Locked Down Desktops - The Ultimate Panacea? Orginally posted on the BCS Website on 8 Dec 2008
Take this scenario... Helpdesk receives a call from an irate user. The user is angry because they've 'got back from lunch and now nothing works'. The helpdesk person takes down all the users information, including an attempt to log something more definable than 'nothing works', duly log the call, and passes it up the support chain.
Of course when the floor support person (or 2nd line, or whatever he or she is called in your organisation), arrives at the users desk, they are subjected to a barrage of how IT have broken their machine, and that the user cannot work and it's ALL ITs fault.
The support person offers calming statements, and politely offers to sit down at the user's desk and look at the problem. After several minutes of the usual fault finding, the support person locates the problem - an add-on has been installed into the browser, which is causing the browser to behave erratically and lock up. As the user primarily works with web based front ends, this is causing them not an insignificant amount of inconvenience. The desktop support person notes, for the sake of this example, that the add-on is a file called 'online_poker', and certainly not something the organisation would have installed as part of its routine updates. The user denies any knowledge of this add-on, and the support person quickly disables it and moves on to the next call, knowing that to argue about how it got there would be pointless, and would run the risk of angering the user even more.
Sadly this scenario is all too common, even in fully maintained environments. As much as we'd like to, it's simply not possible to force a locked down environment on all the users. In many organisations, there is still reliance on legacy software that just doesn't run on locked down desktops, no matter how hard the admins try to get it work, all too often we hear management saying, 'just relax the security - the user is demanding that we supply them this software'. Additionally, a lot of organisations simply don't have the budget, headcount or in-house skill set to trap and block all the auto-updaters that creep into the many things that a standard desktop needs. Java and Flash by default come with auto-updaters enabled, as do many other little plug-ins that make modern computing so 'simple'.
Equally, there are always those teams of users for whom a locked down environment is unworkable, such as back office developers. Granted the majority of users CAN survive in a locked down environment - but it is not the ultimate panacea.
Of course there are ways of forcing a standard platform; Citrix and other forms of Virtualisation spring to mind, but again these platforms require expertise and a significant amount of up front work to make them viable - a lot of organisations simply don't want to commit to that sort of infrastructure change, especially if they are not currently performing any virtualisation at all. So the IT department simply soldier on, dealing with each individual problem as it crops up, and not really solving the overall issue.
I think many would agree that a return to thin clients IS the best way forward, especially as a lot of day to day office work has moved into the web browser. It would mean a saving on IT support costs and hardware purchasing/maintenance costs. Plus the overall saving on electricity costs as thin clients typically run on about one fifth of the energy the average office desktop does. Many organisations want to improve their green credentials - switching to thin client technology is a great way to achieve this.
The trouble is as mentioned previously - it's a large mountain to climb. Senior IT management need to look further than this year's budget and see the long term benefits.
Enter Your Comment
|
|
|