FullArmor offers Web-based endpoint policy enforcement and compliance

In his article, “6 Hot Technologies for 2006: Microsoft’s Group Policy,” John Fontana wrote, “Group policy is one of the rewards given to IT execs for their hard work in cracking the complex deployment of Active Directory.” Microsoft’s product Group Policy provides more than 1200 settings that allow an administrator to manage and customize servers and desktop computers from a central location.

The greatest benefit of Group Policy is that enterprises don’t need to purchase and maintain a separate policy management system for endpoint security and regulatory compliance. However, deploying and configuring Active Directory, which requires an instance of SQL Server, is no easy feat.

What if you want all the benefits of Group Policy, but you don’t have or are unable to deploy Active Directory? Or, perhaps you do use Active Directory, but there are devices in the field that are rarely connected to your directory long enough to receive the necessary management updates. Now there is FullArmor PolicyPortal, which allows administrators to secure and configure all endpoints via the Internet, with or without Active Directory. PolicyPortal also monitors and provides easy-to-understand reports on whether policy standards are in force on individual machines.

Roaming users present the biggest threat to a network, according to FullArmor CTO Danny Kim. “These users are often disconnected for long periods of time, and they miss getting vital security updates on their devices. You wouldn’t want them connecting to your network if they don’t comply with your corporate security and configuration standards,” Kim says.

PolicyPortal leverages the Internet to deliver policies to all sorts of disconnected or remote devices, including kiosks, automated teller machines, laptops, and home PCs. PolicyPortal provides support for devices running Windows 2000 or higher operating systems. Support for Windows mobile, Palm OS, RIM devices, as well as Linux and UNIX based devices is reportedly in development.

In addition, PolicyPortal can secure and configure devices on networks that aren’t running Active Directory, or for that matter, aren’t even running the Windows 2000 server operating system or Windows Server 2003, including Novell NetWare environments.

Rick Neubauer, president of ITility, calls PolicyPortal “a one-of-a-kind product.” ITility provides a range of IT services for small companies. “We are basically the IT department for our customers,” Neubauer says. “We offer the capabilities of a large IT environment without the customer having to buy the hardware and software. We deliver ‘proactive IT’ for a small monthly fee.” ITility remotely manages its customers’ computers and prevents problems by doing regular maintenance.

ITility has been using PolicyPortal since its release several months ago, and it has been a great asset for the company. “Before we deployed PolicyPortal, we had to use script logic to remotely manage our customers’ PCs and servers. It was expensive and complicated. PolicyPortal is way more cost effective and provides far more functionality.” Neubauer estimates the cost of PolicyPortal to be one-third of his previous solution. “Now I can offer more services to my clients at a lower cost.”

For small and medium enterprises that must comply with regulatory or industry requirements like Sarbanes Oxley, HIPAA, or GLBA, PolicyPortal provides a cost-effective and automated solution for reporting on the status of endpoint security controls. The PolicyPortal console, which is accessible via a Web browser, presents policy compliance data on individual and groups of machines in a graphical and intuitive format that can easily be understood by non-administrators and IT auditors.

A complementary product from FullArmor is IntelliPolicy, which provides extensions to Microsoft Group Policy. ITility uses IntelliPolicy for creating and maintaining standardized desktop configurations. “IntelliPolicy helps us quickly set up new PCs for our clients. We use it for complete profile management,” Neubauer says.

Rounding out the trio of FullArmor products is GPAnywhere, which makes Group Policy as well as IntelliPolicy “portable.” If you have deployed Active Directory, you can use GPAnywhere to enforce policies on all sorts of mobile or remote devices that are temporarily or permanently disconnected from the directory.

Using Internet technology and Web services, FullArmor enables enterprises without a directory infrastructure to gain access to the centralized, automated benefits of directory-based policy enforcement. PolicyPortal makes it possible for smaller enterprises to acquire IT capabilities that traditionally were the purview of very large organizations with deep financial and human resources.

Read what my Network World colleague Dave Kearns has to say on the subject in his Windows Networking Strategies newsletter. There’s more information in Top Tech News.