According to the Association of Corporate Counsel, unintentional employee error is the top cause of data breaches. And with 87 percent of IT professionals concerned about the security of cloud data, according to a Dimensional Research survey conducted for Druva, it’s easy to feel vulnerable. Preventing these unintentional errors can help keep your data protected.
The problem—simple passwords
Simple or reused passwords open the door to hackers. According to SplashData, the top five worst passwords of 2015 were:
123456
password
12345678
qwerty
12345
But even a great password can pose problems when used on multiple sites. Hackers know that people like to reuse passwords, so when they crack one, they test it on multiple sites, especially those that may contain higher value information.
Your solution—Educate employees on how to create a strong password. Then put a policy in place to ensure passwords meet minimum complexity requirements and require that users change them often. Also, encourage secure password-keeping practices such as using third-party services that store passwords in the cloud and secure them all with a master password.
The problem—falling for phishing
According to a Verizon Data Breach report, phishing is the second most common threat and is implicated in around a quarter of all data breaches. If a phishing message ends up in an employee’s inbox, there’s a good chance they will click the link.
Your solution—In addition to top-notch security and secure email filters, encourage users to report suspicious-looking messages—similar to reporting junk mail. Once reviewed and identified as a threat, add these messages to service-wide filters.
In Exchange Online, Email Safety Tips provide an additional layer of protection with a warning to the user in messages that are marked suspicious.
The problem—BYOD practices
Bring-your-own-device (BYOD) policies are widely used in today’s business landscape, but employees accessing sensitive information from personal devices can open the door to security threats. According to research from the Ponemon Institute, a total of 67 percent of respondents cited employees using their devices to access company data as likely or certainly the cause of data breaches.
Your solution—Create clear BYOD policies and educate employees on how to follow these guidelines—including what’s at risk if they’re ignored. For additional layers of security, require the use of approved secure mobile apps and multi-factor authentication when accessing company information.
The problem—lost or stolen devices
Lost devices are another leading cause of data breaches. And not just employee-owned devices—even your company’s devices are at risk, leaving your organization exposed to threats if they are lost or stolen.
Your solution—Educate employees on proper device security on- and off-premises, and instruct them to report lost devices as soon as possible. Enable security policies to ensure you can remotely access, locate and wipe a device if necessary.
Continually educate employees to minimize risk of common user-error breaches. Security features available with Office 365 help mitigate the risks introduced by employees. Data Loss Prevention (DLP) proactively scans emails and notifies users before they send sensitive information. Information Rights Management (IRM) allows you to control email access permissions to keep unauthorized people from printing, forwarding or copying sensitive information. Additionally, Office 365 gives you the option to use Microsoft Defender to safeguard mailboxes against sophisticated attacks in real time.
[/vc_column_text][/vc_column][/vc_row]
5 keys to simplified mobile protection
Businesses today are reaping the benefits of mobile, like increased productivity, lower overhead, and happier employees. However, mobility can bring added risk, requiring greater focus on protecting data, enabling secure employee access, and managing Bring Your Own Device (BYOD) as personal devices are used for work. With the right tools, managing this risk doesn’t have to be complicated.
Here are five components of your business that Enterprise Mobility + Security (EMS), in conjunction with Office 365 addresses.
People - Give employees the access they need, when and where they need it
Mobile devices - Manage your company resources, regardless of device
Apps - A single platform to manage every app
Data - Protect data wherever it goes
Infrastructure - The foundation that enables mobility
Productivity is the goal of mobility. Security is the requirement. Enabling secure mobile productivity doesn’t need to be overly complicated or expensive. With Enterprise Mobility + Security (EMS) and Office 365 working together, you ensure employee productivity while keeping your company protected in a mobile world.
[vc_row][vc_column][vc_cta_button2 h2="Find Your Best Path To A Truly Consistent Hybrid Cloud" title="COST BENEFIT ANALYSIS" size="lg" position="bottom" link="url:http%3A%2F%2Fwww.managedsolution.com%2Faws-azure-compare%2F||" accent_color="#f4c61f"]
Achieve IT infrastructure cost savings of at least 50%
Call Southern California’s most trusted name in cloud at 800-208-3617 for real time pricing and a cost benefit analysis for Microsoft’s Azure and Amazon’s AWS.
[/vc_cta_button2][/vc_column][/vc_row]
Manage BYOD and corporate-owned devices with MDM solutions
With the increasing volume and diversity of both ‘bring your own device’ (BYOD) and corporate-owned devices being used in organizations today, a growing challenge for IT departments is keeping corporate information secure. Microsoft mobile application management (MAM) and mobile device management (MDM) solutions help minimize this complexity by offering management capabilities both on-premises and in the cloud, all from a single console.
For more information, watch Enterprise Mobility: Mitchells & Butlers boosts service with managed mobile platform:
MANAGE DEVICES AND APPS FROM THE CLOUD
With the proliferation of mobile devices in the workplace, employees can, and do, work from just about anywhere. To stay productive, this mobile workforce demands consistent access to corporate resources and data from any location on any device. This BYOD trend has introduced significant challenges for IT administrators who want to enable enterprise mobility while ensuring that corporate resources are protected from unauthorized access.
Leveraging Microsoft Intune, you can deliver application and device management completely from the cloud, or on-premises through integration with System Center Configuration Manager, all via a single management console.
Microsoft has also incorporated manageability and data protection directly into the Intune-managed Office mobile apps to help maximize productivity while providing the flexibility to extend these same management capabilities to your existing line-of-business apps through the Intune App Wrapping Tool. You can choose to manage the Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life.
Intune is included in Microsoft Enterprise Mobility + Security—a cost-effective way to use enterprise mobility cloud services for all of your employees.
BENEFITS
Deliver and manage apps across a broad range of devices, including iOS, Android, Windows and Windows Phone all from a single management console
Simplify administration by deploying required apps automatically during enrollment and allowing users to easily install corporate apps from the self-service Company Portal
Help maximize productivity with the Office mobile apps your employees know and love while preventing the leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem, and extend these capabilities to existing line-of-business apps
Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to seamlessly access corporate resources with the appropriate security configurations
Provide comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption
Remove corporate data and applications when a device is unenrolled, noncompliant, lost, stolen, or retired from use
Extend your System Center Configuration Manager infrastructure through integration with Microsoft Intune to provide a consistent management experience across devices located on-premises and in the cloud
For more information, watch the mobile device and application management overview video below:
Microsoft Intune: Mobile Device and Application Management Overview
As consumers we have become obsessed with connected devices. We like the idea of smart homes, smart cars, smart TVs, smart refrigerators or any machine that can be automated with sensors and an IP address. Yet fewer tasks in IT today inspire more fear than the prospect of protecting corporate networks from this proliferating wave of connected devices. The internet of things phenomenon expands the threat surface exponentially, in turn boosting business risk.
But CIOs often aren’t aware of all of the devices that make inviting targets for hackers. "One of the fundamental issues that faces the internet of things is knowing that they're there and giving them some identity,” says Gartner analyst Earl Perkins. "You can't manage what you can't see."
Factor in the hiding-in-plain-sight machines and BYOD devices, as well as emerging technologies that control office light fixtures, temperature and even window tint, and it's easy to see how vetting what's on the network will only get harder for CIOs. Securing internet of things is a primary focus of this week’s Black Hat USA conference, whose organizers told the Wall Street Journalthat they received 50 proposals for seminars related to infiltrating devices, including how a computer worm could spread smart lightbulbs, how to hack medical systems, and a new kind of ATM skimming device.
Matt Kraning, CTO of security software startup and DARPA spinoff Qadium, says CIOs are focusing on locking down devices operating on the network as a result of BYOD policies while the mundane teleconference systems are ignored. There are tens of thousands of such unified communications and collaboration systems installed in executive boardrooms around the world. These systems use dated protocols, such as Session Initiation Protocol (SIP), aren't encrypted and are rarely kept current on patches.
Imagine this scenario: The entire C-suite huddles with the board for their quarterly meeting. The IP-enabled video conferencing system doesn't work so they call IT in. Turns out the system was properly blocked by the corporate firewall, consistent with corporate policy. But rather than cancel the meeting, the execs order IT to break through the firewall to get the system to work. The big no-no occurs when the IT team doesn't put the firewall back around the equipment, leaving the system open to an enterprising hacker who may eavesdrop on executive meetings.
"They grew up when the phone was just a phone," Kraning says of executives who don't realize the threat that such systems pose. "Most have no insider awareness of IoT and that persists the myth that the problem is not already here." He says mail servers are also potential threat vectors.
IoT security: a victim of market economics?
The enterprise is naturally only a subset of the broader world – one in which the increasing drumbeat of connected devices poses an even greater threat. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016 and will reach 20.8 billion by 2020. Protecting those devices, from smart cars to smart hot water heaters to smart TVs, remains a big problem partly because of a misalignment of economics, says security expert Bruce Schneier.
PCs and cell phones churn every 18 to 24 month so the companies that produce them have financial incentive to constantly refine the security of those devices. But people replace cars every 10 years, refrigerators every 20 and thermostats "never," says Schneier. "There exists no mechanism to patch them because it's not economically viable for third-parties," Schneier says.
The problems will mount as new devices emerge and they, along with the sensors and software used in conjunction with them get cheaper and last longer. “You don’t have the same ecosystem of upgrade in terms of patching, devices and operating system -- none of these things that in a computer world makes them better,” Schneier says. “When your furnace becomes part of the IoT and they say you have to replace the hardware on your furnace every two years... people are not going to do it.”
Assigning fault also plays a big hand in the complex market dynamics. When a perpetrator infiltrates a network through a software vulnerability, we point to the flawed software. But with connected devices forming what is essentially a digital daisy chain, it is difficult to attribute fault. "If you're refrigerator interacts with your router and hacks your Google account, whose fault is it?" Schneier says. "The market economy actually works against securing IoT."
Such security threats can snowball quickly, as Schneier wrote in a blog post last week: “Vulnerabilities on one system cascade into other systems, and the result is a vulnerability that no one saw coming and no one bears responsibility for fixing. The internet of things will make exploitable vulnerabilities much more common.”
An IoT security model
Qadium is tackling the IoT security problem with “global internet sensing” software that scours hundreds of terabytes of data generated by devices configured by a given organization. Indexing a hundred different protocols, calling out to all of the devices that reside on a customer’s network and gauging their responses for anomalies. It finds dark spaces in corporate networks CIOs didn’t even know existed.
“We look at the entire internetperpetually and turn it into an analytics challenge,” Kraning says. The goal is to say, “We know where all devices of interest to a company are.” Qadium’s customers include the U.S. Cyber Command and the Navy.
According to Perkins, who says Qadium competes with Bastile Networks, Great Bay Software and ForeScout Technologies, such technologies play a useful role in helping CIOs discover what’s on what he calls the “network of entities.” However, the challenge doesn’t end there. A second set of technologies is required to isolate and neutralize malware or other network incursions. Securing connected devices, he says, requires a multi-layer approach that involves providing the proper policy enforcement for existing devices and those that will come onto the network in the future. This is no trivial task.
"We've reached an era in computing now where we are able to project a pervasive digital presence into the edges of business and into the edges of life -- on the human body, in the human body, in the house, in the car,” Perkins says. Gartner estimates spending security technologies to protect the Internet of Things will top $840.5 million by 2020.
What does the future of IoT security look like? Schneier, who has closely watched the cybersecurity market evolve over the last three decades, says the federal government must provide regulatory oversight into cybersecurity by establishing a new federal agency – ideally a Department of Technology Policy – to regulate the industry, similar to how the FCC was created to regulate airwaves and the FAA guides airlines. For now, Schneier says the government remains woefully behind on IoT awareness.
Yet Schneier remains cautiously optimistic about the industry’s chances to solve the complex challenges – like it always has – over time and through trial and error. The solutions “will be like everything we do in computer security to date -- a hodgepodge of things that work pretty well," Schneier says. "We'll muddle through, screw it up and get better."
[/vc_column_text][/vc_column][/vc_row]
[vc_row][vc_column][vc_column_text]
State of BYOD and Mobile Security Report: Latest Insights, Trends and Stats
The Information Security LinkedIn group released a new survey from its 200,000-member community on the state of bring-your-own-device (BYOD) and mobile security initiatives in their enterprises. We provide our take on some of the findings from this comprehensive survey‘s 1,100 responses.
To BYOD or Not?
According to the survey, over 60 percent of enterprises allow or tolerate employee use of personal devices to access enterprise data. Only a small minority of enterprises, 11 percent, have no plans to allow such usage. Enterprises that allow BYOD expect the primary benefits to be improved employee productivity and satisfaction and better overall security, and 58 percent expect related budgets to increase or stay flat.
Our Take: Device ownership is destined to become a nonissue, and IT organizations must adopt new capabilities to secure enterprise applications and data on a shared personal or corporate data device. Enterprises are embracing BYOD programs as an opportunity to invest in the secure productivity of their employees as opposed to a “cost of doing business.” Securing corporate data without making assumptions on device security makes enterprises less complacent and more rigorous in assessing and addressing security risks.
Enable Flexible Data Access
According to the survey, email access allowance is still king at 86 percent of responses, followed by access to documents, custom mobile applications and cloud services. Overall, structured data in enterprise databases is still deemed most valuable, with unstructured data a close second.
Our Take: Our devices enable access to critical enterprise resources. Sensitive data and transactions are accessed, stored locally and exchanged not only with data center apps, but also third-party services. BYOD enables a “personal” device image, but enterprises must take steps to secure local app execution, encrypt enterprise data where applicable and detect access and transactional risk.
Data Loss Doesn’t Equal Device Loss
The biggest mobile security risk, according to the survey, is losing enterprise data. In essence, the risk categories can be divided into three main areas: data (stolen, lost, unauthorized access), threat (fake apps, malware, exploits) and management (endpoint security, regulatory compliance).
Our Take: Enterprises must address each of these three dimensions through a holistic framework. Many enterprises have made progress on addressing the “lost device” scenario and data-loss risk with enterprise mobility management suites that enable a remote wipe of enterprise data from mobile devices. However, securing devices against compromise has a long way to go; this is partly due to the restrictions enforced by mobile OS vendors on the security community, which limits the ability to secure mobile platforms.
Mobility Impact: Tools and Resources
Enterprises are investing in resources (mostly security personnel) and tools (mobile device management and endpoint security solutions) to address the emerging mobile threats.
Our Take: Enterprises are taking steps to reduce mobile-related security risks. To minimize the burden, such resource allocation should occur in the context of a comprehensive plan that addresses enterprise-specific risk factors. For example, banks that provide online banking services to customers must address transactional risk from both laptops and mobile devices that they have absolutely no control over. Malware and phishing risks that are common to that environment should be assessed when new capabilities are rolled out (e.g., remote deposit capture).
Reducing Attack Surface: Beyond the Basics
Simple steps are the easiest to implement. Most enterprises require password protection to devices accessing enterprise data; this will deter the occasional thief but is probably no match for a focused adversary. Encryption and remote wipe provide additional layers of security.
Our Take: While these measures are a good start, security should be embedded in the enterprise mobility initiatives. For example, secure development practices and mobile penetration testing will reduce vulnerabilities that can be exploited by malware, thus reducing the attack surface. While the malware threat has quickly grown, its capabilities have slowly evolved on mobile devices. Recent developments should drive security teams to reassess the threat and the possible impact of credential loss on their enterprise security.
Summary
The survey shows enterprises’ increasing readiness to embrace BYOD programs. Enterprises are making investments in people and tools to manage the key risks to enterprise resources (applications and data), driven by mixing corporate and personal data and the evolving threat landscape. The business rationale for these investments is boosting employee productivity while improving security as a broader set of risks is taken into consideration; this is a no-brainer since we expect BYOD to become table stakes for virtually all enterprises in the next few years. Given the utility and importance of mobile devices to employees’ personal and work lives, this looks like a sound investment.
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][vc_cta_button2 h2="See how Managed Solution can improve your mobile security" txt_align="center" title="Here!" color="orange" size="lg" position="bottom" link="url:http%3A%2F%2Fwww.managedsolution.com%2Fems||"][/vc_cta_button2][/vc_column_text][/vc_column][/vc_row]
[vc_row][vc_column][vc_column_text]
Enhancing Microsoft Office 365 with the Enterprise Mobility Suite (EMS)
By adding the Enterprise Mobility Suite to Office 365, your employees are enabled to access corporate data from any mobile device with a single sign-on, allowing your workforce to be productive from just about anywhere. This solution also provides IT with the high-level control that allows users to freely collaborate together, while protecting your company’s data.
The Enterprise Mobility Suite is a comprehensive cloud solution from Microsoft that enables our customers to meet their IT and Bring-Your-Own-Device (BYOD) challenges.
It addresses our customers’ need for an end-to-end secure and productive managed cloud environment for their mobile workforce that encompasses identity, Mobile Device Management, and Mobile Application Management.
Office 365 comes standard with the basic version of Azure AD, which includes MFA capabilities for Office 365 workloads only. To get the enterprise-grade services, you need EMS for its advanced identity management, security, and auditing capabilities, as well as Azure AD Premium’s enterprise-grade synchronization between on-premises AD and Azure AD. Additionally, EMS includes Azure RMS to provide protection for non-Office file types, as well as access for developers to Azure RMS SDK for Rights Management in on-premises Windows Server file shares.
Today’s workforce is mobile, making the business extend beyond office and customary work hours. EMS helps businesses stay agile and competitive, while keeping their data, tools, and resources accessible, yet more secure, anywhere, anytime.
Who should be interested?
Small and mid-size businesses with 50-500 seats* *Note that Telcos may be ready for EMS once they add Intune for mobile device management to Office 365
Why is EMS important?
Ensures that IT will be able to manage user access to the information they need quickly, easily, and securely
Provides their users with consistent access to resources from a variety of mobile devices over diverse applications, thereby boosting collaboration and productivity
Enables secure mobile access to data
Overview of Enterprise Mobility Suite that support customer scenarios
The suite at-a-glance:
Microsoft Azure Active Directory Premium for hybrid identity management
Microsoft Intune for mobile device and application management
Microsoft Azure Rights Management for information protection
Hybrid Identity and Access Management: Azure AD Premium
Provides cloud-based, single sign-on password capabilities for more than 2,500 popular SaaS applications
Reduces costs through self-service portals for resetting passwords, or requesting application access, without the help of IT resources
Integrates with existing on-premises investments
Employs rich, robust synchronization of user identities from on-premises directories
Reduces risk and supports compliance requirements with comprehensive Multi-Factor Authentication (MFA) options
Hybrid Identity and Access Management: Azure AD Premium
Delivers mobile device and application management across popular platforms: Windows, iOS, and Android
Manages and protects corporate apps and data on almost any mobile device
Maximizes productivity with Intune-managed Office mobile apps
Simplifies administration with a single management console in the cloud with Intune or on-premises
Information Protection: Azure AD Premium and Azure Rights Management
Helps retain control of corporate data assets wherever its shared
Delivers information protection in the cloud or in a hybrid cloud with an existing on-premises infrastructure
Integrates information protection into your native applications with easy-to-use software development kit (SDK)
Contact us for more information:
Managed Solution is a full-service technology firm that empowers business by delivering, maintaining and forecasting the technologies they’ll need to stay competitive in their market place. Founded in 2002, the company quickly grew into a market leader and is recognized as one of the fastest growing IT Companies in Southern California.
We specialize in providing full Microsoft solutions to businesses of every size, industry, and need.[/vc_column_text][/vc_column][/vc_row]
Over half of employees believe nine to five is 'outdated"
63% of workers believe that nine to five is an outdated concept.
The research from CVBuilder found that many employees are working outside of office hours. 50% will check or respond to work emails outside of work, and 24% check work emails when they are with family and friends.
38% said they continue to work outside of office, with 62% seeing this continued connectivity and checking as a choice instead of an obligation.
50% of those aged of those aged 45 to 54, compared to 31% of those aged 18 to 24, were willing to work outside of office hours.
Rosemary Haefner, Chief HR Officer at CareerBuilder, said: “Workers want more flexibility in their schedules, and with improvements in technology that enable employees to check in at any time, from anywhere, it makes sense to allow employees to work outside the traditional nine-to-five schedule.
“Moving away from a nine-to-five work week may not be possible for some companies [yet], but if done right, allowing employees more freedom and flexibility with their schedules can improve morale, boost productivity and increase retention rates.”
Male workers are more likely than female workers to work outside of office hours (44% compared to 32%); check or respond to work emails outside of work (59% compared to 42%); and check in on work while they are with friends and family (30% compared to 18%).
However, female workers are more likely to go to bed dreaming of work than their male counterparts (23% compared to 16%).
This survey was conducted online within the US by Harris Poll, on behalf of CareerBuilder. 1,078 employees were asked.
Mobile Device Management can make life simpler not only for your IT department but also your employees. The solution enables the control of mobile devices entering an organization’s network, whether they are provided by the company or part of a Bring Your Own Device (BYOD) program. Learn more.
Windows 10 – Improving the Enterprise Experience by Collecting the Opinions of Large Corporations
Thought-Leadership by Jon Nicponski
Microsoft is going to great lengths to ensure Windows 10 is better received than its predecessor. Unlike the experiment with Windows 8, Windows 10 Developers have gone out and engaged large corporations to discern which features they needed. Product support was involved from the first on Windows 10 in order to maintain the vision for a common experience across device platforms.
Regular Maintenance Makes for a Reliable Enterprise Solution
Probably most important to enterprises, the start menu is back, so user confusion will be an absolute minimum. There are a LOT of features that make Windows 10 a compelling upgrade including much improved security, but here we will focus on how easy that upgrade will be to accomplish.
Automated updates used to NEVER be an in-place upgrade option, but now, Microsoft has enabled the ability to do an automated update that is un-attended from Windows7/8. This update can take as little as 7 minutes.
The update carefully inspects the machine and if there are ANY known issues it behaves as you have configured by either rolling-back or displaying the errors. In fact, the US Air Force, one of the fastest adopters of new Microsoft technologies, will be using the in-place upgrade.
Microsoft’s recommended upgrade path for Enterprises is to go direct via unintended upgrade 7-10, 8->10, 8.1->10. There is not a Vista or an XP direct upgrade path.
There are some scenarios where an upgrade won't work, for instance with X86 to X64 systems. Also, the base language needs to be the same. As an example, you can’t have a base language of German and try and upgrade with Base language of English.
In-place upgrades can also happen other ways, included SCCM, or even a batch file sent via email that points to your customized source media.
Changes were made to SCCM/WSUS for compatibility, so make sure you get the updates to these tools for preparing and deploying your new images!
Simplified Deployment and Provisioning
The preview for the new Microsoft Deployment Toolkit (MDT) is available now, with all the tools to do image creation for windows 10. The final version is scheduled for the launch on July 29th.
There were some early issues with 3rd party encryption products because the Windows pre-execution environment did not have drivers for some of the vendors. Microsoft and these vendors are working hard to have these issues resolved by the release date. A couple of security companies are going to create a management engine for Microsoft Bitlocker and drop their own encryption. This is HUGE: it will be the least expensive way to use Microsoft Bitlocker in an enterprise environment. Previously you had to purchase Windows Enterprise plus the MDOP product to get the Microsoft Bitlocker Management Studio.
What happens when an employee leaves with a Windows Enterprise enabled device?
To help corporate IT better manage devices, Windows 10 can re-provision a machine from Pro to Enterprise and connect to a domain in the process. You will also be able to roll-back a machine from Enterprise to Professional if the machine isn’t domain joined. For now, Microsoft recommends joining the machine to an Azure domain (a new feature of Windows 10), which can be rolled back. Microsoft is working on the ability to roll-back Enterprise to Professional on domain joined machines, however, this will likely not be a feature in the released product.
Lastly, if an employee leaves the company and has Windows Enterprise installed on their BYOD, the Windows Enterprise version won't be able to see the company’s KMS server, so after 180 days, the end user will get a watermark, and some reduced functionality on updates. Microsoft is recommending AADJOIN (Azure Active Directory Join) for BYOD devices so that they can easily have company specific information removed and rolled back to Windows Pro.
For more information on Windows 10, tune in to SoftwareONE Tech Talk on the SoftwareONE Radio Network every other Wednesday of the month where we talk regularly on IT topics, especially Windows 10 as we get closer to the date. Click the banner below and fill out the form to receive information on joining this innovative radio show!
Manage BYOD and corporate-owned devices with MDM solutions
