People are using a lot of devices these days. According to Forrester research, a lot of business users are using three or more devices, with smartphones and tablets, as well as home and work PCs. This can lead to a management nightmare because different people want to use different types of devices from different suppliers. It opens up risk around data as well, because people are doing business on devices that might not be password secured. And what happens when someone leaves your business? What happens to the files and corporate data that they’ve been using on the multiple devices that they’ve been using?
A lot of companies are realising a need to invest in mobile device management in order to control password settings and encryption on these devices, to monitor these devices for viruses, and to remotely wipe business data if devices get lost or stolen.
Microsoft’s offering in this space is Windows Intune, a cloud-based mobile device management solution. It can manage a range of devices such as iPhones, Android phones, Windows phones, Surface and iPad tablets, and so on. There is also an option of integrating with System Center if you are using System Center Configuration Manager to manage computers and servers, so that you have a single interface to manage your whole estate.
Users want to share documents. They work with people within their organisation and outside it, and this involves moving files around. The old-school approach is to send email attachments, but this can lead to frustrations if there are multiple people working on a large file. For the users, it ends up with everyone having their own slightly different version of the file saved on their computer, and for IT it ends up with a lot of space taken up on the email system.
There are options within an organisation around file shares, but this gets frustrating when mobile working is involved, as it requires VPN connections back to the network. Microsoft provides solutions to this with tools like OneDrive for Business and SharePoint, allowing you to control the sharing spaces. Users can easily upload files and share links with their colleagues, giving a single version of the file (complete with version control, workflows and document management if you’re using SharePoint), while IT retains control with security and authentication. If a file is saved to a secure environment, then only people who have access to that environment can open it.
But there are still problems if a person downloads a file and sticks it into an email as an attachment. Once that happens, the file could end up anywhere and it’s out of IT’s control again. Right? That’s where Rights Management steps in. Available on-premise as Active Directory Rights Management or through the cloud as Azure Rights Management Services, this is a tool that lets you lock down files. You can choose to allow access only to a select group of people, and lock down features like editing or printing of particularly critical documents. With RMS applied, even if a file gets sent out to someone else, they won't be able to access it unless they have the right permissions.
People save things to their devices. No matter how much you want to get people using managed storage for their files, people will save documents onto their laptops and tablets. This can cause problems if users then leave their devices on a train or if they get stolen.
Mobile device management gives you a way to secure your devices, by setting rules about password protection and encryption. For example, you can set a rule saying that phones must have a password or PIN in order to synchronise corporate email. This means that if someone picks up a device, they won’t be able to easily access your data.
The next step with lost devices is to wipe the data. You can wipe the entire device, getting rid of any corporate data. Or Windows Intune lets you do a selective wipe on some devices. This way, if a person brings their own personal device into the workplace, they can have both personal and corporate files on it. If they then leave the company, then selective wipe lets you erase the corporate data without touching their personal data. This lets you bring your own device without making you vulnerable when people leave the organisation.
More and more companies are moving towards the cloud, making use of hosted services and software as a service offerings. But most of those companies are still using some applications and systems on-premise. This can lead to a difficult situation to manage and a confusing situation for users. You might end up with different systems each maintaining their own list of users and each of those systems having their own passwords and usernames. This is inefficient for all involved as well as potentially opening the company up to risk if someone leaves the organisation but isn’t removed from all of the systems.
Windows Azure Active Directory is a cloud-based version of Microsoft’s Active Directory technology. It lets you have a directory hosted in the cloud that can connect to an existing AD on-premise if you’ve got it, but also connect up to a wealth of cloud services and applications so that you can have a single managed identity for your users. This lets you set up single sign-on for your users and also enables some self-service functionality around things like password reset.
Core have another offering in this space which wraps around the Microsoft solution. Aurora is a managed services package around identity, providing companies with a cloud-based identity service, self-service portal, data protection, and helpdesk support. It is a full end-to-end solution around user identity, hosted in the Microsoft cloud. We can even tie it in with services around devices and device management.
Users will find a way to make their jobs easier. Sometimes this involves using applications which have not been approved by IT, which are not secure, and which potentially open the organisation up to vulnerabilities. Microsoft provide a couple of tools to help with this sort of situation. Intune, mentioned above, can provide management of mobile devices and let you track what applications are installed on them. System Center Configuration Manager lets you manage PCs and servers, monitoring what software is installed and in use. The two can work together, with Intune integrating with System Center so that your mobile and PC management appears in the same tool. This gives a rich management capability across your IT infrastructure, delivered through a single interface.
If you would like to find out more about how to implement a secure mobile working strategy in your business, contact us for an informal discussion.