The University of Winchester has reduced IT management overheads while delivering a campus-wide IT security policy. Ian Short, Applications Infrastructure Manager for the University of Winchester says: “Our security policy is very much prevention rather than cure: we have to protect and support around 1800 Windows desktops, across approximately 8000 students, around 1000 members of staff across 16 different departments and over 160 applications. As well as running Windows on the desktops, we also have Windows back-end servers running in an Active Directory environment. We are quite fortunate in that we have not had any security breaches, but there is no room for complacency. For instance, the network is set up so that both staff and students cannot just connect their own devices to back end systems and access is limited to the internet, since much of the content that students require is available online anyway, this does not limit what they are able to do.”
Several years ago, the university identified the fact that managing user administrator privileges was a way to make its security more robust and minimise the risk of malware attacks. However, the university could not lock down the network, because of the flexibility that some users require. Some staff, typically the very IT-savvy, need their privileges to be elevated so that they can install and manage applications themselves.
Short adds: “Also, while we could see the need to manage privilege, there was a concern about ensuring it did not create further additional administration workload.” The university began a market search to find an approach that would automate the privilege management process as much as possible yet remain flexible without increasing management overheads. The university selected BeyondTrust PowerBroker for Windows Desktops and Servers, a centralised solution that uses a ‘least privilege’ model.
“Since we took that step, we have completely removed automatic administrator rights among our users, while simultaneously providing adequate rights to perform the tasks that students and staff need,” says Short. Some of the key uses include elevating privileges for staff using multimedia packages in its multimedia centre, 30 applications on their desktops, and around half a dozen Windows functions.
“The net result is that no longer do we need to ‘punch holes’ in our security in order to complete certain tasks. The added bonus is decreased time spent dealing with user support issues, meaning that the team can spend more time on other activities.”
