The U.S Army gets tougher on enforcing desktop security policy by adding compliance-management software to about 11,000 desktops used at the Pentagon and other facilities in order to monitor for unauthorized applications.
Since early this year, the U.S. Army Information Management Support Center, which supports the Pentagon staff, has deployed software on about 11,000 desktop machines that watches for unauthorized applications. If one is discovered, the monitoring software reports back so an Army oversight group called the Configuration Control Board, which lets the user also know about the discovery so a decision can be made about whether the application should be allowed.
If there’s no justification for using the software, the unauthorized application can be automatically deleted remotely.
According to John Brehm, senior systems engineer at Serco, a systems integration firm aiding the Army in this program, the goal is to identify unauthorized applications and enforce policy while giving users the opportunity to explain why the software is on their desktop.
“A directive came out from the CIO in the Army because there was a lot of unauthorized software running,” Brehm says. “This is potentially unsafe.”
The software selected to assist in this policy compliance effort is Triumfant’s Resolution Manager, which the Army selected late last year and rolled out at the Pentagon between January and August of this year.
The Triumfant software, which the Army is running on Windows Vista and XP machines, works by means of template-based recognition filters that understand what’s authorized to run on the machines, taking periodic snapshots to see what’s there.
If it appears unauthorized software was added, Resolution Manager reports back so that the Army’s Configuration Control Board. “We flag it so it goes through a governance process,” Brehm says, noting the board meets at least every week to make decisions about any newly identified software on desktops.
While users have the opportunity to defend use of applications that may not yet be officially authorized, there do end up being many instances where the decision is made to delete the unwanted applications remotely. “You just flip a switch,” Brehm says. “We’ve removed a couple of thousand cases since February.”