In the subsidiary of a construction group, a team of developers has been provided with one Windows workstation with admin rights to simplify their work. Admin rights gave the team enough privileges to modify the configuration of the system, (un)install software, disactivate security programs including firewall and antivirus, or even restore the system. This situation conflicts with the Group security policy and increases risks of system compromise (trojan, malware vulnerabilities, leak, privileged escalation...).
To mitigate the risks, the Group CISO would frequently conduct security audits to monitor these workstations. The procedure was time-wasting for both the CISO and developers.
The situation impacted on the developers' productivity as they also lacked the proper tools they needed.
The CIO wanted to give developers a proper environment strictly separated from the IS. They needed a workstation with both the Group master, and the Linux environment. It became a priority when the worst eventually happened: a dev’s workstation was compromised.
They want to find a solution that satisfies the end-user and helps the company comply with the regulation
Kerys’ technology provides developers with two separate environments in one machine. One is with the Group master and the other with the Linux environment. YS::Desktop by Kerys Software enables a detailed, granular permissions policy for each domain. This was one the key assets that influenced the CISO decision to deploy the solution.
The other asset was that Kerys’ YS::Desktop was fully deployable and operational. The solution meets the main cybersecurity regulations and is designed for secure frictionless user experience.
The UI is intuitive to navigate, and the swipe makes environment switch easy. The performance is so close to native, the users forgot they work on Kerys’ VM: they experienced no glitch, no lagging, and full control over the domain.
Meanwhile, keeping the Group master on developers’ workstations has facilitated audits process for the CISO.
The Linux environment is configured and adapted to specific developers' uses. The CISO can use the privilege management control console to grant privileges that meet the needs of a particular department. The CISO can also downgrade the security policy in a selected environment if necessary. They are reassured knowing that the IS is safe.
The subsidiary benefits from improved user experience for the developers' team, while helping the Group CISO save time for the auditing process. YS::Desktop offers the CISO the opportunity to precisely attribute privileges. They are now also able to provide the service with an environment that fits their business needs, without compromising the business security.