Securing the End User
January 28, 2016
What does the future of security really look like? Here are some security facts to keep in mind throughout 2016 and beyond:
- Cost of security breaches projected to top $2.1 trillion by 2019
- On average a data breach costs $3.79 million to the company
- Business partners responsible for 22% of breaches
- 1 in 3 medical records will be breached in 2016
- 45% of healthcare security breaches from lost or stolen laptops
- The cost per lost record is $154
- Target’s security breach cost $1 billion
End Point Security Protection
Security breaches cost on average of $3.79 million, and in the case of enterprises, the cost can be extraordinary (Target’s breach cost $1 billion) according to Ponemon Institute, a security research center, in conjunction with IBM. Unfortunately, they are also increasingly common.
In healthcare, for example, two recent articles claim that 1 in 3 medical records in the US will be breached this year and that 45% of those breaches will be caused by lost or stolen laptops. That works out to 48 million records breached from the end point and $7.39 billion in costs to healthcare (at a cost of $154 per record).
Bring-Your-Own-Device (BYOD) initiatives (whether formal or driven by users) have increased the risk of losing data through the end point. Users commonly connect to corporate data through multiple devices, only one or two of which are managed by IT.
Microsoft Enterprise Mobility Suite (EMS)
Microsoft has addressed the issue by enabling security on the end point, application, and content level with the launch of Enterprise Mobility Suite and its bundled products. This unified solution limits access to content in several important ways and watches for anomalous behavior that could signal a breach.
Level 1 – Securing the device
Enterprise Mobility Suite includes mobile device management through Microsoft InTune, which delivers application and device management through integration with System Center 2012 Configuration Manager, all via a single management console.
InTune also provides comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption. InTune can even remove corporate data and applications when a device is unenrolled, non-compliant, lost, stolen, or retired from use.
Level 2 – Securing the application
Securing not just corporate applications, but apps provided by 3rd party SaaS companies is also important. A recent study showed business partners were responsible for 22% of security breaches.
EMS provides unified identity for single-sign-on for thousands of popular apps like box.com, mailchimp.com, and salesforce.com. User experience improves with automatic authentication using the active directory password, and IT gets better control of data by enabling or disabling access.
Level 3 – Actions within an application
Microsoft EMS can also limit user access to content within an application. For example, using Azure Rights Management, companies can restrict access to documents based on their permission levels within SharePoint- regardless of where the document is stored. Without active user credentials, the document remains safely encrypted and inaccessible even if it has been forwarded and saved on a local hard drive.
Administrators can also limit app functionality like copy, cut, paste, and save, within the managed app ecosystem. They can also prevent users from copying corporate information into their personal storage.