Don’t panic! This article will not actually self-destruct, but it could – if we told it to. Securing your devices and identity are a constant consideration for businesses. Shifting to remote work has only highlighted the need for business mobility and advanced security.
In our recent article, Finding the right balance of security as Australians shift to work from home, we addressed the basic security functions you should consider securing your business entry point. However, beyond the basics is a world of intelligent and powerful security functions and it is quite likely that they are already at your fingertips.
To understand these functions, and why this article could self-destruct, you need to consider how your business protects identities, devices and content.
Identity protection made easy
Picture this: One department in your business uses Trello, another uses Confluence. They are not companywide tools and so have been set up by team members as required. Each tool asks users to login with an email and password and is managed by a self-nominated ‘admin’. These are work accounts, but they are not linked to a work identity.
“If staff leave and your IT have no control over an account this is a problem. Ex-employees can access business files via apps like Trello. Not linking these accounts to work identities leaves you open to have information accessed, shared or misused by ex-employees,” says Loryan Strant, Product Manager, Insync Technology.
Modern Workplace technology makes it possible to streamline and simplify the process. By connecting your applications and subscriptions to Azure Active Directory (Azure AD), they are added to your work identity and do no not require a login outside of your Microsoft sign in. In the event of staff leaving, all the IT team need to do is remove the credentials and the person in question no longer has access to any of the applications and files.
By connecting all apps to Azure AD, the user experience improves, as does the security.
Managing Devices in the Modern Workplace
With your apps secure and identities protected, the next step is to ensure controls are in place around your content and how it is accessed. Connecting employee devices to Microsoft Endpoint Manager (formerly known as Intune) and Azure AD allows users to log in to a work account, enabling managers to control the device as they would company computers.
In practice, this means that, should an employee work from home on their own laptop, the business can maintain app usage and how content is accessed and shared. It also means the traditional first day of a new job no longer requires spending an hour or two watching someone remotely set up your computer. In the cloud the work is done for you, with minimal assistance from the IT department.
“By leveraging the built-in functionality of Azure AD, business leaders can be assured that home devices are secure because the organisation policies will automatically apply to any device brought into the organisation. This means you retain control and security. For example, you might set a policy that prevents staff accessing their personal OneDrive or certain Windows apps,” says Loryan.
Identity – check! Devices – check! So, what about the content?
The final piece of the puzzle is how you protect documents, emails and any file containing sensitive information. By using Sensitivity Labels (which have superseded Information Protection) you can dictate exactly who can open or read a specific document.
Not only that but you can also choose to revoke access at any point. The labels essentially put a firewall around your content and only those with the magic key (access rights granted to the file) may enter. This applies to both internal and external users, making it a valuable tool for protecting embargoed or commercial in confidence documents.
“By using Sensitivity Labels, you can massively reduce your risk of information getting into the wrong hands. You can send a sensitive email and the recipient cannot save it, copy it or print – not even by using the Snipping Tool or a screen grab,” notes Loryan.
The combination of secure identities, authorised devices and sensitivity labels enable organisations to have full control over how they share sensitive information and who they share it with.
“This level of control does require organisations to put some thought into their governance frameworks and how permissions are applied within the workplace. But time is a sensible investment when you consider the risks you are mitigating as a result,” says Loryan.
What does this have to do with an article spontaneously combusting and science fiction?
If we wanted to, we could set this article to expire after you have read it. So, more of a time bomb explosion than a “self-destruct with smoke and special effects” type thing. But it is possible to do. In fact, it has been possible for a while.
Security often seems like a complex issue that requires forensic workarounds and system revisions but in reality, it isn’t.
“Microsoft has had customisable security features available for several years now. Whilst it may sound like a recent development, most of these are functions are built into Microsoft platforms and therefore need configuring in order to activate. It’s not futuristic or sci-fi, it’s Mission Possible,” concludes Loryan.
About Insync Technology
Insync Technology have assisted many Australian businesses protect their data and assets with Microsoft 365. To find out more contact Insync today.