As more apps and data move to cloud, traditional perimeter security has become irrelevant and ineffective.
With widespread EMM consolidation, companies are no longer looking for disparate identity, device management, app management and data management solutions. They need a comprehensive solution that enables mobile productivity.
EMS is a born-in-the-cloud solution that integrates with on-premises capabilities. So it serves as an extension from what you’re already using, enables you to capitalize on gaps between products and equip users to do more. Learn more about getting EMS deployed in your organization.
The concept of security in the Microsoft-hosted cloud may be difficult to grapple for some, especially when it comes to protecting all the aspects of users and company data on the go. That’s why Microsoft exec Brad Anderson recently released a video that breaks down the EMS capabilities (42 minute video).
Here are 3 distinguishing characteristics of EMS that make it the most comprehensive cloud security platform:
1. Verifying Identity With Azure Active Directory
Identity is the most important part of an enterprise mobility management platform and architecture. While the cloud has increased productivity, more entry points and interactions mean 1 threat could compromise an entire organization.
2. Azure Active Directory is the identity store and security springboard for all corporate apps, devices, etc. Once users have proven who they are, they can access apps like Office 365 and have everything delivered to them to be productive. Microsoft has worked with thousands of partners (including 2,500 SaaS apps) to ensure they also integrate with AD.
To prevent against malicious access, you can enable multi-factor authentication (verification via email or text) through Microsoft EMS. Windows 10 takes this one step further through camera authentication, which eliminates the need for passwords and unauthorized logins altogether.
3. Managing Corporate Apps, Not Devices
Microsoft EMS focuses on managing corporate apps, not the devices themselves, so users can work securely from the apps and devices they prefer while retaining control over their personal data. Microsoft’s Advanced Threat Analytics and telemetry capabilities sift through data to point you to suspicious activity. Here are just a few technologies at work:
- Cloud App Discovery brings apps under management so you can drill into specific apps to see user activity, how much data is transferred, etc. Other management capabilities include auto provisioning and access revoking, single sign-on, etc.
- Azure Machine Learning identifies who is using apps, when they’re being used and from where and delivers custom reports.
- Anomalous Sign-in Reports tell you when people are attempting to sign in from hidden IP addresses, from multiple accounts or from two different locations within a short period of time.
- Microsoft’s Digital Crimes Unit constantly looks at the dark part of web to find user credentials for sale and compromised user accounts.
Distinguishing Between Corporate and Personal Data
How can data loss prevention (DLP) be applied to corporate documents but not personal ones?
Microsoft has baked the concept of multi-use (employees use devices for both work and personal use) into its security platform. For example, built-in intelligence identifies what is corporate or personal data and restricts users from sharing corporate information via a personal email or copying and pasting it.
By protecting the apps, not the device itself, you’re able to apply policy to corporate apps without taking over device.
Here are a few ways EMS promotes smart data loss prevention when managing data transfer across partners and employees:
Tech Tips built into Office: By identifying sensitive data such as credit card numbers, EMS provides pops-up Tech Tips to help users make smarter decisions when handling sensitive data.
- Access embedded into documents: Files inherently understand who can open it and what rights particular users have.
- Integration with Azure RMS: When users share a document, it actually contains names of users who can access it and the rights they have. Users can share information and track how the data is being used — who is accessing documents, attempts to open from unauthorized users, etc. — all by time and location.
- Easy open/send for RMS-protected documents: In the past, it wasn’t possible to read, edit and send RMS-protect documents with devices. Now, EMS makes it simple to read, create and edit these files.
The core belief behind EMS is that data should be self-protecting and inherently understand who can open it and what rights those users have.
If you have any questions about the Enterprise Mobility Suite or want to learn how it can protect your corporate assets in the cloud, contact an Agile IT rep today!