The Essential 8 Series: What is Application Control?
The Australian Cyber Security Centre (ACSC) has a guideline called Essential 8, a security framework that businesses should adhere to as a bare minimum. In today’s article, we will address its first control, application control.
The ACSC defines Application Control as “A security approach designed to protect against malicious code (also known as malware) executing on systems. When implemented robustly, it ensures only approved applications (e.g. executables, software libraries, scripts, installers, compiled HTML, HTML applications, control panel applets and drivers) can be executed”(ACSC, 2021).
But in simpler terms, application control is having a pre-approved list of applications allowed to run on a device and blocking all other apps from being installed and running on that same device.
Think of an exclusive country club; the people inside (applications) have been vetted by the staff (IT team) and are now allowed to roam free at the country club (organisation).
Now anyone that has yet to be vetted (unapproved applications) will only be allowed access to the country club if they have gone through the necessary process.
Now why should you care as a business owner?
Suppose someone in your organisation was to install an unsupported program or download software from an untrusted source. This would provide a backdoor for a hacker that is looking to do damage to your network. They could hold your business at ransom or have data exfiltrated just by one weak link. Also, having uniformity in the applications you use will create more productivity, as all work is being completed on the same applications (think of your documents as appliances with the Australian power plug, if they are all the same plug, it makes using them so much easier).
What is the best way to fix this problem?
The best way to implement this control is to look at your application stack and see what is essential for business operations to continue. From there, you can list applications that can run on the machine and lock down the list. Once done, check with your IT or cyber team if the programs you need to conduct business operations are safe and secure.