Managing a highly distributed workforce
As a consulting firm, AspireHR has a highly distributed workforce that doesn’t lend itself to traditional on-premises IT management. “Employees spend more time on-site with clients than they do in our office, so a traditional Active Directory / Group Policy management structure didn’t give us the visibility and control we need to provide effective IT service management. Even adding an MDM solution like InTune didn’t allow us to fully manage our distributed employee network in the way we needed,” says Jeremy Ailes, Director of Technical Platforms and Operations at AspireHR.
“We regularly faced challenges supporting consultants in the field. They were often unable to connect to our network for long periods of time due to client security constraints,” explains Jeremy. “With employees off site with clients for weeks, devices could get out of compliance very quickly.” In addition to the security challenges, being blocked from AspireHR’s network made most IT service tasks more difficult. To address these constraints, AspireHR consultants were given administrative access on their laptops when out of the office. This allowed them to run updates, install software, and make configuration changes as needed without requiring IT intervention. Giving end users administrative privileges posed a security threat but was needed for consultants to do their job efficiently.
To address these issues and manage a fully remote workforce during the COVID pandemic, Jeremy rolled out Ninja agents to all employee endpoints. “Ninja gives us patch automation capabilities, an anti-malware solution, a robust scripting engine, and software deployment capabilities that work for our distributed employee network in single pane of glass,” explains Jeremy. Aspire was able to get full visibility and control over their employee endpoints from day one.
Almost immediately, Jeremy was able to remove all users from their local admin group and create a custom local administrative account on all endpoints. When users need to perform an action that requires administrative privileges, Jeremy creates a random password on the local admin and shares it with the user. The password is then reset within 12 hours so the user no longer has access.
Direct remote support sessions are also more efficient as Jeremy no longer has to roll out patches or install software via remote control. Those functions can be shifted to a Ninja automation or script so remote support sessions can focus on solving more pressing and complex concerns.
Pursuing a zero-trust environment
Aspire is a small firm that’s growing rapidly. “We’re small but work with some of the world’s largest companies,” says Jeremy. “While we might not be a high priority target for a cyber-attack, when we interface with large clients we become a much more attractive attack vector.”
As a consulting firm working with sensitive data, clients often have strict security and compliance requirements that Aspire HR must attest to. For example, some clients require signed affidavits that all devices used by Aspire HR employees working on their account have been fully patched and compliant with security policies. Other clients require that all devices on-site have no access to removable media. “Ninja gives me the ability to easily push patches out to all of our devices and get them compliant not only with my standards, but with client standards. Making device configuration changes – like blocking removable media – is also easy to do across individual or multiple devices with Ninja’s scripting engine. Everything I do in Ninja is tracked, auditable, and reportable, so I can send clients a report showing them that our devices are secure and compliant with their standards and that our endpoints do not constitute an increased security risk,” says Jeremy.
By adopting NinjaRMM, Jeremy has been able to move AspireHR from a high trust environment to a zero-trust environment without the limitations of a traditional domain infrastructure. “Our employees need to be able to do their work both securely and efficiently. I’ve seen what malware can do when someone gets compromised. We’re not big enough to withstand an event like that. If everyone’s drive were encrypted by malware and it takes a week to get up and running that’s a week we cannot do business and lose income. It’s too risky,” explains Jeremy. “Being a zero-trust environment allows our clients to confidently work with our consultants knowing that we are not adding to their attack surface.”
“Ninja has helped AspireHR pursue a zero-trust IT strategy that strikes a balance between security and usability while simultaneously reducing the administrative burden of these tasks,” says Brian.