Securing the End User

What does the future of security really look like?  Here are some security facts to keep in mind throughout 2016 and beyond:

End Point Security Protection

Security breaches cost on average of $3.79 million, and in the case of enterprises, the cost can be extraordinary (Target’s breach cost $1 billion) according to Ponemon Institute, a security research center, in conjunction with IBM. Unfortunately, they are also increasingly common.

In healthcare, for example, two recent articles claim that 1 in 3 medical records in the US will be breached this year and that 45% of those breaches will be caused by lost or stolen laptops.  That works out to 48 million records breached from the end point and $7.39 billion in costs to healthcare (at a cost of $154 per record).

Bring-Your-Own-Device (BYOD) initiatives (whether formal or driven by users) have increased the risk of losing data through the end point. Users commonly connect to corporate data through multiple devices, only one or two of which are managed by IT.

Microsoft Enterprise Mobility Suite (EMS)

Microsoft has addressed the issue by enabling security on the end point, application, and content level with the launch of Enterprise Mobility Suite and its bundled products. This unified solution limits access to content in several important ways and watches for anomalous behavior that could signal a breach.

Level 1 – Securing the device

Enterprise Mobility Suite includes mobile device management through Microsoft InTune, which delivers application and device management through integration with System Center 2012 Configuration Manager, all via a single management console.

InTune also provides comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption. InTune can even remove corporate data and applications when a device is unenrolled, non-compliant, lost, stolen, or retired from use.

Level 2 – Securing the application

Securing not just corporate applications, but apps provided by 3rd party SaaS companies is also important. A recent study showed business partners were responsible for 22% of security breaches.

EMS provides unified identity for single-sign-on for thousands of popular apps like,, and User experience improves with automatic authentication using the active directory password, and IT gets better control of data by enabling or disabling access.

Level 3 – Actions within an application

Microsoft EMS can also limit user access to content within an application. For example, using Azure Rights Management, companies can restrict access to documents based on their permission levels within SharePoint- regardless of where the document is stored. Without active user credentials, the document remains safely encrypted and inaccessible even if it has been forwarded and saved on a local hard drive.

Administrators can also limit app functionality like copy, cut, paste, and save, within the managed app ecosystem. They can also prevent users from copying corporate information into their personal storage.

Microsoft’s Data Loss Prevention (DLP) solution, well known in Exchange, is now available with SharePoint too.  DLP watches for sensitive information like social security or credit card numbers and prevents their transmission by redirecting users and notifying IT.

Securing the End User is an important part of any information security strategy, and it goes far beyond simply training and retraining on policies.  These Microsoft tools help IT enforce best practices and remain in control of sensitive corporate data.