BYOD: corporate mobility can be safe
Today in the field of IT two current trends can be noted - the use of client mobility technologies and cloud technologies. Each represents the potential for unlimited increase in productivity and benefits in the face of cost savings on licensing and purchasing hardware. Nevertheless, as elsewhere, there are supporters of the current state of affairs, and supporters of change, who want to enjoy the privileges they receive. One has only to look at the huge amounts that the main technology players (Microsoft, Amazon, Google - only some of them) invest in cloud data centers to understand that the cloud, accessible from anywhere in the world regardless of the type of device, has already taken its place and will be the new recognized face of IT.
The main privileges of the new approach to IT are realized in the context of increasing productivity and reducing costs. It is easier for an employee to work on his own device, and the employer does not need to invest in hardware for his employee.
According to research conducted by a major hardware manufacturer Dell, there are a number of obvious advantages in allowing the use of personal devices in work:
Around the world, 43% of users use personal devices for business purposes. In fact, this means that these devices are not part of the information strategy of companies and represent a fairly large risk regarding the security of the data of the respective employees.
')
However, for example, when using Windows 10 , companies have an operating system in which security tools are embedded that make personal devices a logical alternative to an inflexible information environment. At the same time, in Windows 10, the degree of protection of hardware security mechanisms, identification security, data and management tools for managing and controlling such technologies has significantly increased.
We offer to consider scenarios of mobile device management using Windows 10.
Windows Defender
Device Guard Service
TPM 2.0
Multifactor authentication
Microsoft Passport Service
Hello windows service
Enterprise Data Protection (EDP)
Universal applications
Bitlocker
Integrated Rights Management (IRM)
VPN application running
Smart screen
MS Intune
Enterprise mobility suite (EMS)
Each of these services is part of the Enteprise Mobility Suite.
With Windows 10, organizations are provided with all the tools to implement a strategy for using both corporate mobile devices and personal mobile devices.
Also, we should not forget about the significant advantages of increasing productivity and reducing current costs when implementing the policy of using mobile devices, including the advantages of using the strategy of using personal devices. At the same time, you need to be aware of the possible security implications, as well as the fact that the tools at the disposal of IT can make such use the safest and most secure.
The main privileges of the new approach to IT are realized in the context of increasing productivity and reducing costs. It is easier for an employee to work on his own device, and the employer does not need to invest in hardware for his employee.
According to research conducted by a major hardware manufacturer Dell, there are a number of obvious advantages in allowing the use of personal devices in work:
- 67% of users use personal software and applications in their work;
- companies that allowed employees to use personal devices optimized their workflow by 38%;
- employee flexibility and mobility increased by 34%;
- employee productivity and efficiency increased by 31%;
- the level of interaction between employees increased by 28%;
- decision making improved by 27%.
How to deal with security?
Around the world, 43% of users use personal devices for business purposes. In fact, this means that these devices are not part of the information strategy of companies and represent a fairly large risk regarding the security of the data of the respective employees.
')
However, for example, when using Windows 10 , companies have an operating system in which security tools are embedded that make personal devices a logical alternative to an inflexible information environment. At the same time, in Windows 10, the degree of protection of hardware security mechanisms, identification security, data and management tools for managing and controlling such technologies has significantly increased.
We offer to consider scenarios of mobile device management using Windows 10.
Device protection
Windows Defender
- Full-featured anti-malware, the predecessor of Microsoft Security Essentials
- Anti-malware update frequency
- When installing an alternative anti-malware solution, Windows Defender stops real-time protection processes, but remains available.
Device Guard Service
- Available only in Windows 10 Enterprise
- Used to completely lock the device so that it cannot run unreliable codes.
- Only codes confirmed by Microsoft by issuing a certificate are allowed to be launched.
- This list includes any applications from the Windows Store, as well as applications that have been digitally signed by MS
TPM 2.0
- Certification hardware technology linking hardware with user identity
Authentication
Multifactor authentication
- An additional level of security, in addition to the standard username and password, which includes identity verification by obtaining a code on a mobile device (smartphone)
- Such agent is installed in all versions of Windows 10.
- Active Directory, Azure Active Directory and Microsoft Accounts support this option.
Microsoft Passport Service
- In Windows 10, Microsoft Passport replaces passwords with two-factor authentication, including device registration and Windows Hello (biometric authorization) or a PIN.
- Microsoft Passport allows users to sign in to an Active Directory account, Microsoft Azure Active Directory (AD), or a non-Microsoft service that supports Fast ID Online (FIDO) authorization. After the initial two-step verification when registering with Microsoft Passport, the user configures the authentication method on his device with Microsoft Passport using Windows Hello or a PIN code. The user determines the method of verification; Windows then uses the Microsoft Passport service to authenticate users and help them gain access to protected resources and services.
Hello windows service
- Provides a support system for biometric entry — using face or fingerprints to unlock the device — using technology that is much safer than traditional passwords. You - and only you - along with your device are the key to using Windows, applications, data, and even sites and services. And not a random set of letters and numbers that are easily forgotten or cracked. Modern sensors recognize your unique personal characteristics for logging into your Windows 10 device.
Data protection
Enterprise Data Protection (EDP)
- For mobile or desktop computers
- Administrators can tag and encrypt corporate data to separate them from simple data.
- After the connection is complete, corporate data can be deleted using the remote wipe capabilities.
Universal applications
- "Modern Applications"
- Run in a secure virtual environment on the device
- Continuous update (applications are updated automatically)
- Administrative rights are not required for installation on a local device.
Bitlocker
- Supported in all versions of Windows 10
- Allows you to select only the part of the disk that contains data
- Faster and less intermittent encryption process
- A regular user without administrative privileges can reset a PIN for Bitlocker
Integrated Rights Management (IRM)
- Alternative DLP (Data Linkage Protection)
- Encrypts sensitive data with certification technology and prevents unauthorized distribution or printing of sensitive data.
VPN application running
- Activating a secure VPN connection for specific applications
Smart screen
Control
MS Intune
- Allows you to manage mobile devices and computers in the cloud. With Windows Intune , company employees can access their applications, data and resources regardless of their location and the mobile device on which they access data.
Enterprise mobility suite (EMS)
- Allows end users to work on their favorite device or devices, provides them with constant and secure access to corporate resources. Enterprise mobility suite is a hybrid identity solution supported by Azure Active Directory Premium
- Provides extensive use and management of mobile devices from the local infrastructure, including from Microsoft System Center Configuration Manager, Windows Server with Active Directory, as well as from cloud services, including Intune and Azure. What contributes to the integration of IT environment.
- EMS provides mobile management supported by Windows Intune
- EMS data protection provided by Azure Rights Management helps secure data by protecting corporate information and risk management.
Each of these services is part of the Enteprise Mobility Suite.
In custody
With Windows 10, organizations are provided with all the tools to implement a strategy for using both corporate mobile devices and personal mobile devices.
Also, we should not forget about the significant advantages of increasing productivity and reducing current costs when implementing the policy of using mobile devices, including the advantages of using the strategy of using personal devices. At the same time, you need to be aware of the possible security implications, as well as the fact that the tools at the disposal of IT can make such use the safest and most secure.
Source: https://habr.com/ru/post/314700/
All Articles