IT Business Strategy – What does good look like?

When it comes to business development, it is easy to look for short-term fixes and realize that things aren’t working out the way you want it. What if we told you that your IT can help you change your business’s success?

Information Technology is continuing to challenge the way companies organize their business processes. Establishing new ways to communicate with current and potential customers and deliver their services. Simply put, Information Technology enables business, and business drives IT.

The Alignment of IT & Business Strategy

As businesses rely on a comprehensive technology plan to meet business goals, without aligning the two strategies companies may spend too much on technology without ever solving the business challenges they face.

While there is no standard way to align both strategies successfully, it is best to break them down into sub-processes to review against industry best practices. By doing so, we can effectively identify key factors needed to improve:

  • business functionality,
  • make more profit,
  • and see better ROI,

in order to hit their goals with less effort. Therefore, aligning technology and business strategies can improve agility and operational efficiencies.

Business Strategy meets Best Practice

Best Practice is defined as:

A method that has consistently shown results superior to those achieved with other means. Used as a benchmark, a “best” practice can evolve to become better as improvements are discovered.”

An IT Best Practice Review is able to reduce the cumbersome processes by identifying what is important to your business. Reviews can vary greatly, depending on context. What matters to a company of 500 staff does not necessarily apply to a typical SMB. We understand this from the 500+ businesses we have been fortunate to have done business with.

It will highlight areas your business is doing well, as well as what areas could be improved; such as any risks, or potentially useful technologies or processes. This process will also include recommendations moving forward, so you know the cost implications of identified issues.

In order better understanding of ‘What Good Looks Like’ for your business, don’t hesitate to contact one of our Client Relation Managers on 1300 705 062 for more information.

Microsoft End of Support Products in 2020

Consumerism. Many products and services that we purchased a decade ago may still work for us today, bit like our washing machine. It’s a more bit tethered around the edges from when we purchased it, may make a bit more noise than it use to, however like most of us who are waiting for the new Samsung Galaxy S20 range to come out know that technology continuously evolves to fit the audiences needs in the modern world today. That being said, I don’t rely on my washing machine to run and protect our business, it only has one simple function, to wash clothes.

As times change, customers, businesses and employees’ needs change as well. If they didn’t we may still be mailing orders the old fashioned way to distributors for customers that needed the products yesterday. We wouldn’t use the same technological tools to run against our competitors in the industry, nor would we use the same security methods developed a decade ago to protect our businesses from cyber-crime that has had a decade to evolve. Hence why it is vital to keep your business systems current and up to date with the latest security patches, software updates, performance improvements, and technological advances that the Microsoft modern workplace has to offer.

If you still have products that are end of life running your business we urge you to update your systems. With cyber-attacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks. To express the reality of it all, ABTechnologies has seen with out of date systems in the past quarter:

Product Security
  • 2 clients’ systems hit with ransomware attacks.
    • Backups were recovered, this hasn’t always been the case.
  • 10 clients’ systems brute forced by outside presences.
    • 2 systems were accessed.
  • 3 clients’ businesses offline due to outdated servers.
    • Downtime averaged 1 week.

The upcoming end of support milestone doesn’t need to be a burden. See it as a great opportunity to transform your applications and infrastructure to take advantage of cloud computing and the latest versions of SQL Server and Windows Server. We are pleased to share various options and tools to help you manage this transition to carry your organization through the next decade. ABTechnologies are the only 1 of 2 companies skilled and offering Microsoft Teams Voice and the latest Windows Virtual Desktop solution in the Microsoft Marketplace in Australia!

If you would like to be contacted in regards to updating your IT infrastructure, improving your security compliance, or maybe you would like to find out how you can improve your business processes with the current technology and software being developed today, please contact our Customer Relations Team on 1300 705 062 or crm@abtechnologies.com.au , or for more information on which Microsoft products are ending in support in 2020, please visit: https://support.microsoft.com/en-us/help/4470235/products-ending-support-in-2020

The Best Practices for Email Security Webinar

Last week we kicked off our Webinar Series.

Modern attacks are rapidly growing in volume and sophistication.

All it takes is for one employee to open a single malicious attachment, or click one infected link, and your company’s entire cybersecurity is put at risk.

Due to these actions being so simple and common – opening an email, following a link to a website – it is becoming more difficult for companies to increase their security. However, with the addition of robust employee user training, your business can reduce the risk of staff members opening the door to digital attackers. Modern attacks are rapidly growing in volume and sophistication

Watch our Webinar on Best Practises for Email Security to learn important ways to protect your business. 

Hosted by Mark Lukie from Barracuda Networks alongside our Senior Solutions Architect, Jarred Jenkins.

Stay tuned for more upcoming webinars.



Introducing Barracuda Sentinel

Introducing Barracuda Sentinel

Microsoft Sway

Get Started with Microsoft Sway

New to Microsoft Sway? This article provides an overview of how easy it is to create and share anything with Sway’s colorful and interactive canvas. Learn how to create and preview your first Sway, how to add and embed content, and how to share your finished creation with others.

What is Sway?

Sway intro video - click image to play

Use Sway to reimagine how your ideas come to life

Sway is a new app from Microsoft Office that makes it easy to create and share interactive reports, personal stories, presentations, and more.

Start by adding your own text and pictures, search for and import relevant content from other sources, and then watch Sway do the rest. With Sway, you’re no longer limited to picking a pre-designed template that makes your presentations look like everyone else’s, and you don’t have to have any design skills to transform and showcase information in modern, interactive, and attention-getting ways.

With Sway, there’s no need to spend lots of time on formatting. Its built-in design engine takes care of making your creation look its best. If the initial design doesn’t quite match your taste or mood, you can easily apply another — or fully customize your layout to make it your own.

It’s super easy to share your finished Sways. Family, friends, classmates, and coworkers can see your creations on the Web without signing up, signing in, or downloading anything. And you can change the privacy settings for any Sway whenever you want more control over what you share.

Sway is free to use for anyone with a Microsoft Account (Hotmail, Live, or Outlook.com). You can create more sophisticated Sways with more content when you use Sway as part of an Office 365 subscription. For more information, see Add more content to your Sways with Office 365.

What can I create with Sway?

Whether it’s a report, a presentation, a newsletter, a personal story, a photo album, or a visual trip report, there’s virtually no limit on what you can express creatively with Sway.

Reports Presentations Newsletters Stories
             Reports          Presentations           Newsletters               Stories

If you’re not sure what’s possible, you can get inspiration by viewing and interacting with Sways that other people have created. After you’ve signed in to Sway (see below), scroll down to the bottom of the My Sways page, and then browse through the featured content under the heading “Get inspired by a featured Sway.” You can also choose to start with one of the featured templates to begin using and learning Sway.

Sign in to start creating

To get started with Sway, visit www.sway.com in any browser and then click Sign in on the top menu bar.

Sign In button on the toolbar

When prompted, enter the email address you want to use with Sway. You can use your free Microsoft Account (Hotmail, Outlook.com) or any organizational account given to you by your work or school. If you don’t already have an account, visit www.microsoft.com/account to sign up for free.

On the My Sways page that opens after you’ve signed in, click or tap Create New to start creating your first Sway.

Create New button on the My Sways page

Get to know the Sway Storyline

The Storyline is where you type, insert, edit, and format the content that tells your story. Content is arranged in sequential order by adding so-called “Cards,” each of which holds the type of content you want — such as text, images, videos, and even Office documents. The order of cards can be rearranged at any time to suit your needs.

Cards task pane and Sway Storyline

Give your Sway a title

Click the Title your Sway placeholder text shown in the first card on the Storyline, and then type a short but meaningful description of what your Sway is all about. When you later share your finished Sway, this title will be the first thing that others will see.

Title prompt on the Sway Storyline

Add images and text to your Sway

To add basic content to your Sway, such as text and images, click or tap the <+> icon in the bottom left corner of any existing card, and then choose the type of content you want to add. To see all available options, click Cards on the top menu bar. If you prefer, you can also drag and drop text and images right onto your Storyline. (Don’t hesitate to experiment — you can change the order of your content at any time and customize each card the way you want.)

Add images and text to the Storyline

Add content to your Sway

You can easily search for and add additional content to your Sway, such as an image that is stored on your computer or mobile device. Sway can also search the Web for the most relevant content, such as videos and tweets, and add it to your Sway. On the top menu bar, click Insert, select your preferred content source from the menu, and then enter any search keyword or phrase into the Search sources box.

Insert menu and content search box

Preview your Sway

You can preview your work in progress at any time by clicking the left-facing arrow next to the Preview pane near the upper right. When you preview your Sway, you can see how it will appear to others when you later decide to share it. To fully experience your Sway (including any interactivity options that you’ve added on the Layout menu), click the Play button on the top menu bar.

Preview the current Sway

To return to your Storyline when you’re done previewing your Sway, click the right-facing arrow near the upper left.

Exit Preview to Storyline view

Change the design and layout of your Sway

Sway lets you focus on what you’re trying to communicate by taking care of the formatting, design, and layout of your content. You can keep Sway’s suggested default design, select and apply your own, and even customize the layout.

To choose a design for your Sway, click Design on the top menu bar, and then select the theme you want. To choose a random look and mood for your Sway at any time, click the Remix! button on the top menu bar until you find a design that suits your taste. You can also adjust a specific part of the currently applied theme, such as color, font choices, and the emphasis of animation by clicking the Customize button in the Design pane.

Design and Layout options in Sway

If you want to control how others will view and navigate your Sway once you’ve shared it, click the Layout button on the top menu bar and then select whether your content should scroll vertically, horizontally, or appear like a presentation.

Share your Sway

Ready to share your Sway with the world — or perhaps just with selected people? Click the Share button on the top menu bar and then select how you want to share your Sway. Your choices on this menu depend on the type of account that you used to sign in to Sway.

Sharing options in Sway

For a more detailed look at all available sharing options, see Share your Sway.

Go mobile with Sway

Sway works in all modern mobile browsers, regardless of platform. Whether you’re taking the sightseeing trip of a lifetime, documenting research for school, or taking part in an important business conference, Sway is always just a tap away.

  • Sway.com
    Visit www.sway.com in any mobile browser, no matter what the platform or device.
  • Sway for iOS
    Find the free Sway app for your Apple iPhone or iPad on the App Store.
  • Sway for Windows 10
    Find the free Sway app for your Windows 10 device in the Windows Store.

Discover Accessibility features in Sway

The browser that is used to author and view a Sway determines the Accessibility features that are available. For best results, we recommend Internet Explorer, Firefox, or Safari.

You can use Sway in a high-contrast mode with full keyboard functionality and screen reader access to your content. Click More Options ( . . . ) on the top menu bar, and then click or tap Accessibility view. To quit Accessibility view, use the same command again.

For more information about Sway Accessibility, please read the following:

Microsoft Teams rolls out office 365 to customers worldwide

Microsoft Teams rolls out to Office 365 customers worldwide

This post was written by Kirk Koenigsbauer, corporate vice president for the Office team.

Today, during a global webcast from Microsoft headquarters, we announced that Microsoft Teams—the chat-based workspace in Office 365—is now generally available in 181 markets and in 19 languages. Since announcing the preview in November, more than 50,000 organizations have started using Microsoft Teams, including Accenture, Alaska Airlines, Cerner Corporation, ConocoPhillips, Deloitte, Expedia, J.B. Hunt, J. Walter Thompson, Hendrick Motorsports, Sage, Trek Bicycle and Three UK. We’ve also introduced more than 100 new features to deliver ongoing innovation and address top customer requests.

With more than 85 million active users, Office 365 empowers individuals, teams and entire organizations with the broadest and deepest toolkit for collaboration. Office 365 is designed to meet the unique workstyle of every group with purpose-built, integrated applications: Outlook for enterprise-grade email; SharePoint for intelligent content management; Yammer for networking across the organization; Skype for Business as the backbone for enterprise voice and video; and now, Microsoft Teams, the new chat-based workspace in Office 365.

Microsoft Teams—the chat-based workspace in Office 365

Microsoft Teams is a digital workspace built on four core promises: chat for today’s teams, a hub for teamwork, customization options and security teams trust.

Chat for today’s teams

Microsoft Teams provides a modern conversations experience, with threaded, persistent chat to keep everyone engaged. We’ve rolled out many new communication features since preview, including audio calling from mobile devices, plus video on Android, which is coming soon to iOS and Windows Phone. And we’ve addressed numerous customer requests, adding the ability to email a channel, including attachments, send messages with markdown-based formatting, and receive notifications about all posts in a channel.

Move a conversation from email into Microsoft Teams with rich formatting, including attachments.

Hub for teamwork

The Office 365 applications and services that people use every day—including Word, Excel, PowerPoint, OneNote, SharePoint and Power BI*—are built into Microsoft Teams, giving people the information and tools they need. We’ve recently added support for open, public teams within an organization. We’ve also enhanced the meeting experience by adding scheduling capabilities, integrating free/busy calendar availability for team members, adding recurrence, and making it easier to transition from chat to high-quality voice and video.

Ad hoc and scheduled voice and video meetings right from within Microsoft Teams.

Customizable for every team

Every team is unique, so we’ve made it easy for teams to customize their workspace with Tabs, Connectors and Bots. More than 150 integrations are available or coming soon, including Bots from hipmunk, Growbot and ModuleQ. We’re also partnering with SAP and Trello to build new integrations. SAP SuccessFactors will help employees and managers track goals and performance as part of the way they work in Microsoft Teams every day. Trello will empower teams to easily get projects done with boards, lists and cards right within Microsoft Teams. These partnerships let users bring important apps and services into Microsoft Teams, truly making it their own hub for teamwork.

New Bots help you to complete tasks within your conversations.

Security teams trust

Finally, Microsoft Teams is built on the Office 365 hyper-scale, enterprise-grade cloud, delivering the advanced security and compliance capabilities our customers expect. Microsoft Teams supports global standards, including SOC 1, SOC 2, EU Model Clauses, ISO27001 and HIPAA. We also added support for audit log search, eDiscovery and legal hold* for channels, chats and files as well as mobile application management with Microsoft Intune.* And starting today, Microsoft Teams is automatically provisioned within Office 365.

These security and compliance capabilities are critical for enterprise customers, but our responsibility at Microsoft goes beyond this. Our mission is to empower every person and every organization on the planet to achieve more. With that in mind, we’re working to ensure every team member can participate, with new accessibility features, including support for screen readers, high contrast and keyboard-only navigation. This will enable Microsoft Teams to be more inclusive and tap into the collective brainpower and potential of every person.

Customers achieve more with Microsoft Teams

We’re thrilled by the enthusiasm of customers like Trek Bicycle, who’ve built Microsoft Teams into the way they work every day.

“Across Trek’s global teams, the integrated collection of Office 365 applications serves up a common toolset to collaboratively drive the business forward. We see Microsoft Teams as the project hub of Office 365 where everybody knows where to find the latest documents, notes and tasks, all in-line with team conversations for complete context. Teams is quickly becoming a key part of Trek’s get-things-done-fast culture.”
—Laurie Koch, vice president of Global Customer Service at Trek Bicycle

Myths About Moving to the Cloud

What all SMB’s need to know about moving to the cloud
Office 365

Myth 1: Office 365 is just Office tools in the cloud, and I can only use it online.
Myth 2: If our data moves to the cloud, our business will no longer have control over our technology.
Myth 3: Keeping data on-premises is safer than in the cloud.
Myth 4: I have to move everything to the cloud; it is an all-or-nothing scenario.
Myth 5: Cloud migration is too much for my business to handle.
Myth 6: Corporate spies, cyber thieves, and governments will have access to my data if it is in the cloud.
Myth 7: Skype and Skype for business are one and the same.
Myth 8: Email isn’t any simpler in the cloud.
Myth 9: Continuously updating Office 365 will break my critical business applications.

Myth 1: Office 365 is just Office tools in the cloud, and I can only use it online.

FACT: Office 365 is a suite of cloud-based productivity services, which can include:
  • Office 365 ProPlus or Office 365 Business – the Office desktop client you already know and use, including Microsoft Word, Excel, PowerPoint, Outlook, and OneNote, with the added benefit of being licensed, deployed, and updated as a service. These applications are installed on your device so they’re available even when you are offline. And you have the option to store data in the cloud.
  • Exchange Online for email and calendaring.
  • SharePoint Online and OneDrive for Business for collaboration, websites, workflows, and enterprise file sync and share.
  • Skype for Business for voice, IM, meetings, and presence.
  • Yammer for social collaboration.

 

Myth 2: If our data moves to the cloud, our business will no longer have control over our technology.

FACT:
  • When you move to the cloud, headaches and time spent maintaining hardware and upgrading software are significantly reduced. Now you and your team can focus on the business rather than being a repair service. You have more time to spend improving business operations and launching agile initiatives.
  • Instead of spending ever-larger portions of your capital budget on servers for email storage and workloads, you can think strategically and support business managers in a much more agile fashion, responding to their needs quickly.

Myth 3: Keeping data on-premises is safer than in the cloud.

FACT:
  • It’s becoming increasingly clear that your on-premises systems aren’t inherently more secure than they’d be in the cloud, says Mark Anderson, founder of the INVNT/IP Global Consortium, a group of governments and security experts solving the growing cyber theft problem. Many companies are routinely hacked and don’t know it, says Anderson, a tech visionary and founder of Strategic News Service.
  • Security has grown into a full-time job, one requiring a team of experts, and the few experts available require hefty salaries. Microsoft hires the best and brightest when it comes to thwarting security breaches, and we have the scale most companies can only dream about.
  • To keep Office 365 security at the pinnacle of industry standards, our dedicated security team uses processes such as the Security Development Lifecycle; traffic throttling; and preventing, detecting, and mitigating breaches that many companies don’t have the resources to ensure. And, Microsoft Office 365 has a 99.9 percent financially backed uptime guarantee.
  • Additionally, we staff industry-leading regulatory compliance experts. We know and keep up to date with the latest regulations and rules: HIPAA and Sarbanes-Oxley, Federal Information Security Management Act (FISMA), ISO 27001, European Union (EU) Model Clauses, U.S.–EU Safe Harbor framework, Family Educational Rights and Privacy Act (FERPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), just to name a few.

 

Myth 4: I have to move everything to the cloud; it is an all-or-nothing scenario.

FACT:
  • While early cloud supporters proclaimed the cloud as the Holy Grail, no one really advocated fork-lifting your entire enterprise to the cloud over the weekend. Most implementations start with a hybrid approach, moving a single application, like email, and growing from there.
  • The hybrid cloud creates a consistent platform that spans data centres and the cloud, simplifying IT and delivering apps and data to users on virtually any device, anywhere. It gives you control to deliver the computing power and capabilities that business demands, and to scale up or down as needed without wasting your onsite technology investments.
  • Many companies are moving productivity workloads to the cloud; the path for each is different, and the time it takes for those migrations varies. We can help you move workloads such as file sync and share (OneDrive for Business) or email (Exchange) first, and then help you figure out the right long-term plan for more difficult or larger products.

 

Myth 5: Cloud Migration is too much for my business to handle

FACT:
  • When you start considering how to move petabytes of data to the cloud, it’s easy to see why some people think ‘going cloud’ is too big a challenge. We’re not going to tell you it’s as easy as pie. But you can be up quickly for agile initiatives and calculated data migrations.
  • We’ll help you every stop of the way with information and tips on firewall configurations, reverse proxy requirements, identity options, migration possibilities, and a phased approach to hybrid setups. We’ve created several paths you can follow, ad in more cases, you can use your existing tools and processes.

 

Myth 6: Corporate Spies, cyber thieves, and governments will have access to my data if it is in the cloud.

FACT:
  • This is a top fear many businesses have about the cloud. But it’s unfounded. Your IT team manages access, sets up rights and restrictions, and provides smartphone access and options. Your company remains the sole owner: You retain the rights, title, and interest in the data stores in Office 365.
  • We operate under several key principles when it comes to safeguarding your data:
    • We do not mind your data for advertising or for any purpose other than providing you services that you have paid for.
    • If you ever choose to leave the service, you take your data with you.
    • Privacy controls allow you to configure who in your organisation has access and what they can access.
    • Extensive auditing and supervision percent admins from unauthorised access to your data.
  • Strict controls and designs elements prevent mingling of your data with that of other organisations. Our data centre staff does not have access to your data. Additionally, we offer 99.9% uptime via a financially backed service level agreement. If a customer experiences monthly uptime that is less than 99.9%, we compensate that customer through service credits.
  • Microsoft is the first major cloud provider to adopt the world’s first international standard for cloud privacy. The standard establishes a uniform, international approach to protecting privacy for personal data stored in the cloud. It reinforces that:
    • You are in control of your data.
    • You know what’s happening with your data.
    • We provide strong security protection for your data.
    • Your data won’t be used for advertising.
    • Microsoft encourages government inquiry to be made directly to you unless legally prohibited and will challenge attempts to prohibit disclosure in court.

Myth 7: Skype and Skype for Business are one and the same.

FACT:
  • Skype that you use at home is great for a small number of users and is free thero_sfb_multi-device-image_645x346o use, unless you want to buy credit to make calls to landlines and mobiles.
  • Skype for Business lets you add up to 250 people to online meetings, gives you enterprise-grade security, allows you to manage employee accounts, and is integrated into your Office apps.
  • Skype for Business integrates with Office 365, boosting productivity by letting people connect on their terms. Employees can make and receive calls, give presentations, and attend meetings from on application – from anywhere – as long as they have an internet connection. For example, employees can:
    • Instantly see when someone is busy or available.
    • Start an instant messaging session by double-clicking a contact name.
    • Share a desktop during a meeting.
    • Invite outside partners to join a meeting via a full feature web conferencing experience.
    • Integrate video through a webcam for a call or conference.
  • With Skype for Business, you don’t need to have a dedicated administrator to run servers or invest in additional infrastructure. We take care of all of it for you. As a part of Office 365, Skype for Business offers users new features, upgrades, and patches as soon as they are ready. Skype for Business and the consumer version of Skype can also be federated so that communication is possible between platforms. Skype for Business service is supported around the clock. Of course, your IT team will have to manage settings, access, and security, but we handle the rest.

Myth 8: Email isn’t simpler in the Cloud.

FACT:
  • By moving your business email to the cloud, you can rest easy knowing that the experts who created the software are taking care of the tricky maintenance, while your team keeps control of your company’s capabilities and how your employees use features. You can spend more time on the core operations that build your business value rather than keeping up with persistent hardware maintenance.
  • Software updates and fixes are delivered automatically as soon as they are released, and Exchange Online is always first in line for updates. Although the management and updates are fully automated, you are still in control when it needs to be with the Exchange Admin Centre.

Myth 9: Continuously updating Office 365 will break my critical business applications.

FACT: We know that a lot rides on your employees being able to use business-critical apps and add-ins with Office. We are committed to compatibility with the tools you use every day with Office 365. We do that by:
  • Offering the same worldwide standard of desktop applications with the familiar tools you know and love, including Word, PowerPoint, and Excel.
  • Working hard to ensure that even as we update Office on a regular basis in the cloud, we ensure our updates do not impact areas that would impact other software applications. For example, for the past 24 months, monthly releases of Office 365 have not resulted in object model or API changes. If your business critical solutions work with Office 2010 or Office 2013 today, chances are they will work with Office 365.
  • Collaborating closely with leading software vendors, and providing them tools and early access to ensure that their solutions that work with Office continue to work with Office 365.
  • Helping you avoid compatibility issues with guidance and best practices for update management and development.
  • Enabling side-by-side installs of Office 365 ProPlus and your older versions of Office, which gives you the time needed to remediate any issues.

 

Source: Microsoft

Enterprise Mobility – Fulfil the Promise, Avoid the Pitfalls

mobile_cartoonWe see the pattern time and again. “Everyone” agrees that a new technology will transform business and you must be part of it or risk being left behind.  Businesses caught up in the hype rush to implement optimistic and poorly thought out projects.  Something goes wrong resulting in massive costs and reputational damage.  Finally, we take a more cautious and realistic approach to building the new technology into our business models and the technology starts to meet its early promise.

Such is Enterprise mobility.   The notebook, smartphone, and broadband wireless are enabling technologies, allowing us to break away from the office and have accelerated a transformation of how we think of the workplace.  Benefits from anywhere access to data and tools include a boost to productivity, improved customer service, and flexibility for employees. The concept appears to be a clear win/win with evangelist’s spruiking the undeniable benefits, but often ignoring the security implications.  We are a long way down the road to mobile maturity, but we are not quite there yet.

Early mistakes were made, and records show it takes time for an industry to adapt and learn.  In 2006, millions of health records in the US were exposed from a stolen laptop, resulting in a class action that cost tens of millions on top of the privacy and identity theft issues.  Lesson learned?  Perhaps not, try googling breaches from lost and unencrypted notebooks and smartphones and you will find the same mistake made time and again.

A variety of risks and mistakes continue to be documented.   Just this month a Chinese firm admitted to installing hidden software that sends the users text messages, call log, contact list, location history, and app data back to Chinese servers – software that may have been preinstalled on as many as 700 million phones!  What happens when such a phone is brought inside your corporate network as a BYOD device?

So how to reduce these risks?  Any solution must take into account the diverse range of devices, technologies, and user awareness that is present across an organisation as well as trade off security for ease of access and use.

Attempting to implement a specific solution for each disparate device, scenario, and individual is prone to failure and akin to wack a mole.  Instead, a multilayered approach can work with a fundamental focus on data, authorisation, and compliance rather than the device or specific risks.  Applying broad strategies that can cover unforeseen risks as well as known risks – make the system as intrinsically safe as practical.  Build a consistent, secure environment across devices and applications, and quarantine and protect that environment from unregulated parts of the system.

The most successful solutions will allow a company to maintain control of its data while not getting in the way of work.

Elements of a Mobile Security Strategy

In order to develop a robust mobile security strategy, consider a wide range of technologies and techniques, then pull them together to meet your security objectives and implement a consistent strategy.

Manage the Human Factor

The greatest vulnerability in any corporate security system are its people.  People want to get their job done, not fight with the tools and access they need to do that job.  Where security gets in the way, then they will work around it and introduce new risks.

Staff will use weak passwords that are easy to remember.  They will click on random email attachments with no thought that they may be a virus.  They will help the nice man, purportedly from Microsoft, remotely take over their PC to fix the “computer problems” he generously rang them about.  They will enter their credentials into a fake website, just, because.  They will jailbreak their phone.  They will let little Jonny install a game that comes with a special payload of malware.  They will not do these things to harm their company, boss, or IT staff, but rather because their focus is on their work and because they don’t have the knowledge or awareness to know better.

People don’t like to feel needlessly constrained in what they can do with their tools, or even which tools they are allowed to use, and that is doubly so when they are using personal devices for work.  Security policies will be more effective if they take into account user expectations and behaviour.  Enforce password policies but perhaps also support alternative and easier authorisation methods, say fingerprint access.  To share files, the standard corporate fileserver may not cut it for staff used to using Dropbox or OneDrive, so perhaps look at cloud options that can be implemented in a secure way.  Solicit requests from staff about current pain points and any tools or functions they feel are missing and work out a way to help them out – with security integrated.

Work with staff to meet their needs rather than try to dictate from on high what staff must use.

Source: Microsoft Enterprise Mobility and Security Blog

Source: Microsoft Enterprise Mobility and Security Blog

Redefine “The Workplace”

In the world of enterprise mobility, the “Workplace” is now a collection of locations, devices, data, and communication channels.  Not all of these elements are under direct control of the corporate and edges to the corporate environment are necessarily blurred.

Defining a mobile security environment then necessitates a focus on defining and monitoring flows and storage of information and identifying where boundaries are set and how to control movement of data across those boundaries.

Set and Enforce Mobility Security Policies

To limit risks of unauthorised access, a strict mobile security policy is essential.

The basics include enforcing a lock policy on devices, and device encryption.  You can also set compliance requirements for devices such as ensuring patches and anti virus are up to date, and check that the device is not jail broken or has risky software installed on it.

To implement such policies you need some control over the device, and that can cause issues in the case of BYOD where policies may conflict with personal use of the device, or where enforcement of compliance may not be realistic on the device.

access_policy

Application Control

Application control aims to reduce to risk posed by security flaws in particular applications.  At a basic level using a white or blacklist of approved applications and versions might be enforced alongside centralized provisioning and management.  More advanced methods that have emerged in recent years include security and management protocols baked into applications.  Again, in many cases where staff are using personal devices, enforcing application control can be a point of conflict.

ems_notifications

Protect Data in Transit, Layer Security

Mobile devices may access corporate resources across a changing variety of network infrastructure including public and unsecured wireless hotspots.  Ensuring traffic that transits across such networks is secured by appropriate encryption protocols is essential.

Some small businesses allow remote users to login work machines directly with the windows RDP protocol.  Don’t.  While RDP is generally secure, you only need one bug or weak password and you have a breach.  Require a VPN to carry your RDP traffic (remember CVE-2012-002 which allowed RDP servers exposed to the internet to be compromised.  You don’t want that.) A VPN may itself have bugs or other vulnerabilities, but two reasonably independent layers are much less likely to be penetrated than one.

BYOB vrs CYOD

In some environments Choose your Own device rather than Bring your Own Device is a popular trade off where policy allows staff to choose from a wide range of acceptable devices that are owned by their company rather than allow an open slather approach.  This approach can reduce the range of potential vulnerabilities and will reduce conflict over acceptable use of the device by maintaining hardware ownership within the company.

Protect Documents at the File Level

Rights Management technologies can be used to secure access to company documents by default, and to restrict movement of those documents outside of a secured environment.  At a basic level that means encrypt all documents and only unlock those documents after appropriate authentication is applied.  This means if a document is accidently emailed, or a device with the documents stolen, the document will still not be accessible.  It also means that if authorisation is revoked for a user, they lose access to corporate information, even if that information is still on their personal devices.

Restrict Printing, Emailing, or Copy/Paste of Corporate information

Following document encryption, the potential exists for decryption to occur at a whitelisted application level where the approved application can also restrict the ability to copy or print sensitive documents.

Encrypt Everything

lockedWhole device encryption is slowly becoming standard on smartphones (much to the highly publicized concern of some government authorities) and is a must to ensure data on devices can not be read, even if an unauthorised person gains direct access to the devices file storage.

Technology such as bitlocker has been available for some time and is underused on notebooks and desktops.  Trusted Platform Modules (TPM) is now quite common on business focused laptops and allows for simple access with bitlocker enabled on a notebook.

File level encryption may be more appropriate where personal devices are in use and to better protect documents that may be transmitted to other users or to remove file servers or cloud storage.  Using both technologies is reasonable and largely invisible to the user.

Use Multi Factor Authentication

Typical authentication requires knowledge or access to a single authentication key, such as a password or a physical device.  The problem then is when that access method is discovered or becomes accessible to an unauthorised person, then the attacker is straight in.

Two factor authentication requires access to two different categories of authentication keys, selected such that if one authentication method becomes exposed, it remains unlikely that the second method is also exposed so the attacker still cannot gain access.  For example, an online portal might be secured with a password but also requires access to a separate security fob that generates a changing one time password.  If the set password is exposed, an attacker still cannot log in without physical access to the security token.  For highly sensitive information, additional authentication requirements might be added.

The main drawback of multi factor authentication is the additional time and nuisance of entering two or more authentication keys every time data is accessed.  This issue should be managed by considering the value of the protected content and apply realistic policies to find a reasonable balance.  For example, when accessing data at an online portal from a particular device policy may require the password entered on every access (or after a short timeout) but the changing security token to be applied only once per day when access can be verified to be from a previously authorised device.

Push Notification for Microsoft Authenticator app on iOS

Push Notification for Microsoft Authenticator app on iOS

 

Device Access Control

Maintaining a registered list of approved devices (corporate and personal owned) can allow for access to be restricted to those devices, reducing the issues with an open slather approach.

Partitioning Personal and Corporate Data

When accessing corporate data and systems on personal devices, isolating corporate from personal data and usage can help maintain privacy for the user and secure corporate data from unsanctioned access or copying.  Access to corporate data can then be restricted to approved applications and allow a remote wipe function on corporate data without touching personal data.

Use Data Analytics and Context – Conditional Access

Increasingly intelligent authorisation systems can be used to detect and block unusual activity and tailored to complementary systems that are in use.

Fred might log into a company cloud storage in the evening for an hour or two accessing from his home internet originating from an IP address in Brisbane.  He might access the same information the following day from a wireless hotspot while at lunch, also in Brisbane.  An hour later, he tries to access the information from a IP registered in Melbourne and different device.  That may raise a flag and an advanced authorisation system might block that one and lock his account in case it’s an attempt using leaked credentials.

ems_conditionalaccess

Use an Enterprise Mobility Solution

A range of enterprise mobility solutions are available from major IT corporates and are under rapid development.  A number of packages have reached a level of maturity and include many of the technologies discussed in this article along with excellent reporting tools and risk management systems.  They are worth considering as an excellent starting point and core component of your mobile strategy.

Enterprise mobility solutions can be assessed by features including:

  • support a wide range of devices, environments, and applications.
  • include threat detection based on known attacks and vulnerabilities, and abnormal behaviour.
  • wipe all corporate data from a device when an employee leaves an organisation
  • set policy restrictions on, for example, restrict the ability to cut and paste content to unprotected files.
  • prevent access on devices or in environments that do not comply with security policies, such as jail broken phones, and lock or remove data on devices that become non-compliant.
  • provide a end user based a self-service portal for users to enrol their own devices
  • include single sign on so once authenticated, multiple applications and sites are accessible.
  • support bulk deployment tools to enrol devices, change rules, and install applications on large scale.

Bringing it all Together

Enterprise Mobile Security requires wide-ranging integration of technologies, procedures, and policies and is one of the toughest and most important systems to get right in your organisation.  It requires a good knowledge of your business but also of the technologies available.

My advice is to keep your eye on the big picture and continuously weigh up risk against productivity while reviewing the systems effectiveness, and feed those reviews back into incremental improvements.  The more traditional rigid approach of ticking boxes and believing you are secure is a sure path to failure.

For smaller organisations, draw on the experience of external experts, but don’t buy into a prepacked, “standard” solution (there is no such thing).  Work with consultants to help them understand your business, and work with them to tailor the technology and policies to your needs.

Further Reading

Cyber Security Report

Pre-installed Backdoor On 700 Million Android Phones Sending Users’ Data To China

Why stolen laptops still cause data breaches, and what’s being done to stop them

Microsoft EMS Blog