LTU Faculty Lounge: Policy Number One

Sunday, April 24, 2011

Policy Number One

One of the most effective desktop policies available to an admin is to shut off browser access to the Internet. Where access is required to perform a job function, get a specific list of domain names that the user needs to be able to navigate to and allow access to only those sites. With this one small move, you will have eliminated the biggest security threat to that desktop and created a much more reliable environment.

"My customers will never go for that!", you say? Well they may, if you present it in a manner that demonstrates value to their bottom line. While the advantages of doing so may be obvious to us, very often the business owner doesn't fully understand them and is instead focused on the downside of telling his employees they can no longer browse the Internet from their desktops.

But if your MSP offering is priced based on risk, you can offer a "safe driver" discount to customers that allow you to enable this policy. With this move, you've given your customers a powerful incentive to help you, help them. This, in turn makes for a much safer environment and one that will require less management on your part.

There is a 'have your cake and eat it too' option. Just enable a secured wireless access point (secured being DMZ'd from the production network, firewalled, etc...) that allows guest access to the Internet. Now your customer can opt for the Internet-less option for their business machines but 802.11 devices like phones and iPad's will have Internet access. Another option is to enable a secured Terminal Server for browser usage. While not wholly risk free, this option mitigates many of the risks inherent with open browsing and can be used on policed desktops transparently.

Technical Realization: Build a desktop policy that blocks Internet usage using direct registry writes. Use LabTech scripting to apply those writes. Associate with group (as with any other offering) and use Extra Data Fields on the Computer Object and the Client Object to allow for exceptions.

Business Alignment: As said, this product provides direct incentive to customers to make their desktops more secure. More secure = more reliable = less costly = Win. Who knows.. perhaps they'll even like it!

No comments:

Post a Comment

About

WHO IS LABTECHROB? My name is Robert Siegmund and I'm a trainer working for LabTech Software. I've been with the company since its inception in February 2008 and in that time, have worked various roles including sales, support and operations. Before working for LabTech my roles have been equally various; I've been a single-proprietor IT support consultant, a tech in small and medium sized IT Support companies and a network developer and part of the team that provided the last level of IT support for a Fortune 500 where we were ultimately responsible for managing over 11,000 machines.

While my official role is currently trainier, you'll find my face in community, my code on your server and my philosophy in LabTech's best practices. It is my goal to share my experience as a LabTech employee running these roles in the hopes this will help build and strengthen your MSP business. My premise is simple: supply only the technology you can deliver with certainty and excellence, make sure it scales while remaining configurable and lock down those workstations! Combine this approach with a marketing team that sells a 'boring workstation' (it does today what it did yesterday) and you will have a product which can be sold anywhere there's an Internet connection and one that can undercut any existing competition.

This blog will explore the business and technological aspects of providing MSP services as well as an occasional snark at anything that particularly annoys me. As this blog is an unofficial blog and is not to be legally associated with LabTech Software, the company, PLEASE DO NOT TAKE ANYTHING WRITTEN ON THIS BLOG AS OFFICAL LABTECH POLICY, PUBLIC STATEMENT OR OTHER! I'm just a guy who happens to work there, writing his thoughts on teh internets.

WHAT IS LABTECH SOFTWARE? LabTech Software makes the best bedrock on which to base your MSP Service Providership upon. Bar none. Please refer to http://www.labtechsoftware.com/ for more information.

GOT COMMENTS? Send a note to LabTechRob@gmail.com.