A severe cybersecurity incident is the most dangerous risk most companies face. It is the greatest threat to a company’s ability to deliver for its customers, and so it’s value. This is fourth of a series of posts about cybersecurity risk, and how you can reduce it to give customers and investors confidence.
I wrote in my previous posts about the importance of securing user identities. One of the most effective ways to secure digital identities, is to only make them accessible from devices (sometimes referred to as endpoints) that are compliant with the policies you decide to enforce - enter device (endpoint) management.
In today’s digital hyper connected era we are all dependent on our devices to get stuff done. Those devices help you get work done, but they can also be a launch pad for a hacker to attack your company. It is critical to keep the access to company data proportional to the level of control and insight you have to the state of the device where the data is being accessed from:
Fully managed and monitored devices can be granted more access as you can detect and mitigate threats that may be on the device.
Personal ‘unmanaged’ devices can be granted more limited access to reflect the limited insight into any threats that may be present on that device (for example Malware or an unauthorised user).
No. Different operating systems support different approaches, but there are some common themes:
Data segregation – both iOS/iPadOS and Android support separating data on the device into ‘work’ and ‘personal’ buckets.
Ownership control privileges. The major operating systems support providing a greater level of control to the entity that legally owns the hardware. For example, a corporate owned iPhone can be ‘supervised’ and have a level of access and control granted to it that the user cannot remove, including the ability to remotely erase the device.
Device management versus application management. Tools like Microsoft Intune allow you to manage corporate data in controlled applications on a personally owned device, reducing your costs by enabling employees to use their own devices whilst still giving you corporate control over the work data on their personal device.
So, what are the key benefits of device management?
Policy enforcement. IT security policies are worthless without the ability to technically enforce them. By restricting access to controlled contexts, you can ensure compliance with the controls you have designed to mitigate the threats you consider the greatest risk.
Keep software updated. Everyone is bad at keeping on top of software updates. With managed devices (or applications) you can force users to keep their devices up to date to maintain access, reducing software vulnerabilities in the process.
Threat detection and response. Device management and conditional access policies enable you to deploy threat sensors across your company to detect malware, ransomware and detect malicious user activity that could represent a threat to your business.
Data protection. By restricting access to managed devices or managed applications you can create a data boundary to your company by blocking USB ports, external storage, unmanaged cloud file sync agents, downloads etc. You can also remotely erase your data in the event a device is lost or stolen, or an employee goes rogue. Finally, you can deploy a cloud sync agent to ensure all data on the device is backed up to your corporate cloud storage so that if a device does need to be erased no data is lost.
Better Employee experience and productivity. Every employee loves the magic of turning a computer on, logging in with their work credentials and then everything setting itself up like magic. The fact they just go to their normal tools, and they are signed in magically using SSO and passkeys embedded on a device is the cherry on top and improves their productivity.
Lower operational costs. Streamlined user onboarding and offboarding, a standardised configuration and the ability to remotely support users, all drastically streamline IT operations and enable better headcount to IT support ratios.
Regulatory compliance. Many customers and regulators will require you to be compliant with certain cybersecurity standards – it is usually impossible to maintain compliance without device and application management in place.
Implementing device and application management is a critical step if not already in place for the huge productivity and security benefits it brings. It can involve significant logistical challenges and cost if not thought through properly, so the earlier you have it in mind the better. Until you have the company configuration highly optimised it is better to iterate, bringing users onto managed devices with minimal controls initially and then ramping up the security gradually. As ever, testing is key!
If you are navigating some of these challenges at the moment we can help. Our mission is to help you reduce your cyber risk, and so our help can be in whatever form is most helpful to you, from conducting an assessment of your current setup, to advising on system architecture and config, introducing trusted partners, training up staff or helping with op model development or hiring. Please reach out below 👇