There was little time at the start of the COVID-19 epidemic for businesses to prepare for what was going to happen and to prepare for a working from home scenario. When staff where forced to work from home, many businesses did not have the required infrastructure in place to accommodate device management and security at such scale. It is amazing that when you look back, there has been an enormous amount of effort put in by all businesses and their IT partners to make this happen in such a short period.
For most, the biggest issue to be solved was allowing access to files and applications remotely. In the majority of cases, the solution was either to implement a VPN connection to allow access to applications and file servers in the data centre, implementing cloud-based Software as a Service (SaaS) solutions like Office 365 SharePoint and OneDrive or, a mixture of both on-premises and cloud based solutions. While using VPN connectivity may seem like a good idea at first, when allowing hundreds or even thousands of staff access at the same time is a huge challenge on its own. Some businesses were lucky enough that they had already started implementing their cloud strategies but many other businesses have had to fast track their migration into a cloud-based storage or SaaS applications to provide staff a similar working experience as if they would be in the office.
Whilst implementing this infrastructure within a very short timeframe has been impressive, some of the required infrastructure changes had to be implemented later as there was simply not enough time. Projects that usually would take months to implement have been rushed to accommodate the new way of remote working resulting in some project components being prioritised over others.
A good example is that moving away from VPN solutions and allowing access to data through cloud-based solutions also meant a change in the way devices are managed. Cloud based solutions allow staff to work on files and in applications in an “anywhere, anytime, any device” method where connecting through a virtual private network (VPN) is no longer required. Devices and their security must be managed differently as traditional ways no longer apply and delaying implementation of these changes for too long can become an operational nightmare.
Traditional support systems are configured with the assumption that the device is in the office at least once every few weeks. Connecting to the office through a VPN or being physically in the office for a few hours was enough to push security updates, user profile changes, anti-virus updates and report back on device health and security status. Now that staff have been working remotely over the last few months and VPN connections are used in less cases, their devices have become stale in the system as they were unable to report back the same way as if they were in the office. Pushing anti-virus or feature and security updates required the device to connect to the internal systems and even the date and time on the devices were synchronised with internal systems, causing all sorts of calendar nightmares when there was a slight difference between them.
All these problems are easy to solve when planned for, but this has not always been the case for everyone with so little time to prepare.
Traditionally, the network within the office premises and in the datacentres is considered a secure environment with a secure connection to files and applications. A VPN connection or a remote desktop solution to access files and applications has been the default solution when users are not physically in the office. With cloud, this authentication methodology required a few changes.
User authentication in cloud-based solutions is generally performed over a secure connection directly over the internet. Most SaaS solutions allow for identity synchronisation with on-premises Active Directory to replicate credentials and when combined with Multi Factor Authentication (MFA), this makes for a very secure authentication solution for allowing user access to data and applications in the cloud.
Security of data on devices requires a different approach. As staff can now login from anywhere and from any device, data can be saved in many places including on personal devices local storage. It is important for businesses to ensure sensitive company data is protected and properly managed. Device management solutions like VMware Workspace or Microsoft Intune can be used to ensure security requirements like anti-virus, disk encryption and password enforcement are in place and consistently monitored while staff are working remotely. These solutions can also be used to remotely manage the devices providing another layer of business security. This includes performing a remote wipe in the case a device is lost or stolen to ensure sensitive data is not compromised.
The ability to block or allow access to company data with device compliance policies is another great feature. Compliance policies can be configured to allow access only to company data when devices meet all security requirements to ensure maximum security between your company data and your staff working remotely.
Implementing a device management tool and enabling additional security policies to further tighten security can cause some serious disruptions if not executed correctly. Planning is vital for a seamless migration, but as it also requires a different way of working for the end user, staff education and expectation management is equally as important for a successful implementation.
Diaxion have experienced and certified Consultants that can help with your device security and management journey so, if this is something that your organisation has questions about, please reach out to our dedicated team for a confidential chat.