Winning the Fight Against Unauthorized Applications

May 5, 2009

I read an article in CIO Magazine about businesses losing the fight against employee applications.  The gist of the article is the loss of bandwidth and the other distractions caused by user installed programs and things like YouTube.  The story cited a survey by Palo Alto networks that found that 82% of the businesses surveyed had an average of six peer-to-peer applications.

None of that surprised me, as our experience is that organizations have easily ten times the number of applications running on endpoint machines that even their worse estimates.  Triumfant Resolution Manager does a stellar job of cataloguing all of the applications running on the endpoints, and that process always leads to lively discussions and discovery.  One customer swore that they only had 150-200 applications running on their endpoints, and we found over 9,000 unique applications in a population of 6,000 endpoint machines.

Unauthorized applications have always been the bane of IT support teams, as the introduction of new applications may cause conflicts that detrimentally affect system performance or create conflicts with other business applications that result in outages.  Having to manage these problems translates to a real and significant expense for the organization.  Recently, applications that are based on peer-to-peer communications have been shown to be the source of vulnerabilities and have been the direct cause of data breaches such as the leakage of the Marine One Helicopter plans.  It is clear that unauthorized applications create unnecessary expense and risk for the organization.

What does surprise me is that the story was about the problem being fixed by advanced firewall capabilities.  Granted I am no expert on firewalls, but how is a firewall going to eliminate unauthorized applications?  Managing unauthorized applications comes down to two inseparable things: sound policies and a tool to continuously enforce those policies.

First, organizations have to come to terms with personal use policies and the growing presumption that use of a personal computer means that it is the employee’s personal machine for their personal use.  It is a given that if an organization does not have personal use guidelines, employees will load anything and everything on their endpoint machines.  Particularly if everyone has Administrator access to their machine which is another whole topic of discussion.  So unless you have a set of personal use policies – install authorities, a whitelist of acceptable applications, zero tolerance of peer-to-peer applications – that are well defined and have some teeth, this problem will be yours forever.

I find the whole personal business on a business machine to be perplexing.  I have my own laptop that I use for my personal business.  My music, my personal email, and any other personal applications are on this laptop.  If I want to check my personal mail at lunch, I bring this machine to the office.  I do not want my personal business on a company machine as much as the company does not want my personal business on their machine.  Is it a pain to carry two laptops?  You bet. B ut that, as they say, is how I roll.  But I know I am an exception and many now come to consider the laptop handed to them by work as their personal playground.  So cranking up some personal use policies may be seen as a “take-back” to the employee base, but you will have to stop the tide some timeas there is simply too much risk to the organization to do nothing.

Second, you need a tool to enforce the policies.  There are many whitelist/blacklist tools on the market that will manage what applications can be installed on a given machine.  Triumfant does a great job of managing applications on endpoint machines, and we have a customer success story on our web site where we manage applications on 12,000 endpoints for the Pentagon by the U.S. Army Information Management Support Center (IMCEN).  Triumfant detects and removes unauthorized applications, and policies can be tuned by work group down to the individual PC level to accommodate exceptional cases and specific working requirements for different teams.  For example, it may be policy to eliminate Skype from all machines except for those endpoints used by the teams that do extensive international travel. 

Having the right policies in place and the right tool to enforce those policies can make the task of controlling unauthorized applications much simpler and far less expensive than handling the problem reactively.  IMCEN tells us that Triumfant saves them $8 per machine per month in human costs of managing unauthorized software.  It is possible to effectively manage this problem and save human resources!  Best of all, organizations can significantly reduce IT security risk by eliminating these unauthorized programs.

1 Comment | Endpoint Security | Tagged: , , , | Permalink
Posted by Jim Ivers

Triumfant Selected by Gartner as a “Cool Vendor 2009″

March 17, 2009

Triumfant received word that we were selected as a “Cool Vendor” for 2009 in the Cool Vendors in IT Operations and Virtualization, 2009 report (http://tinyurl.com/CoolVend). Given that being designated “cool” is, well, cool, we are excited. Of course, the study itself is copyrighted property of Gartner, so I invite you to view the study through your paid subscription to Gartner.

Triumfant has received a lot of attention about our security capabilities in the recent months, specifically our ability to detect and remediate zero day malware. But the ability to identify and fix operational issues before they become a trouble ticket is at the foundational core of the formation of the company. So it goes without saying that we are delighted to be designated “cool” in this particular area of application for our solution. In tough economic times, the ability to detect, analyze, and repair problems with no human intervention has real value in the area of IT Operations and Services Management. Reducing trouble tickets by 20% to 40% is something organizations can easily quantify in regards to real dollars saved.

Much of the things that make Triumfant useful and noteworthy in IT Operations are also applicable in security (specifically security configuration management) and we think that makes a product like ours a great value for our customers. There is clearly a convergence of operations and security which we see in varying degrees of maturity as we visit customers and prospects, but it is happening. So having a single solution like ours that addresses both ends of this coming convergence is, in a word, cool.

I guess what I am saying is that we think that our “cool” is not limited just to IT Operations. Of course, that is an unofficial extrapolation on my part. But one I think is easy to defend.

Leave a Comment » | Endpoint Security, Incident and Problem Management | Tagged: , , | Permalink
Posted by Jim Ivers