Overview of Microsoft's Enterprise Mobility + Security Solution
Things were simpler 10 years ago. Employees called customers from their office phones, conducted their business on applications hosted by servers located in your own office, and typically just had a couple different passwords to remember. Things have changed.
Today’s modern workforce can be described in one word: mobile. And today’s modern worker wants to access their presentations, email or client information from their own phone in line at Starbucks, or from their Surface in their home office, or from their tablet while travelling to their next business meeting. Today’s worker is also trying to keep up with the vast amount of passwords and identify information needed to sign in to the various cloud applications they use for business like Office 365, Salesforce, ADP - not to mention the cloud applications they use in their personal lives – banking apps, fitness apps, communications apps.
With the number and variety of business applications and devices being used by your employees increasingly almost daily, many businesses face a significant challenge to provide access without compromising security.
The cost of not securing your data can be huge: Data breaches cost U.S. companies $5.4 million per breach on average, according to the Ponemon Institute.1 Unprotected company data leaves your business open to both regulatory fines and litigation, not to mention the inevitable public relations fallout that occurs after a breach.
Additionally, Gartner reports2 that the average employee now uses as many as three devices to access corporate data each day, and predicts this number could rise to six devices in the near future.
So how can businesses enable employees without compromising security?
With its Enterprise Mobility + Security (EMS) tools, Microsoft provides an all-encompassing solution to mobile device and identity management.
The suite provides businesses with a comprehensive range of features, including:
- Identity and Access Management (IAM)
- Mobile Device Management (MDM)
- Information Protection
- Cloud and on-premise security intelligence and protection
While IT staff once had the control to do identity management, device management, and information protection within their organization’s on-premises environment, those days are gone and not coming back. Microsoft’s EMS gives IT administrators the ability to manage their on-premise and cloud environment and employee devices, and ultimately gives your business the control it needs to stay secure, productive and compliant in this mobile, cloud-first world.
Identity and Access Management:
How many of us are sick of remembering 12 different passwords a day? The answer is all. All of us. Due to the rise of cloud-based applications, the number of passwords we’re forced to remember has gotten a bit out of control. Microsoft has stepped up to the plate with Single Sign-On through Azure Active Directory. Single Sign-On allows employees to sign-in to their popular business applications with just one secure username and password. There are 2,500 applications currently supporting single sign-on and the list is growing.
Another benefit of Azure AD is its support for multi-factor authentication. Azure Multi-Factor Authentication allows employees to sign on to access data through different devices quickly and easily without compromising security. It requires employees to sign on using a password in addition to another piece of information such as a code sent to their mobile phone.
Mobile Device Management (MDM) is the IT practice of managing and securing employee’s mobile devices such as phones, laptops and tablets. MDM has become a critical security practice for businesses to implement as more and more employees bring their own devices into the workplace. Microsoft’s InTune, one solution contained in the Enterprise Mobility + Security, allows IT administrators to centrally manage identities across your on-premises environment and the cloud. InTune provides mobile device management, mobile application management and PC management capabilities from the cloud.
MDM allows your IT team to create corporate security policies that define when and how employees can use different devices to access corporate data. Policies such as these ensure that data remains secure, even in the event of identity theft. If a device is stolen or lost, your IT administrator can easily remove corporate applications and data remotely (while leaving your employees personal information intact) to ensure valuable business data doesn’t fall into the wrong hands. Other remote capabilities including device lock and passcode reset.
InTune also ensures that your MDM solution and mobile security is always current with updates and software patches that are released in real-time through the cloud. This also relieves the burden on your IT team having to make these updates manually. Watch the video below to gain a better understanding of Microsoft’s Intune features.
We’ve talked about device management and protection, but what about specific files? Providing information protection has always been an important part of IT best practices, but with the proliferation of the cloud enabling employees to take these documents just about anywhere on their devices, this level of document-level security becomes even more critical. Luckily, the cloud actually makes this implementation of this security layer even easier than traditional on-premises solutions.
Azure Rights Management, the file security tool within the Enterprise Mobility + Security, allows your IT staff to encrypt important files and data to ensure only the right people – inside and outside your organization - have access. Another significant feature of Azure Rights Management is the ability to track who is trying to open a secured document, giving file owners insight into how the document is used or abused.
The figure shown below from Microsoft’s ebook, “Protecting and empowering your connected organization,” provides another example of how EMS protects corporate information by letting protected business documents be used and copied only within a managed environment. In the example, Anna is attempting to access an Excel document (a business file) and copy to a personal application (her iPad’s Notes app). The copy fails because Intune has separated corporate managed apps on her iPad from personal apps. It’s important to note that managed apps are not limited to Microsoft apps, but in this case, Anna’s Notes app did not fall under a managed app therefor putting the corporate information at risk if Anna was able to copy it over. The figure also shows how Azure Rights Management works to protect corporate-sensitive information by verifying Anna’s access rights to an encrypted corporate email attachment.
On-premises not to be ignored
All this talk about the cloud… but what about your on-premises environment? Microsoft thought of that too. Enterprise Mobility + Security uses Advanced Threat Analytics (ATA) to ensure security continuity between your cloud and on-premises infrastructure.
According to Microsoft, ATA runs entirely inside your organization to help your IT administrator pro-actively identify suspicious activities before they do any harm. For example, your IT staff would receive an alert if a user unexpectedly begins attempting to access applications from different devices at odd times. Pro-active, real-time intelligence is crucial these days given that the average amount of time that an attacker resides in a network until they are detected is 200+ days.
ATA enables a strong 3-step defense system and then puts the information in your IT staff’s hands so they can act. ATA first analyzes all Active Directory traffic, then learns the behaviors of your users and devices, detects any anomalies in behavior and then alerts your business of suspicious activity.
Productivity and Efficiency
A solution like EMS isn’t just about security; the suite of tools also ensure that your employees are working productively and efficiently.
The single sign-on and multi-factor authentication features make it easy for employees to access business applications from any device. Gone are the days when your employee needs to ring up your IT helpdesk just so that they can continue doing their job on a new device.
And by providing them with a seamless user experience on every device – through Office apps including Outlook, Excel, and Word – they can get up and running on any device, from any location.
The burden on your IT team is also reduced; EMS provides a secure solution for Windows, Android, and iOS, with more than 2,500 SaaS business apps covered. Managing all these applications is quick and easy through one integrated platform.
With more than two decades of experience, the iCorps IT consulting team is dedicated to delivering excellence to our customers by staying ahead of market trends and understanding new technologies that could impact their business. iCorps delivers superior IT outsourcing, IT support and technology solutions implemented by the best consultants in the Boston, Philadelphia and New York (NY) areas.
1. Redmond Magazine – Average Data Breach Cost Increases to $3.8 Million - https://redmondmag.com/articles/2015/05/28/enterprise-breaches-on-the-rise.aspx
2. Gartner.com – Demand for Enterprise Mobile Apps Will Outstrip Available Development Capacity Five to One - http://www.gartner.com/newsroom/id/3076817