Organisations should strive to do so without losing sight of the overarching aim: to enhance security, without that causing an increase in service desk calls.
The way to achieve this is not only through the design and structure of the user groupings, but also by giving careful consideration to what happens when a user crosses a line and comes into direct conflict with one of the rules.
This is where good decision-making at the remote access level comes full-circle. Enterprise-grade remote access tools often come with additional capabilities such as mechanisms to handle security features such as the Windows Secure Screen often encountered during a User Account Control (UAC) screen and session recording. Session recording is useful as an audit trail feature of who did what and when, as well as a future training aid for the service desk in case they ever encounter a similar incident in the future. However, session recording has other uses as well. In particular, the functionality can be repurposed to record tutorial-style videos that can be
served up to users to guide them through certain scenarios.
To provide an example of where this would be particularly useful: Imagine an employee with low flex permissions that might try to access an unapproved application. They would be displayed a message that their use of the application requires additional approval. A well designed workflow would then suggest self-service methods the employee could avail themselves of. This could include linking to a recorded video of the steps to follow to get a particular application approved for internal use. Alternatively, the same exception handling process could automatically generate a service desk ticket via an ITSM tool. This provides a solid, seamless experience for employees, while enforcing security standards, keeping the organisation protected, and not creating additional workload for the service desk.
If this is the employee experience of IT and service desk interaction, then it can be said the organisation is well on its way to be considered to be best-practice.
Scott Hesford is Director Solutions Engineering APAC for BeyondTrust.
Based in Melbourne, Scott has more than 15 years’ experience in the IT industry and in his current role supports organisations to mitigate the risk of security breaches by securing privileged identities across the hybrid enterprise