Humans. Can't live with 'em, can't live without 'em.
As important as technology is to the enterprise, IT needs to remember who really does the work: the people at the keyboard. Your job as an administrator is to give end users the resources and services they need to be productive.
The problem is, by giving access to these same resources, you run the risk that the human element will screw things up. What happens if Rick in accounting installs an unlicensed application that's discovered in a software audit? Or Carol in human resources opens an infected e-mail that spreads to unpatched systems across the network? Or Kim in sales loads sensitive company data on a USB drive, which is promptly stolen? Or John in marketing spills a soft drink into a laptop, wiping out the only copy of data on the hard drive?
> Empowering users without losing control
So here's the quandary: You don't want to take away resources that users depend on to stay productive. At the same time, you don't want users managing the security, application environment and policy compliance of their own devices. For one thing, end users don't see updating virus definitions, patching operating systems, performing software audits and the like as part of their job description-and rightly so. And even if they did take on the responsibility, the likely result would be chaos.
Novell believes that IT must keep control over the entire desktop, mobile device and removable storage environment. But here's where we differ from industry trends: Novell also believes-strongly-in keeping the human element at the center of things. That means managing the environment so that all users have exactly the tools they need to do their jobs-without allowing them to make the mistakes that could potentially get them, and the company, in a lot of trouble.
> Drop the Super Glue and step away from that port!
Let's take a simple example. A lot of users these days own personal devices-from USB drives to iPods to smart phones-that can provide portable storage. The IT staff typically doesn't even know about the majority of these devices. In fact, senior management may be the first ones to bring them in, and the last you know about. These devices can be a great boon to productivity, allowing people to take work files wherever they go. But they can also bring a virus or unauthorized application back to your network.
So what's the solution? In a lot of companies, the response of IT has actually been to glue unused USB ports shut. That's a lot of waste-wasted staff time, wasted hardware resources that the company has paid for and, most important, wasted opportunities to capitalize on the flexibility and productivity enabled by removable storage.
Gluing ports shut seals off the human element. That's not the Novell way. In all our technical designs for system security, the needs and risks associated with end users are always the central consideration. In other words, technology is all about people.
> What about Bob?
Putting the human element at the center of technology means resolving several dilemmas. For example, consider all that's involved in delivering a software resource, such as SAP, to an end user who needs it-we'll call him Bob. Coming from a pure technology viewpoint, you just provision SAP to Bob's desktop and let him worry about using it securely and productively. In this scenario, Bob is just another cog in the machine and cogs simply do what they're supposed to do. But if you see the human element in Bob, provisioning the resource so as to maximize his productivity while minimizing risks suddenly becomes a lot more challenging:
- Can Bob access the resource 24/7 to maximize his productivity?
- Is delivery of the resource driven by business needs, in accordance with company policy and any applicable regulatory mandates?
- Is the system flexible enough to allow Bob to move from machine to machine-including his mobile devices and even PCs not owned by Bob or the company?
- Can the system ensure secure access to confidential information even if Bob is using, say, the computer at his grandmother's house?
- Can all these needs be met using automated tools to minimize IT burdens-without introducing latencies that erode Bob's productivity?
IT also faces several constraints while addressing these dilemmas-including reduced budgets; fixed space, power and cooling capacities; and zero tolerance for downtime, sluggish performance or risk to the company's physical and intellectual assets.
> Breaking down the barriers, building in simplicity
With the ever-increasing complexity of the IT environment, the only way to meet all the needs within the given constraints is by managing complexity in a new way. That means losing the siloed approach to managing systems, security and identity-and instead breaking down both technical and organizational barriers to allow a convergence of services around, and in support of, the end user. In our example, that means not only delivering SAP to Bob, but also delivering the identity data, secure access, flexible platform support and other resources he needs-all as part of one cohesive whole.
Patch Management features include:
- automated patch acquisition
- detailed patch metadata
- secured patch storage and delivery
- robust agent-based architecture
- applicable target management and selection
- scheduling options
- strong reporting
- roles-based management
- minimum required patch conformance
The goal is total simplicity for the end user, no matter how complex the IT environment that supports the end user may be. Think of the power grid as an analogy. It's an extremely complex system that only grows more complex and extensive every year. But when the user wants power, it's simply a matter of plugging in or flipping a switch. Not only is it simple to use, but security is a built-in feature of that same simplicity. The user is insulated from all the complexity of the power grid, and thus can use it without being exposed to its inherent dangers.
Novell sees the IT environment in much the same way. As long as you continue to deliver IT resources via segregated silos, you're not only making life harder for both yourself and the end user, but you're also increasing the risk that users will attempt to manage their own devices and resources, putting their systems and your network at risk.
> We've got news for you-Introducing the Secure Desktop Solution from Novell
The good news is that nearly everyone-from top management to rank-and-file users-wants to help comply with your company's access policies and security requirements, even if they don't know how. The better news is that you're in a position to help them comply. And the best news is that Novell makes it easy-for you and your users-because we understand the human element. The Secure Desktop solution manages complexity by consolidating the identity, security and system resources required to deliver applications and services to users.
Asset Management features include:
- hardware inventory
- software inventory
- network discovery
- software compliance and asset management
- contract management
- software usage
Secure Desktop is a fully integrated bundle of leading ZENworks technologies, including Patch Management, Asset Management and Endpoint Security Management. It gives you a cross-platform solution for all your Windows and SUSE Linux end-user devices, consolidating all desktop security functions along three axes:
- Simplify. Novell Secure Desktop removes the burden of complexity from users so they can focus on their work. Users get secure access to the applications and services they need (and only the ones they need), without wasting time dealing with configuration issues. Speed, agility, availability and compliance with internal policies and government regulations-users get it all automatically, wherever they log in, so they can stay productive.
- Control. Business owners and their IT managers retain control over the processes and policies used to ensure secure delivery of services to users. Retaining centralized control not only simplifies things for users; it also helps minimize risks to the company-supporting a total IT environment that's more reliable, predictable, trustable and auditable.
- Maximize Assets. No gluing ports shut; no guessing about software usage and license compliance; no worries about losing data on removable media or a laptop. Novell Secure Desktop helps you understand exactly what IT assets you have and control how they're being used-without denying access to the resources you've paid for. Even more important, it helps maximize your #1 asset-people-by providing them secure, reliable, high-performance access to the resources they need to do their jobs.
Novell Secure Desktop combines patch management, asset management and endpoint security management in a single, integrated solution. By eliminating management silos, it's designed to support best practices for managing the entire endpoint security cycle-from measurement of assets and vulnerabilities to mitigation of risks, compliance and audit inventories, and proactive defense against future risks. Focusing on the human element, Novell Secure Desktop is your most powerful tool to minimize risk, reduce costs, maximize the value of your IT assets, and keep users satisfied and productive.
> Patch Management
ZENworks Patch Management protects network endpoints from malicious exploits while improving compliance with internal policies and regulatory mandates. It manages the entire patch process, including continuous vulnerability assessment using patented Digital Patch Fingerprinting, policy-based remediation and highly accurate reporting. With full support for patches for NetWare, Microsoft Windows, Solaris, HP-UX, AIX and Macintosh, this powerful, automated solution helps you quickly apply the right patches to the right machines across your enterprise.
With your subscription to Novell Patch Management Services, you get automated patch acquisition for a wide variety of platforms and applications, with patches pre-tested, packaged and delivered to you on a daily basis. It's easy to implement, even in a mixed environment, because you can target just the machines and operating systems you want. For example, you can keep your existing Windows XP and 2000 machines secure and productive as you migrate to new Vista machines-while keeping Vista secure and productive as well.
"The five bulletins released today contain fixes for a total of eight vulnerabilities, and come on the heels of last week's out-of-band update.... The fact that some of the vulnerabilities affect Vista is proof that while the new OS features security enhancements, users should not get cocky."
Strong baselining and reporting capabilities provide confidence that each machine is up to the required level of patching, while allowing you to document the state of your environment at any time. Instead of the chaos of manual patch management, you can rely on full automation to always know what's going on, deploy patches quickly to fend off zero-day exploits, and keep your user environment stable and predictable.
> Asset Management
The unnecessary cost and security risks associated with assets you don't actually use can be substantial. And when you face software audits from BSA, SIIA and others, the risks and costs associated with assets you do use-but don't own-can be even greater. Using ZENworks Recognition technology, Asset Management allows you to immediately detect unauthorized software, OS and Office service pack levels, antivirus/spyware definitions and other potential risk exposures.
The solution integrates asset inventory, software usage and license reconciliation to provide a complete and accurate view of software installations and license compliance. Knowing exactly what you have allows you to take control of license compliance and eliminate software overspending, so you purchase only the licenses your organization needs and eliminate risks you definitely don't need.
> Endpoint Security Management
The Secure Desktop provides a full suite of driver- and application-layer endpoint security tools, all under strict IT policy control via a single, easy-to-use management console. You get the most advanced security available for the entire device environment-including the operating system, software, hardware, communications and both wired and wireless connectivity-without depending on end-user training and compliance to keep security features turned on and correctly configured.
Our application control includes both whitelisting and blacklisting technology-so you can ensure that only approved applications run on corporate IT assets. You can even enforce antivirus, antispyware and VPN applications to run before connecting to the corporate network or Internet. USB control prevents intentional or inadvertent transmission of data to removable storage devices, allowing you to place storage devices in read-only mode or disable them completely.
Endpoint Security Controls include:
- Personal firewall—providing the world's strongest, easiest-to-use protection against malicious exploits
- Wireless security—including the ability to limit connectivity to authorized access points
- Data encryption—protecting unauthorized access to data on the wire, over the air, on removable media and on the device itself
- USB security—controlling the data that can enter or leave the enterprise via removable drives
- Application control—providing whitelist, blacklist and enforcement features to ensure complete IT control over the runtime environment
- Client self-defense—ensuring that security features can't be altered, hacked or uninstalled
- Port control—securing LAN, modem, Bluetooth, Infrared, 1394 (Firewire), serial and parallel ports
- Alerts monitoring—creating, distributing, enforcing and monitoring security policies without forcing users to configure their own security
- Reporting and audit tools—ensuring and documenting compliance with internal policies as well as SOX, GLB, HIPAA and other regulatory mandates
Our driver-layer stateful firewall opens communication ports for authorized network traffic only, while completely hiding endpoints from port scans and other intrusions so hackers can't even get a toehold. In fact, with complete administrative control over LAN, WLAN, modem, Bluetooth, IRDA, Firewire, serial, parallel and USB ports, you can create an unbroken security perimeter around the entire endpoint. Users are more productive and secure, even when working offsite using public Wi-Fi hotspots. And they stay secure, thanks to self-defense technologies that prevent security features from being altered, even in safe mode or with an administrative login.
> Managing Complexity: Simplify, Maximize and Control
Consider these facts:
- Computer and data theft now rank second only to automobile theft in the U.S. (FBI and Computer Security Institute).
- Seventy percent of all computer attacks, security breaches and data thefts originate inside the firewall (Security Leaders and Laggards Survey, Yankee Group).
- Ninety percent of exploits occur through patch-related vulnerabilities (CERT 2005).
- Cleanup costs for a single exploit for a 1,000-node network average US$280,000 (2007 CSI/FBI Computer Crime and Security Survey).
- Fifty-three percent of organizations say they would never be able to determine what data was on a lost USB device (Ponemon Institute).
- Virus attacks, unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property account for more than 74 percent of financial losses (2007 CSI/FBI Computer Crime and Security Survey).
Why become a part of these statistics-especially when it costs more to remain vulnerable in a siloed IT environment? The Secure Desktop Solution from Novell gives you an elegant, integrated solution for managing complexity-so you can simplify, maximize and control devices for the benefit of the end users who drive your business. And that helps the human element truly shine.