| ▲ | 9x39 a day ago | ||||||||||||||||||||||
A trend for corporate workstations is moving closer to a phone with a locked-down app store, with all programs from a company software repo. Eliminating everything but a business's industry specific apps, MS Office, and some well-known productivity tools slashes support calls (no customization!) and frustrates cyberattacks to some degree when you can't deploy custom executables. | |||||||||||||||||||||||
| ▲ | bigfatkitten 20 hours ago | parent | next [-] | ||||||||||||||||||||||
That's why this it's been a requirement for Australian government agencies for about 15 years. In around 2011, the Defence Signals Directorate (now the Australian Signals Directorate) went through and did an analysis of all of the intrusions they had assisted with over the previous few years. It turned out that app whitelisting, patching OS vulns, patching client applications (Office, Adobe Reader, browsers), and some basis permission management would have prevented something like 90% of them. The "Top 4" was later expanded to the Essential Eight which includes additional elements such as backups, MFA, disabling Office macros and using hardened application configs. https://www.cyber.gov.au/resources-business-and-government/e... | |||||||||||||||||||||||
| ▲ | michaelt 20 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Then the users start using cloud webapps to do everything. I can't install a PDF-to-excel converter, so I'll use this online service to do it. At first glance that might seem a poor move for corporate information security. But crucially, the security of cloud webapps is not the windows sysadmins' problem - buck successfully passed. | |||||||||||||||||||||||
| ▲ | serial_dev a day ago | parent | prev [-] | ||||||||||||||||||||||
I don’t think locking down slashes support calls because you will now receive support requests anytime someone wants to install something and actually have a good business reason to do so. | |||||||||||||||||||||||
| |||||||||||||||||||||||