The lead up to Windows XP’s expiration is causing a frenzy among the many businesses that are still running on the retiring operating system. Recent statistics show that XP still represents more than 30 percent of market share; unfortunately, the infection rate is six times higher than that of Windows 8 and two times higher than Windows 7.
This means that every day that passes once Windows XP support expires will bring new risks to businesses that haven’t upgraded. As a result, we’re increasingly seeing IT departments starting or completing their migrations to Windows 7 in order to prevent huge customer support costs and minimise their attack vectors and risks of downtime.
Putting Users First
In addition to preventing security risks, there’s another significant benefit to moving to Windows 7: user empowerment. We’re seeing savvy organisations use the migration period as an opportunity to transform into a user-focused environment, rather than one that is IT-led. There’s an increasing interest among C-level executives in re-examining their IT postures and ensuring they are effectively empowering their users to be productive.
Many are finding that the Windows XP migration is the perfect opportunity for IT to ask the hard business questions: “Am I providing my users the technology they need to do their work effectively?” and “Is IT providing adequate support for end users, or wasting time on service requests?”
Driving this interest in user-focused service is the changing nature of today’s technical-savvy workers, who expect their IT departments to match the flexibility that they achieve from their own personal devices. Whereas employees once used the applications granted to them, they now demand elevated access to applications that aren’t always within the scope of IT authorisation.
In fact, survey statistics prove that Gen Y “Digital Natives,” who grew up on the Internet and with unlimited entrée to social media sites, are the most likely to demand elevated rights in the workplace.
Revisiting Privileged Accounts
But the more research that is generated, the more obvious the dangers of granting excess IT privileges become. This leaves IT grappling to find the balance between too much access and too little access – while also meeting the demands of a generation expecting technological autonomy.
Getting rid of administrative rights completely has tremendous security benefits – from defending against malware and next-gen security threats like drive-by downloads and DNS poisoning – not to mention the compliance drivers and cost benefits. But this strategy takes the reigns out of the hands of the users, depleting productivity and hurting the business bottom line.
So, as more organisations complete their migrations, they’re using the opportunity to revisit their approach to IT privileges in order to accommodate this new breed of user and find the middle ground between security and productivity.
While existing policies like User Account Control (UAC) apply standard user mode across desktops whenever possible, it’s plagued by many limitations, including a lack of a centralised, policy-driven framework, leading to a rise in helpdesk calls. What’s more, for admin users, UAC provides confusing messaging that force users to blindly consent to prompts, wherein they unknowingly install unlicensed software and malware that can infect the network.
Further, while standard user mode upholds security, it depletes employee flexibility and usability. Locking users down completely prevents them from accessing some Windows features and legacy applications that still require administrative rights. At employees’ requests to have more access, many IT departments deliberately keep full administrative privileges in place in order to drive down helpdesk calls – but this leniency manifests as a freeway for malware to infiltrate the network.
Balancing Security With User Empowerment
In this era of user-focused services, we are seeing more IT departments understand the risks of locked-down users who will just circumvent policies in order to get their work done. In response to this, many of them are creating environments that provide the flexibility and control of administrative rights, without actually giving them to users.
A goal that extends the bounds of one technology, the least privilege methodology takes into account both security and productivity to ultimately enhance the way employees work and IT operates. This method is ideal for making the workplace as user-friendly and secure as possible, as rights are granted to applications, not users, and can be elevated on-demand to ensure employees have all the resources to do their jobs— but nothing more.
In one particular scenario, a university’s IT team employed least privilege management to create a Trusted Source environment for users in one department as they migrated to Windows 7 from Windows XP. This enabled employees to build their own desktop from their own application store – similar to Google Play and Apple’s App Store – while working in standard-user mode.
When requests were made for a new application download, the IT department responded with customised messaging using university branding to personalise the process, educate the employees, and uphold the dynamic, user-first ecosystem.
Employees saw productivity benefits immediately, as they were able to manage their own desktops securely and get help quickly. Now, colleagues are increasingly sharing their positive experiences and as a result, users in other departments are driving demand for the creation of a broader Trusted Source landscape.
Much has already been said about the challenges ahead for Windows organisations as they inch closer to XP’s April 8th expiration date. The labour-intensive process of upgrading an operating system that is three generations behind will certainly demand additional time and effort from IT professionals.
But, there’s no better time than now to use the transition period and capitalise on the burgeoning “user-first” mentality that is reshaping many IT environments. With a new approach to IT privileges, organisations can harness the talents of tech-savvy employees demanding more access and power. Most importantly, this freedom of choice does not have to come at the expense of security – granting admin rights to applications themselves instead of users will both protect employees and empower them to be productive, preserving their autonomy and ultimately boosting the business bottom line.