Report: Unauthorized Apps Run Rampant on Many Enterprise Networks - Desktop Security News Analysis - Dark Reading

 

In reading this article, I find this the case at many companies even here at Microsoft.  Employees will often bring in programs that are not part of the corporate suite of applications.  It could be a program to sync their Zune or dare I say iTunes music to the their device or it could be an application that they find useful.  The problem with these unknown applications is the impact they can have on the corporate infrastructure.  This Dark Reading article deals with the security downside of these applications.  But unknown applications can affect the corporate infrastructure in other ways.  The first is the availability of resources and the second is the impact on the help desk.  Availability of network bandwidth and network disk space can be dramatically affected by rampant applications.  Think about the applications that can stream media across the network to an individuals desktop.  One person doing this may not be a problem, but a significant number of employees streaming media can create rapidly absorb the available bandwidth.  The same can also be said of network drive space if employees save media to corporate resources including their workstations.  Help desk personnel also have to contend with these unauthorized applications.  The unauthorized applications can affect corporate applications or change default settings.  These changes can affect the ability of help desk to resolve the problem quickly.

So what is the IT department to do about these unauthorized applications.  The first step is get the executives in the corporation involved with the message to employees concerning unauthorized applications.  Without this buy in from executives, an program to reduce unauthorized applications is doomed to failure.  The second step is have a process in place to get exceptions approved.  In some organizations the process for getting an application approved was long, tedious and difficult.  With this type of process, employees were willing to take the chance of using an unapproved application rather than getting approved.  The third step is inventory what is out there.  This is where System Center Configuration Manager can be an invaluable tool.  Using Configuration Manager, the IT department can gain very good inventory of what applications users have installed.  They can use this list as a guide to reducing unapproved applications.  Using these steps along with other security related initiatives, the IT department can reduce the effect of unapproved applications.

Here are some other ways to reduce the impact of unapproved applications

  • Remove administrator privileges for end users so they can install applications.
  • Use ISA as a forward proxy and a plug in such as Websense or Surf Control to remove access to non-business  web sites.  The next version of ISA known as Threat Management Gateway will have this built in.
  • Use SoftGrid Application Virtualization to reduce the impact of adding new applications to the corporate environment.
  • Educate users on the policy and the downside of unauthorized applications.