Over the last 12 months, we have seen IT departments deploy remote working with incredible success and adoption. The workforce are mainly having to work remotely, from home offices, kitchen tables, bedrooms or sofas. But what happens when their technology or services dont work as expected? IT staff have work very hard to offer remote support to their end-users, but sometimes that is not as effective as being face-to-face with the end-user. Or even when their corporate devices have stopped working, it can take days (in best cases) to get new kit deployed to them.
Even in some cases, end-users just prefer to use their own devices, or dont know how to use certain applications that the company have now decided they want to adopt. It can be difficult to adapt to new software when the training is delivered remotely.
Compliance and Data Leakage Risks
When technology fails and users have urgent deadlines to submit documents, review proposals, or provide a response to critical emails, people will generally do whatever it takes in that moment to get the task completed. For example, your company device will not connect to your home printer. Why not access the company document from your personal computer and print it from there? Some probably will do, without even a thought for data compliance or data compromise issues.
But the risks are there: a greater likelihood of data breaches, an increased security threat landscape, and the potential failure to meet regulatory or compliance standards. IT departments, CISOs and CIOs, spent a long time trying to secure company endpoints from malicious activity, strict controls on which applications a user could download and use. Is that strategy now relevant in a fluid, flexible, workforce?
There is another way. Protect the Data. Let people use whatever device they are the most productive on, but use the M365 controls to protect the data that they are accessing. Prevent downloading data to unmanaged, unsecure devices. Ensure that data cannot be uploaded to non-company approved cloud storage services, such as DropBox or GoogleDrive. Deploy Sensitivity Labels to documents, emails, SharePoint Sites, Teams or Groups to protect what actions can be completed with that data. Look to use Retention Policies to prevent data being deleted, either mistakenly or maliciously, and meet those compliance and regulatory requirements
In the age where we are being more flexible with our work locations, we should also be looking at being flexible with what devices the workforce can use.
With tools such as Azure AD Entitlement Management, Conditional Access, Intune, Cloud App Security, and, Security and Compliance, you can ensure that your data is securely available from any device, and is consumed is a secure container. In 2021, we are going to see a large upturn in companies looking to completed projects around Information Governance, Information Protection and Identity Protection.
To get started with a free assessment of your current state, please contact us to help secure your remote workforce and company data