So, when is a DEX tool, not a DEX tool?
The answer: When it’s a security hygiene tool.
What has security got to do with DEX and visa-versa? There’s a big hint in the name. Digital Employee Experience (DEX). Anything that negatively impacts the employee's experience using their device to achieve their goals is bad. A frictionless experience is good.
Security and DEX have an interesting relationship. Security traditionally doesn’t care about end-user experience. This in turn, often means that end-users who are more focused on getting things done in the quickest, easiest way possible, don't prioritize security.
The end-user is typically the weakest link in any organization's security environment. When DEX and Security clash, some users will actively seek to remove security controls to make their lives easier.
So, how do we try to resolve this?
The 1E Platform is an excellent security hygiene solution. For example, let’s say that we have an environment where:
- End-users are not allowed to have local admin rights to their devices and
- The use of USB drives is prohibited
We can make it so that with a user-initiated self-service request, pre-approved users can get local admin immediately. This ensures both good security control and a good end-user experience.
Let’s say that this user for whatever reason decides that they want to update the registry to enable USB drives. Although they are now an admin, the second control won't allow that change to take effect. The registry will be updated by the user and a few milliseconds later, will be reverted to the required state.
The only way for that local admin user to get their USB drives to work will be to log a request. Again, this could be self-service, and again, based on the user's AD group membership or similar, this can be provisioned for them in real-time (literally milliseconds).
This means that “draconian” security controls can be in place, but the end-users who have valid business needs for an exception can get those exceptions, in real-time, with proper logging, auditing, and re-enablement of the control after a predetermined period of time.
Other typical security hygiene tasks, such as managing SSL certificate expiration, enforcing minimum security hardening requirements, ensuring that critical security-related services are running or that patches have been deployed, can also be handled by the same 1E Platform that improves device performance or handles issues with MS Teams for users. Even when users with local admin rights want to disable or stop those controls/services, the 1E Client can keep them enforced—even if the device is taken off all networks by the user!
By using the 1E Platform, alerts can be end to security teams (or a platform like Splunk) and communication can be held with users in the context of what they are attempting. We can inform them that they can't do what they are trying to do, why they can’t do that, and (if valid) the proper process for getting an exception.
When we can get security and user experience working well together, we can have users working within the required structures, with appropriate auditing and exception handling, and we can have devices that are more secure.
