The first forays into making a workforce mobile were creaky, slow and expensive – and largely confined to field workers and sale teams. Gerry Hampson, senior consultant engineer at Ergo remembers it well: “You had to make a good business case to be granted remote access to corporate resources. Now it’s the new normal,” he said. “Users can work from multiple locations with multiple devices. For years we talked about anytime anywhere access – not only has it become a reality, it’s now a requirement for most businesses.”
In the space of 15 years the landscape has changed dramatically, highlighted by Hampson as he recalls the different stages of workplace evolution – from a time when most people spent their working lives in an office at a single desktop to the first out-of-office activity involving a laptop hooked up to a virtual private network.
“It’s now about users with multiple devices wanting access to all resources all of the time. Once you go down that road, an organisation is effectively doubling or even tripling the number of devices they have to support. Making sure people get access to resources without compromising security becomes a big challenge in itself,” he said.
The challenge is to open up secure access while making it as seamless as possible. Ergo, like a lot of Microsoft partners, uses the Microsoft Enterprise Mobility Suite (EMS) to address the challenges of identity management. It includes Microsoft Intune, for device and application management, and single sign-on through Active Directory Federation Services. Integrating the suite with Microsoft System Centre allows organisations to manage all devices through one pane of glass.
Ergo is also taking on the broader Microsoft mission that’s pushing for dominance of a single device, replacing the laptop and tablet with a hybrid tablet that can be used in conjunction with a docking station and keyboard. Microsoft is not proscriptive about the make of the device and encourages the channel to sell solutions from Dell or Acer as well as its own Surface products.
On the BYOD/CYOD (bring your own/chose your own device) debate, the larger organisations with better corporate controls tend to go with chosen, pre-approved devices. “Personally it’s the approach I prefer,” said Hampson, “but it’s hard for smaller organisations that just don’t have the same levels of governance. They let their people buy and use what they like and try their best to deal with it.”
Once again, Microsoft tools are on hand to de-risk such an approach. System Centre Configuration Manager can be set up to determine how devices are used. It has an Ownership feature that designates if a device is corporate or personal and facilitates wiping of data if it’s lost or stolen. “Microsoft continues to add new features,” said Hampson, “and recently made EMS geographically aware, so if someone apparently signs in from two separate locations at the same time, access will be denied.
Multifactor authentication grows ever more sophisticated with different layers that include a code sent to the user by SMS, which has to be entered to gain access. “It does get complicated but it shows that the security is there now if you need to take it to another level. Some workforces, like in financial institutions, are savvy enough about regulatory requirements to use such features,” he said.
More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest...Read now
Security architecture refers to a unified security design that addresses requirements and potential risks involved in a certain scenario or...Read now