Managing expectations

Once you've got over the initial hurdles of getting your Least Privilege Security or parent project implemented, you may continue to face problems as users discover the restrictions placed on them that prevent them from carrying out non-business related tasks.

Service catalog

Creating a catalog of services that your IT department offers helps set expectations and manage Least Privilege Security on the desktop. All software, configurations, and hardware devices in the catalog can be tested against your Least Privilege Security settings, and give users a clear idea of what they can expect from IT.

Your service catalog should show users and management how IT services map to business needs, and so helping to establish trust between IT and the business, by showing users and management the value of IT services.

Chargebacks

If business is able to utilize IT services free of charge, there is the risk of abuse. For instance, users and their managers will think nothing of making requests for services if they know that there is no direct financial consequence. This situation can be changed by charging for services, and so creating an internal market.

Least Privilege Security on the desktop is affected because most problems are created by requests for services that don't fall within IT policy, such as for a piece of software or hardware that has not been tested with Least Privilege Security as it's not part of the IT department's service catalog. Requests for unauthorized services can create the perception that IT systems are broken because they are not able to support certain applications or devices. When chargebacks are implemented, requests for services that are not business related are minimized due to the direct cost involved, and managers think twice before authorizing employees to make unnecessary demands on IT.

If creating an internal market is a step too far for your organization, you could consider implementing a virtual internal market. This system involves charging for IT services using virtual currency or a points system. The idea is to show management how much each department, or even employee, costs the organization in terms of IT.