Blurred data borders, BYOD, and information leakage – how will you cope?
Does it shock you to hear that prominent public sector officials and politicians are handling classified information on unofficial devices? The recent disclosures about Hillary Clinton’s transmission of government data via her own email server have caused a furor. Was it wrong? Was it justifiable? Whatever the findings, this high-profile case is only the tip of the iceberg. The issue is that people are now using personal devices for work and storing work information (possibly confidential) on those devices. Businesses are as exposed to this as government agencies.
The challenge of protecting sensitive data as devices proliferate is complex. Organizations must prevent data leakage when sharing with others. They must keep certain data away from unauthorized users. They must show that their data compliance policies correspond to real processes and results, not just pious wishes. Avoiding the unfortunate deletion of information is another concern. In 2007, the Bush administration announced it had lost as many as five million emails relating to government business – emails that had been sent via private email accounts, instead of official mail servers.
The Need to Stay Safe without Sapping Productivity
One thing is clear. This challenge will not go away. Sensitive data is increasingly moving out beyond the physical perimeter of the enterprise. Organizations have little choice in this, if they want to collaborate and compete successfully in today’s digital economy. Traditional solutions for access control break down in the face of diverse devices and blurred boundaries. However, answers exist. Solutions providers like Microsoft have seen the problem grow and developed solutions to help organizations tackle it.
Microsoft knows that allowing employees to use their own devices can significantly enhance productivity. Mobility and location independence are key factors. Information must be accessible to those authorized to use it, without necessarily having to be behind the company firewall. Microsoft’s Enterprise Mobility Suite (EMS) covers requirements to simultaneously keep employees productive by using the devices and apps they favor, while protecting the enterprise’s data. Pillars of EMS are identity and access management (IAM), mobile app management (MAM), and mobile device management (MDM), content rights management, and advanced threat analytics.
In particular, Intune is the cloud-based device management (covering desktops as well as mobile devices) component of EMS, and Azure Rights Management (Azure RMS) is for data access management. All four of the solutions offered as part of the suite provide a comprehensive approach to security and compliance challenges that organizations face, while at the same time empowering their users.
Intune to Get Device Management Back in Shape
From the device management perspective, Intune enables access to resources by granted conditional access based on compliance criteria. Data and apps, including email, can be made accessible specifically to devices that are known to be “healthy.” At the option of the organization, they can also be restricted for use from within known locations, such as within a company site. Intune functionality covers the data access life cycle of device enrollment, device configuration and management, app deployment and management, data and device protection, and data and device retirement.
Advantages for end-users include the ability to bring their own devices (BYOD), and feel confident that their personal data will be protected along with their work data. Advantages for the enterprise include improving employee productivity through access to needed data, while preventing the chances of mishaps, whether accidental or deliberate.
For instance, the enterprise can insist on devices using password-protected access to company data. It can be selective, device by device, and by which apps are to be made available. The same is true for the use of different networks. The enterprise must still decide for itself which devices or users get which kind of access, data, and apps. Intune provides the capabilities to then enforce those compliance and configuration settings.
Azure RMS to Deal with a Data World without Borders
From the information protection perspective, Azure RMS offers data encryption, identity management, and authorization tools to improve file and email security. It also deals with the ever-expanding cyber perimeter of the enterprise, by protecting information inside and outside that perimeter. The protection travels with the data, overcoming the limitations of traditional security precautions, including the “bigger firewall” that cannot address the problem of data circulating in cyberspace.
As a result, Azure RMS empowers secure use of data on personal devices, in and out of the office, and in collaboration with business partners. Whereas conventional peer-to-peer encryption can hinder authorized users and services in reading and inspecting data, the flexible security of Azure RMS lets them safely accomplish their tasks, virtually without device or location restriction.
Applications of this solution abound. For instance, Azure RMS can be used to safeguard and control email transmissions at a broad level, from the enterprise to its customers, to control file download from SharePoint, and track and restrict use of reports from SAP enterprise applications. It can also be used to remotely “kill” documents when their usefulness is over or when a risk of leakage appears, yet protect files in specified folders against deletion.
Device Management and Data Protection Working Together
In all, the dual approach of Intune and Azure RMS can prevent the unfortunate cases of confidential information spilling onto unsecure devices or of unauthorized file stores accumulating or disappearing without a trace. While IT security borders will continue to blur or fade, and BYOD is still increasing, government and business can use this device management and data protection solution to stay safer, while working better.
Here at Champion Solutions Group we’ve implemented EMS for many mid-and-enterprise sized organizations in a variety of industries including financial and healthcare. Take our EMS Challenge http://mobility.messageops.com/take-the-ems-challenge and then call us at 877-788-1617 to schedule an appointment to learn more.
Post written by Jason Milgram, Director Software Development, Champion Solutions Group / MessageOps
Microsoft Azure MVP (2010-current)