chasm
Closing the Clinical IT ChasmClosing the Clinical IT Chasm
Closing the Clinical IT ChasmGuardEra Access Solutions, Inc.
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 

More Related Content

More from GuardEra Access Solutions, Inc.

Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 

More from GuardEra Access Solutions, Inc. (20)

HIPAA Regs
HIPAA RegsHIPAA Regs
HIPAA Regs
 
HITECH Modifications to HIPAA
HITECH Modifications to HIPAAHITECH Modifications to HIPAA
HITECH Modifications to HIPAA
 
Patrick Notley1
Patrick Notley1Patrick Notley1
Patrick Notley1
 
Awarenesstechnologies Intro Document
Awarenesstechnologies Intro DocumentAwarenesstechnologies Intro Document
Awarenesstechnologies Intro Document
 
Mx Pb En 100929
Mx Pb En 100929Mx Pb En 100929
Mx Pb En 100929
 
Rp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xgRp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xg
 
Deepwater Horizon
Deepwater HorizonDeepwater Horizon
Deepwater Horizon
 
Cloud Computing Payback
Cloud Computing PaybackCloud Computing Payback
Cloud Computing Payback
 
10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets
 
Security Breach Laws
Security Breach LawsSecurity Breach Laws
Security Breach Laws
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
 
2010 Hipaa Rules 011310
2010 Hipaa Rules 0113102010 Hipaa Rules 011310
2010 Hipaa Rules 011310
 
Og Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact ReportOg Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact Report
 
Accel Ops Brochure0609
Accel Ops Brochure0609Accel Ops Brochure0609
Accel Ops Brochure0609
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security Update
 
HITECH Act
HITECH ActHITECH Act
HITECH Act
 
EMR Yes- No
EMR Yes- NoEMR Yes- No
EMR Yes- No
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
Closing the Clinical IT Chasm
Closing the Clinical IT ChasmClosing the Clinical IT Chasm
Closing the Clinical IT Chasm
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 

Sites Collaboration Ma Resources Res

  • 1. RES Software and Security: Realizing Asset Centric and User Centric Approaches to Security Executive Summary In the rush to meet regulatory or customer although assets still need to be kept secure, the mandates, organizations have spent millions of need arises for a user-centric security approach dollars implementing security and compliance where security rules are aligned with the use of measures either issue-by-issue or regulation-by- those assets. regulation. This has resulted in an asset-centric security approach, where we focus on the IT This white paper presents an overview of both the infrastructure and make sure that this is secure. asset-centric and the user-centric approaches to security. These approaches will be mapped towards However, in the current versatile user community, the standard for Information Security: ISO 17799. a user is no longer bound to a single device. So, Security Why Does Security Matter? Availability Information is an important asset in our current Currently, an important job for many market. As a result, businesses want to manage administrators is to ensure that authorized users information as an asset, but at the same time, they have access to information and the associated are evolving towards collaboration with other assets when required. companies in order to fulfill customer needs more quickly. This approach has increased the pressure Focus on Assets on IT departments. On the one hand, they need to Currently, the most common approach is to focus make information available for more users. On the on assets. This approach originates from a risk other hand, they need to keep this information management approach: secure and share it only with the appropriate individuals and organizations. In a Microsoft Windows environment, this means that the following tasks need to be performed on a So security matters, and any approach will have to regular basis: focus on two things:  Scanning machines for vulnerabilities, i.e. querying installed operating system patches  Availability: making sure that information is and installed software, querying NTFS and available for use. share right assignments, querying service  Confidentiality: making sure that only prop-erties, and running MBSA queries. authorized people can access it.  Taking counter measures for certain risks, i.e. installing patches, changing service parameters, changing NTFS and share rights assignments. These standard, frequently repeated tasks can be easily automated with a solution for IT run book automation for Windows, such as RES Automation Manager. RES Software and Security: v.1.0-9.30.10 Page 1 of 3 Realizing Asset Centric and User Centric Approaches to Security
  • 2. Users are No Longer Bound to a Single Device Ensuring that information is accessible only to The question arises whether this asset-centric those who are authorized to access it is a approach that defines threats as external forces is challenging task in the current environment. If a enough. Does this approach ensure availability of user is not bound to one single workstation, it is no the service? In the current user environment, users longer possible to allow or disallow access based on no longer have their own desktop (asset) on which the workstation (asset). The asset-centric they use their services. In today’s IT world, a user approach, though important, is not sufficient. A can have a laptop or desktop for use at the office user-centric approach is needed as well, so that a during the day, and a desktop made available via user can get access to the services, but only after server-based computing for use from home or from the following checks: any other place outside the office. This results in new challenges for IT departments because the  Who is the user? This question is answered main focus is on ensuring availability of a user’s using authentication based on username services. and password.  Where is the user? This is important, Users want their services (applications plus their because where a user starts a service can settings) to be available, whatever the method of determine whether that service (such as delivery, and they want changes made in one the application plus its settings and environment to be reflected in all the others resources) should be available. automatically. This results in the next approach to  What time is it? Some services may have availability: the user-centric approach, which is scheduled maintenance windows during achieved through user workspace management. In which they are not available. this approach, all user settings are disconnected  Does the user have the necessary from the underlying application delivery solution, credentials? In some cases, you may want and are applied when a user starts an application. to base access to a service on additional This gives the user a unified workspace levels of authentication, because the independent of an application delivery solution. application contains too much sensitive information. New Challenges: Confidentiality Focusing on the availability of services to users, Besides the internal user, businesses are both in and outside the office, enhances user collaborating more with other companies. These productivity and business performance. collaborative initiatives will need to share information, and so they need to be supported by However, this approach does pose new challenges IT. The asset-oriented approach tries to make sure to the IT department, and these challenges need to that external threats don’t come in. This is not be addressed. A user now has access to the possible in a collaborative enterprise because company network from outside the office too, but people from other companies do need to get inside some services and their corresponding resources your network. But you only want to grant them should not be available from outside the office. access to the services they need. This requires a different approach— one that starts from the inside Once you have established the availability of a and works out, instead of the other way round. This service to a user, you need to make sure that this is what you deliver with a user-centric security service is only available for those who are approach. authorized. This is confidentiality, the focus of the next part of this whitepaper. You grant a user access to a service, namely the application with its settings. Based on this access, you can then grant the user access to related:  Files and folders  Local storage  Removable storage  Network resources Confidentiality RES Software and Security: v.1.0-9.30.10 Page 2 of 3 Realizing Asset Centric and User Centric Approaches to Security
  • 3. Conclusion The ISO 17799 standard is related to information centric and user-centric. The asset-centric security. This standard defines information as an approach ensures that the infrastructure is asset that may exist in many forms, and that has available, and helps protect it against external value to an organization. The goal of information threats. But in the current versatile user security is to protect this asset suitably, so that environment, this approach by itself is not enough business continuity is ensured, business damage is to make services available to users. Because the minimized, and return on investments is user is working from multiple desktops both in and maximized. According to ISO 17799, information out of the corporate network, a user-centric security is characterized as the preservation of: approach is needed as well. Combining these  Integrity: safeguarding the accuracy and approaches will result in better availability, but, completeness of information and of even more importantly, will greatly improve the protection methods. confidentiality as described by ISO 17799. The user-  Availability: ensuring that authorized users centric security approach is delivered through user have access to information and associated workspace management. This gives the desired assets when required. availability of the services to end users, without  Confidentiality: ensuring that information compromising the necessary security policy. is accessible only to those authorized to have access. Together, the RES Software products RES Automation Manager and RES Workspace Manager As discussed in the previous paragraphs, there are deliver both the asset-centric and the user-centric two approaches in Information Security: asset- security approach. RES Software RES Software, the proven leader in dynamic desktop solutions, is driving a transformation in the way organizations manage, maintain and reduce the cost of their desktop infrastructure. The RES Software award- winning, patented products enable IT professionals to manage and deliver secure, personalized and compliant desktops independent of the underlying computing infrastructure – thin clients, virtual desktops, physical desktops, or server-based computing environments. The company empowers customers, from small to medium- sized businesses to global enterprises, to reduce desktop complexity and meet the essential needs of a dynamic workforce that requires on-demand access to their personalized workspaces. For more information, follow updates on Twitter @RESSoftware and visit www.ressoftware.com. RES Software and Security: v.1.0-9.30.10 Page 3 of 3 Realizing Asset Centric and User Centric Approaches to Security