Jeff Rhys-Jones is one of our strongest tech geeks.
He has a strong technical background with over 25 years of experience.
Jeff is overseeing our 2nd level support as well as being a Territory Director for the EMEA & APAC area.
Privileged Access Management Just Got Personal
A Conference, a Presentation, and a Big Idea
In October 2022, we were fortunate enough to be given an opportunity to present our Admin By Request solution to delegates of the 2022 European Cloud Summit, in the wonderful German city of Mainz.
The night before our ‘Why Admin By Request is the world’s best solution for managing Local Admin rights’ presentation, the team gathered in the hotel bar for a few pre-presentation bottles of the local Eisgrub-Bräu.
As the conversation (& Bräu) flowed, it became apparent as we flicked through slide after slide of product features, there was a crucial message missing from the presentation.
Flexibility is Everything
Admin By Request is a Privileged Access Management (PAM) solution with a laser focus on Local Admin Rights Management. The feature set is extensive, but if you park those for a moment, and instead consider how everything can be ‘blended’ together, you will come to the same conclusion as we did that night in Mainz.
Ultimately, it’s the products configurability and therefore flexibility – not individual features, which makes Admin By Request the knockout solution for any organisation needing to both lock down Local Admin Rights, whilst still keeping the end user experience breezy and highly productive.
A great PAM solution we concluded, must work for everyone, because in the end, it’s ‘working for everyone’ that determines whether a PAM solution implementation will be successful, or even if it gets implemented at all.
The central proposition of our Cloud Summit presentation was hastily changed to ‘We Work For Everyone!’ – but soon after coming up with this pithy one liner, we realised that our rather bodacious claim would instantly be met with a heckle from the audience of ‘Oh yeah? Prove it!’.
Customer Product Demos are Focus Groups
A product demo is not simply a product presentation, but also a valuable opportunity to listen and learn about customer challenges. Discovering how a customer’s IT team have tried to address the Local Admin rights problem up to that point (without Admin By Request) is almost as interesting to us as showing them how Admin By Request can do a much better job of it.
Going over our past years’ demo notes, we noted several near identical ‘use cases’ which again and again, customers presented to us as challenges which needed to be overcome.
We worked these uses cases to build our ‘we work for everyone’ proposition and re-wrote the presentation in such a way that we first demonstrated each use case, and then followed it up by showing the recommended configuration of Admin By Request that solved that specific need.
Newsflash: Users Use Software!
The problem was, the terms ‘use case’, or ‘usage scenario’ bothered us, because these are cold and soulless words and not a good representation of the type of work we do here at FastTrack Software.
It is central to our philosophy to always be mindful of what exactly is doing the using in a ‘use case scenario’. It’s a person; a real human, and therefore it’s our sole aim to engineer software solutions to improve (not interfere with) working lives.
The idea then came, to communicate each privilege elevation scenario as a ‘personality’. This approach would not only make explaining each scenario a little more human, but also enhance ‘relativity’ and memorability too!
Thus, the concept of ‘usage personas’ was born, and the outcome was a very effective, personality-focused presentation to delegates at the European Cloud Summit.
This also happened to be the very first presentation appearance of the FastTrack Software Unicorn (our unofficial company mascot) a character which (as you will see) has inspired us to visualise some of Admin By Request’s most magical abilities!
What DO Admin Rights Requests Look Like?
Based on our many customer consultations we formulated the following shortlist of ‘personas’ that best reflect the most common type of Admin Rights requests that IT departments in today’s modern businesses need to deal with.
The task of making these personas easily identifiable was a bit tricky, until we thought to enlist our company mascot to help us out.
Do any of these personas relate to scenarios in your organisation? If so, Admin By Request has a key feature to tackle each one. You can configure Admin By Request to meet the needs of one, some, or all of these personas, and apply them to multiple different groups of users or computers, all concurrently.
Identification: Users that ‘pop up’ needing Admin Rights for an application. High volume, unpredictable, always urgent. ‘Pops’ are a huge drain of business productivity (both in the IT department and on the user side), the impact of which is typically hidden in the haze of day-to-day operations, and as such, the cost drag of ‘Pop’ activity on the business is very much underestimated.
Key Admin By Request Feature: Run As Admin with Approval Mode Enabled.
Identification: Typically found in industrial, scientific, and academic institutions, where there is a need for automated rights to securely elevate permissions for specific applications only, under full audit and whilst locking down all other admin access.
Key Admin By Request Feature: Per-Application Pre-Approval with no user confirmation.
Identification: Heroes working in helpdesk departments still need to comply with Local Admin rights restrictions on their own computers, but at the same time, need fully audited admin rights to fix issues on the end user systems they are responsible to support.
It’s a big internal security concern if your internal helpdesk staff have global, unaudited local admin rights access on all systems from Intern to CEO.
Key Admin By Request Feature: Support Assistance Mode.
Identification: Dev wizards demand full admin rights to work their magic, so you need a means to provide them with higher privileges, ‘Just-In-Time’, fully audited, but also a capability to add in some checks and restrictions. What is key however is the need to maintain your developer’s full productivity (and happiness) with their development environment. No one wants an angry wizard on their team so it’s important that your Local Admin rights solution should be both powerful and highly responsive.
Admin rights should magically appear with a mere flick of a wrist. Elevato VStudio!
Key Admin By Request Feature: Time-Limited Admin Sessions with selective blocking and tamper protection.
Identification: Accidents happen, just that when they involve users being locked out of their systems, an ‘Oops!’ can really ruin your day. This persona is also the most likely to cascade into much bigger headaches. For example, return laptop back to base, courier loses laptop, now you also have a potential data leak issue, insurance claim etc.
Key Admin By Request Feature: Break Glass (Enhanced LAPS feature).
Interested To Know More? Let’s Get Personal!
Each of our Admin Rights personalities illustrated above have their own more detailed & dedicated write up, and they are all structed as follows:
First, we’ll introduce the ‘traits’, to help you zero-in and identify if the personality matches a use case you can relate to.
Next, we will cover some common techniques which organizations have chosen to remedy the challenges of the persona, without the benefit of Admin By Request. We will also highlight problems and challenges of each of these fudgy workarounds.
Finally, we will demonstrate how Admin By Request can be configured to perfectly address the need of the persona – something we feel will enable you to immediately see the benefits and therefore value of the solution vs other methods.
We will be publishing these per-persona write-ups throughout December 2022, so what better reason would we have to start the run up to Christmas with a POP!