Our Blog

where we write about the things we love

24

May

Protection at the front door

This is the final blog in this series introducing you to Microsoft's Enterprise Mobility + Security. In this blog I will be discussing how you can protect your front door.

Protection at the front door - security

The previous blogs have covered the first three pillars - People, Devices and Information. The one pillar I haven't discussed yet is location. Being mobile is all about not being tethered to your office – the freedom to work anywhere. As a business, once your staff leave the office it is impossible to control the security of their internet access – they could attach to any Wi-Fi hotspot and start accessing your data. So, if you have staff working from a cafe or from the airport lounge how do you ensure they are working securely?

If this was an office or your own house, the first line of defence is your front door. You protect at the front door. Consider this scenario: someone knocks on your home front door, what do you do?Do you open it immediately or look through the peephole, or side window?

  • Here we have the first question: "Who is it?" The reply is: my name is Pete Thomas
  • The second question is: "Can you prove it?" Yes, he can, with an ID badge. We have now established it is Pete, but where is he from?
  • The third question is: "Where are you from?" Pete says he is from the Electricity company. Okay.
  • The fourth question is "What are you here to do?" Pete says he is here to read the meter You know that on this day someone was due to call to read the meter.

In summary:

  • You know who it is (they have an identity)
  • They have proved their identity (they have multi factor authentication)
  • They are from a known source (they are from a trusted location)
  • They want to read your meter (which apps they want access to)

This is called Conditional Access, which is a set of configured rules to determine who can come in, and under what circumstances - thus protecting your front door.

You can also apply this at an application layer as well. Mary, from accounts, is allowed to access her finance application from the office, and maybe from her home. But if she tries to access it from any other locations, she may need to provide additional verification to prove who she is (MFA), or be blocked from accessing it.

Creating these rules and maintaining them can take time depending on the number of locations, applications and authentication mechanisms. To assist with this, there are tools to analyse staff logon behaviour. These tools can monitor staff activity to learn about their patterns. For example, if Dave always logs on from a client site, but one day logs on from an unknown alternate location, the monitoring will pick up on this and send an alert to indicate something is unusual. His access may be genuine, or not, but you now have visibility of it and can act on it. This is Advanced Threat Analytics (ATA), and is also part of EMS.

If you have found the content of these blogs useful, and you want to find out more about how you can protect your people, devices, information and front door in the Mobile world using EMS, don't be a stranger. Get in touch with us as we can help you out.

Posted by: Jeff Tebbs, Senior Infrastructure Consultant | 24 May 2017

Tags: mobility, Security, Digital Transformation, EMS, Enterprise Mobility Suite, Microsoft Enterprise Mobility + Security


Blog archive

Stay up to date with all insights from the Intergen blog