How Enterprise Mobility & Security Can Protect Your Network From Remote Attacks
Somewhere in the world, right this very minute, there’s a senior IT guy scrambling to run checks on his company’s network security. He’s asking himself, “Wasn’t the firewall is supposed to protect the network?” But there’s been a breach, and he doesn’t know how.
Puzzled, he’s pulling out his phone to call the IT Manager with the bad news, not realizing that he’s literally holding the answer in the palm of his hand.
Five or six years ago, CEOs and other executives started getting smartphones and bringing them into their company’s IT departments, asking the IT guys to set up their company email on their handsets. Of course, in many cases, the guys in IT said okay.
“That was pretty dumb of IT, because they probably didn’t take into account the security risks involved,” says Jasper Kraak, a Solutions Architect at Inova Solutions.
“There are still a lot of network managers who think mainly about perimeter security, focusing on the assets located on-site. That was fine 25 years ago but nowadays, your network is wherever your users are. If that CEO has confidential information sitting on his iPhone, then that single device presents a risk to the entire organisation.”
Today, most people take it for granted that they can access corporate email on their smartphones or tablets. And unfortunately, in many companies, that is a decision still being left to the IT Department.
“It’s not a technology question,” Kraak said. “Businesses should decide who is allowed to do what on which device from where. It should not be left to IT to start pushing buttons without a written policy from the organisation. As a Solutions Architect, I am now engaging in that conversation with our customers.”
After managers and executives have gotten used to having unrestricted access to company data via mobile devices, it’s pretty tough to start having conversations about rolling back those privileges, Kraak said.
Basically, the technology was introduced before the conversation about security took place. It should have been the other way around.
“Someone in IT should have gone out and bought the mobile devices, provisioned them correctly and given them to the company execs. But that’s not the way it happened.”
Today, several firms are now seeking new ways to secure their networks and digital assets. Many are discovering the benefit of the Enterprise Mobility & Security. Commonly called EMS, it’s a relatively recent addition to the Microsoft stable, released about a year ago, although some elements of the product previously existed as standalone components.
Inova Solutions was recognised by Microsoft in 2009 as their Licensing Solutions Provider for countries within the Caribbean, Central and South America. Kraak and his team encourage clients in the region to secure their digital assets using EMS, because it provides a foundation for protection against modern threats and continuous management while enabling users to be more productive.
EMS immediately detects abnormal user behavior, suspicious activities, known malicious attacks and security issues. It also controls access to applications and other corporate resources like email and files with policy-based conditions. And its single sign-on feature allows users access to cloud and on-premises web apps from any device.
The discussion about who should be allowed to do what needs to take place at the decision-making level, says Hans Kruithof, Managing Director of Inova Solutions.
“For organisations aiming to enable mobility in order to grow sales or increase efficiency, we recommend EMS to protect their private data. But companies shouldn’t simply implement technologies like EMS full force. They should be strategic about it,” Kruithof said.
The key is for organisations to conduct a proper risk analysis to determine how likely a breach is to occur, and to calculate the potential cost of the breach.
“Our Solutions Architects specialise in detecting risks and assessing potential costs. Only after a proper risk analysis is completed can a company begin to implement cost-appropriate countermeasures.”