How a 25,000-seat financial organization reached 80% enforcement in six months
- Kim & Tom
- Jun 11
- 2 min read
A lot of application allowlisting projects don’t realize their full potential. The organization starts with good intentions, hits something that causes business impact, loses the trust of the business, and quietly walks it back. Sometimes they postpone the rollout, sometimes they just drop it entirely.
This company didn't do that. They're a 25,000-seat organization in the financial and insurance sector, and they're now past 90% enforcement. Getting there took about nine months from the point they went full force, with 80% reached around the six-month mark. The last few percentage points, as anyone who's done this knows, are the hardest.
AppControl.ai made the difference, read it in their own words below, or watch the video:
"I knew at the time when we were looking to go down the road of application allowlisting that we needed to get those two (Tom & Kim, AppControl.ai founders) in the room involved, and at least get us trained up and moving along that path. I knew that they would allow us to go down that path with confidence and very minimal user impact — because the whole thing is you're essentially implementing a tool that can have business impact. The business makes money. We wanted to minimize impact as much as we could."
They ran into problems early on. Their initial approach wasn't ideal, and getting out of the gate with a solid approach matters. They adapted and caught on swiftly.
"We did run into multiple things in the beginning where we're like, we think this is the best way to go. But Tom was able to put us on a different path — we've run into issues with that before, this is how we would do it. And that led us to fixing some problems before we even caused the problems."
One thing that came up that they didn't fully anticipate: the project forced them to build an application lifecycle process they didn't have before.
"A lot of people have applications and they have no real intake process when those applications come into an environment. This helped us build that process. Now we have a full application lifecycle process built based on how the app comes into our environment."
That's a byproduct worth naming. Application Control for business, enforcement requires you to know what's running.
That pressure, applied consistently, tends to surface things: homegrown apps on old versions, inconsistencies between machines, software that was never properly managed. Getting to enforcement means cleaning that up. For this organization, that turned out to be a benefit in its own right.
"We were able to find certain homegrown apps and stuff that weren't working how they should. We were able to get them on more standardized versions — everyone across the same version of an application, so there weren't the issues where it would work for one person but not another."
Interested in what a ACfB rollout could look like for your organization?
AppControl.ai is your managed App Control for Business solution for the enterprise — empowering IT teams to enforce application allowlisting across every device, at scale with confidence.
Comments