Mohela Complies with NIST 800-53 Security Framework Using ProfileUnity and FlexApp
Mohela is a federal student loan processor, and as such must comply with strict federal contractor standards, including the NIST 800-53 security framework. Almost all of Mohela’s approximately 550 employees use virtual desktops. By the time it transitioned to Windows 10, the organization had more than seven-years’ experience managing a virtual desktop environment, including a previous migration from Windows XP to Windows 7. The combination of running Windows 10 on virtual desktops and complying with NIST 800-53 presented Mohela with challenges it hadn’t encountered before – and challenges that its VMware View and Microsoft tools for managing the environment and user profiles could not solve.
One of the lesser-known attributes of Windows 10 is that Microsoft made major changes to how user profiles are created and managed. Mohela’s user profiles, which were stored on persistent virtual machines, frequently corrupted after the change to Windows 10. The organization investigated profile management tools from Microsoft (UE-V, for User Experience Virtualization and the DISM command-line tool) and VMware (User Experience Manager, or UEM), but neither could get the virtual desktop environment to the levels of reliability and security that it needed.
Out of necessity, Mohela IT staff began looking for a comprehensive solution -- and found it in Liquidware's ProfileUnity. Application Rights Management is a standard feature in ProfileUnity that enables administrators to securely modify and/or elevate "standard user" rights in Windows to allow or deny applications from being executed, delivered or installed on select users’ desktops. ProfileUnity’s security policy management features extend and go beyond Microsoft Group Policies. While Group Policies can be cumbersome to manage and cause long logon times because they are slow to execute, ProfileUnity's execution of secure policies is streamlined and fast. Now, when IT staff issue a patch or make any other update, they have 100 percent confidence that every single desktop is NIST compliant after the recompose.
The organization is also using FlexApp specifically to meet the application needs of its developers who use the Microsoft Team Foundation Server. As a result, FlexApp has allowed Mohela to reduce the number of licenses it needs to purchase because they could remove them from base images and only deliver to users as needed. Mohela's end users are now happy with their Windows 10 desktops as they can personalize desktops and access the applications they need. At the same time, desktop administrators have much more control over what users can do. Additionally, senior leadership are much more confident that the organization is meeting security compliance.