Having grown up in an age of lurching software advances, ubiquitous communication and social networking, this is not a group easily dissuaded from using any and every application by the old reasoning that software can be a ‘bit risky.’ The same applies to their attitude to BYOD, a trend driven by the basic social reality that workers of all age groups now depend on personal devices such as smartphones and tablets and won’t take happily to the idea of being asked to leave them at home.
If the ‘Generation Y’ label sounds a bit glib there is a small but growing body of evidence that a worker’s age does play some role in shaping attitudes to technology. A recent survey by Avecto of 1,500 IT admins visiting the TechEd US and European conferences found that workers between the ages of 20 and 35 – the Gen Y demographic - were seen by 80 percent of professionals as posing a formidable obstacle to application security.
Why? The tendency of this group to download unauthorised apps was the first big concern, with nearly forty percent of admins reporting having experienced a malware incident because of this behaviour. Three quarters of admins weren’t even sure how many unauthorised applications had been downloaded, which renders the issue of the damage caused almost moot.
It’s not necessarily that older workers don’t participate in risky behaviour as well but that Generation Y is perhaps more active and confident in finding applications for themselves and utterly convinced of their right and need to have them. The survey implied that many admins try to cope with this by ‘flying blind’, that is they look to manage assertive users using manual procedures based on assumptions and trust. Without tools they have no obvious alternative.
Because Windows applications often demand privileges when installing or updating quite basic applications and add-ons, the easiest if most extreme response is to either fully enable or completely block such privileges. Some incorrectly assume that only esoteric apps still ask for admin rights but this is far from the truth. Here are a few common examples that will ask for privilege elevation:
- Flash Installer/Updater
- Apple iTunes
- Google Chrome
- Adobe Acrobat Updater
- Blackberry Desktop Manager
- Citrix GoToMeeting
- Cisco WebEx
- HP Universal Printer Driver
- VLC Media Player
- Adobe AIR.
The common solution to this software checkmate that has been available since Windows Vista and Windows 7 is to allow privilege escalation on demand through User Account Control (UAC), but this too comes at a price; admins are bombarded with requests for passwords to elevate application privileges without the visibility to know whether a specific request is justified. Generation Y, meanwhile, is frustrated at even having to ask.
Migration to Windows 7 has turned out to be the important moment where organisations reassessed hardened assumptions about the way employees use and access applications and a growing number have concluded that the rational response is to invest in least privilege management. With this design, users can request application admin privileges on a case-by-case basis after authenticating themselves in a way that offers audited admin oversight.