For years, IT departments and the users of technology have been at odds over administrative rights on their computers. Users want to be able to get their work done with as little interruption as possible—and that means occasionally being able to download or update applications. IT departments, on the other hand, have been aware that the ability to download applications is a serious vulnerability. Cyber criminals are constantly inventing new ways to trick unsuspecting users into downloading malicious software, which can have catastrophic impacts on a business.

 In the minds of IT professionals, best practice has been to remove administrative privileges from users, to add a layer of supervision to what users could download. But, inevitably, this has always led to friction, as users need to contact and wait for a support technician to put in an administrative password to approve a download.

 Enter Privileged Access Management (PAM), a rare security tool that helps alleviate friction for users while also mitigating cyber security risk. PAM helps organizations make sure that people have only the necessary levels of access to do their jobs, while streamlining the approval process for downloads and updates.

 PAM works by voiding local administrator rights, and notifying the user in a pop-up window if new software or an update are being downloaded. The user is informed that a support professional will review and either approve or deny the download—which is far less invasive than having to contact support for help. And, on the IT support end, PAM allows for easier approval of downloads, and—more importantly—whitelisting certain applications that should always be approved, removing friction for the user entirely.

 PAM tools also provide an extra layer of intelligence to IT professionals, serving up analysis of requested downloads to guide them in their decision to approve or deny. This kind of advanced intelligence is increasingly important, as administrative access remains a key vector for malicious attacks such as ransomware. PAM is one of the best ways to help stop malware and thwart attackers. By limiting users to Standard privileges, 94% or more of Microsoft vulnerabilities can be mitigated.

 Affinity has invested in PAM as a core piece of our service offering, because we believe it is essential for maintaining the security while also optimizing productivity. Without PAM, companies risk exposure to malware or a cyberattack on company computers. Enterprise tools like this allow Affinity to prevent catastrophic user error while improving policy compliance within a company.