Endpoint Security & Compliance

Ensure your endpoints achieve the highest level of security with ThinKiosk and Secure Remote Worker

Supporting PCI Compliance

While ThinScale products do not convert endpoints into merchants or payment application vendors by themselves, when used as part of a more complex setup, they can help achieve full PCI compliance.

So long as the PCI DSS best practice controls for systems and network are adhered to, ThinKiosk and Secure Remote Worker deliver a configuration management and hardening mechanism, which a merchant or service provider can use to support PCI DSS compliance in an often complex use case.

Supporting PCI Compliance

Key Functionality For Security

ThinKiosk & Secure Remote Worker have some key functionality in enabling personal & corporate devices to become PCI compliant, including:

  • Windows Patch Management
  • Windows Firewall Control
  • Windows Security Center Detection
  • USB Device Blocking
  • Application Execution Prevention (AEP)
  • Service Execution Prevention (SEP)
  • Restricted access to key operating system components

External Application Lock-down

ThinKiosk & Secure Remote Worker completely lock down access to any configuration for changing daemons, required services, and protocols from the desktop where the software is installed.

The software limits access to the Control Panel, the Run command in the Start Menu, Ctrl+Alt+Del, Task Manager, and the Services and Password Policies panels in Administrative Tools, effectively blocking access to services that could be misused.

In addition, the Service Execution Prevention feature added to ThinKiosk & Secure Remote Worker can be configured to block designated Windows services to prevent misuse.

Centralized Endpoint Management

ThinKiosk & Secure Remote Worker currently detect if a Windows system has the most recent patches and updates. The Management Console will then display remediation advice, and allow for the necessary updates to be deployed to all machines in the environment.

Using ThinScale's intuitive central management platform, IT teams can easily manage, troubleshoot, and update their entire thin client environment updating software, profiles, and security settings, all from a single console.

From the Management Console, it is also possible to establish dynamic policies that limit access to applications and sensitive data based on user roles and individual permissions.

Secure Anti-Virus Management

ThinKiosk & Secure Remote Worker currently detect if anti-virus software is either running or up-to-date on the device where it is installed.

In addition, when the software starts up and locks down the device, ThinKiosk and Secure Remote Worker turn on antivirus software that is turned off.

The status of the anti-virus software is displayed on the ThinScale Management Console. The software prevents the user from continuing if the configured policy rules are not met. For example, for anti-virus software, ThinKiosk and Secure Remote Worker would check whether the antivirus is running and up-to date. The Management Console then displays remediation advice.

If the anti-virus software is running, it would be required to be set to run periodic scans by default.

Key Functionality For Security

Key Functionality For Security

ThinKiosk & Secure Remote Worker have some key functionality in enabling personal & corporate devices to become PCI compliant, including:

  • Windows Patch Management
  • Windows Firewall Control
  • Windows Security Center Detection
  • USB Device Blocking
  • Application Execution Prevention (AEP)
  • Service Execution Prevention (SEP)
  • Restricted access to key operating system components
External Application Lock-down

External Application Lock-down

ThinKiosk & Secure Remote Worker completely lock down access to any configuration for changing daemons, required services, and protocols from the desktop where the software is installed.

The software limits access to the Control Panel, the Run command in the Start Menu, Ctrl+Alt+Del, Task Manager, and the Services and Password Policies panels in Administrative Tools, effectively blocking access to services that could be misused.

In addition, the Service Execution Prevention feature added to ThinKiosk & Secure Remote Worker can be configured to block designated Windows services to prevent misuse.

Centralized Endpoint Management

Centralized Endpoint Management

ThinKiosk & Secure Remote Worker currently detect if a Windows system has the most recent patches and updates. The Management Console will then display remediation advice, and allow for the necessary updates to be deployed to all machines in the environment.

Using ThinScale's intuitive central management platform, IT teams can easily manage, troubleshoot, and update their entire thin client environment updating software, profiles, and security settings, all from a single console.

From the Management Console, it is also possible to establish dynamic policies that limit access to applications and sensitive data based on user roles and individual permissions.

Secure Anti-Virus Management

Secure Anti-Virus Management

ThinKiosk & Secure Remote Worker currently detect if anti-virus software is either running or up-to-date on the device where it is installed.

In addition, when the software starts up and locks down the device, ThinKiosk and Secure Remote Worker turn on antivirus software that is turned off.

The status of the anti-virus software is displayed on the ThinScale Management Console. The software prevents the user from continuing if the configured policy rules are not met. For example, for anti-virus software, ThinKiosk and Secure Remote Worker would check whether the antivirus is running and up-to date. The Management Console then displays remediation advice.

If the anti-virus software is running, it would be required to be set to run periodic scans by default.

ThinScale's Security and Compliance Solution

Enabling Remote Endpoint Security with Secure Remote Worker

When configured properly, Secure Remote Worker enables industry-standard security for personally owned devices. With built-in location awareness, Secure Remote Worker is capable of dynamically updating permissions based on an endpoint's network and centrally-managed policies.

ETZ
Gemeente Steenwijkerland
Gemeente den helder
Willis Towers Watson 2
La's Best 2

“End users don’t even realize they are working on VDI. It looks like they are working the same way as they would on a PC at home.”

Patrique Schuijffel - Senior IT Specialist, Gemeente Steenwijkerland

THINKIOSK & SECURE REMOTE WORKER
PCI COMPLIANCE WHITE PAPER

THINKIOSK & SECURE REMOTE WORKER

Coalfire is an independent and well respected Qualified Security Assessor (QSA) for the Payment Card Industry (PCI) and Payment Application Qualified Security Assessor (PA-QSA) company.

Thinscale engaged with Coalfire in order to conduct an independent technical assessment of both ThinKiosk and Secure Remote Worker with regard to security and PCI compliance.

Ensure Endpoint Security and Compliance With ThinScale