Arraya Insights | July 16, 2015
It is a fact of our modern life. Mobile devices and ubiquitous access back into our company allows us to work on our own terms. Employees love it, but IT Security hates it. There is a huge inherent risk when we allow our company’s sensitive data to be accessed with a username and password. We could have the best firewall in the world, but the first time a hole is punched through it, we’re at risk, all for the sake of easing access and increasing productivity.
For the past few years, vendors have been selling Mobile Device Management solutions. These work well to protect your user devices and the data that’s on them. Microsoft has gone one step further, though, designing its Enterprise Mobility Suite (EMS) to protect users from themselves.
Microsoft starts by getting your on-premises Active Directory synced up to Azure. If you’re syncing to Office 365 and using DirSync, you’re well on your way to getting this going!
We start here at the identity. Your end users’ identity is really their access back into your network or cloud-based applications. By syncing your identity in Azure Active Directory Premium, you can secure that identity with features like Multi-Factor Authentication. You can also have a web portal for single-sign on access to back end SaaS applications, like SalesForce, Office 365 and Workday.
Microsoft includes advanced analytics and reporting here as well. Imagine getting an alert that someone in the next cube over from you is trying to log into a network resource from a city that is 3,000 miles away. Clearly, something isn’t right. Backed by Azure Machine Learning, these analytics learn your end users’ behavior and can alert you when something is amiss.
Did we mention that you can do self-service password reset without any additional infrastructure? This solves the number one Help Desk ticket generator for many companies.
Now that we’ve secured our identities, we need to take a look at our internal data sets. Depending on your business vertical, your sensitive data could vary. For example, a hospital will want to protect Personally Identifiable Information while an engineering firm will want to protect their Intellectual Property.
With the second piece of EMS, Azure Rights Management, Microsoft gives you the ability to protect your company’s data. Typically Rights Management Solutions (RMS) require a complex on-premises solution. With Azure Rights Management, Microsoft is doing the heavy lifting there for you, but still allowing you to protect on-premises or cloud data.
Rights Management allows your end users to protect sensitive data in a few ways. Owners can decide who can get the file, what they can do with it and when it should expire. They can also opt to receive notifications when someone tries to do something with the file that they shouldn’t. An IT administrator can create templates for certain data types, removing the complexity for your end users while keeping your data secure.
There’s also conditional RMS, which allows an IT administrator to set conditions that automatically apply an RMS template based on criteria met. This protects your data without end users even knowing it!
Windows Intune is the MDM and PC management piece of the Enterprise Mobility Suite. This gives end users the ability to use whatever device they want, wherever they are, while ensuring that your company can still manage your data on the device without impacting the end user’s personal data.
Intune can help you protect your company’s data on personally owned devices by allowing conditional access, for example, you can disallow jailbroken devices or require an anti-virus solution.
Microsoft’s unique approach to content and data security has helped them design a complete solution that goes beyond MDM to truly help you protect your data and your users. Arraya Solutions has a cost effective engagement that takes you through piloting the Enterprise Mobility Suite, but leaves you with a deployment you can extend into production.