Endpoint Management: When Four Eyes Are Better Than Two
rohanr 270006VQEF Visits (1555)
Have you ever tried to make a large withdrawal from an ATM only to be declined? It’s probably because there are automatic safeguards in place for large withdrawals to prevent misuse and financial damage—in case a merchant makes an error charging you more than they are required to; or if your card and access details were compromised and fell into the wrong hands. You’ll likely have to get approval from the bank manager in person in order to make a large withdrawal. This allows the bank to verify that only authorized individuals are accessing your account.
Similarly, there needs to be an approval system in place when any major software maintenance or upgrades take place within your organization. This two-level authentication ensures that there are no untoward incidents that cause downtime or loss in productivity.
Recent press has exposed both accidental and intentional misuse of certain endpoint management tools, resulting in tens of thousands of PCs and servers being negatively impacted. These incidents have resulted in significant downtime and reallocation of IT resources to address costly business disruptions that have resulted in major financial setbacks.
Some recent examples:
The obvious question is, “Why would the management tool allow this to happen?”
IBM Endpoint Manager prevents these kinds of incidents by requiring admin authentication, and even provides a Four Eyes Approval feature, which is used to prevent console operators from unilaterally taking actions on the endpoints within their control. Once this feature is enabled, console actions will require the approval of a console operator who is also a member of a specified "approver" Role.
With this two-step authentication process, any untoward incidents can be prevented by the oversight of a secondary supervisor who ensures that the primary operator has taken all the right steps before rolling out a new update or system change to thousands of endpoints that could affect day to day functions of the organization.
Find additional information here (htt