A common question we hear is how to roll out endpoint management to users: How should admins handle users who are asking to download things they won’t be able to do? Who should own the governance? Security? Endpoint?
Of course, every company is different so take this with a grain of salt, but here’s what Delinea has seen work well.
-
The Security team defines policies and criteria
-
The Endpoint teams own the implementation of those policies. This includes making sure to communicate everything impactful to users – what downloads make you vulnerable? What will and won’t impact their day to day work?
-
New requests that come in would go to the policy/security team – who would need to decide “is this something we'd want to approve?”
-
If the Security team decides yes, the endpoint team whitelists.