Over the years companies have perfected the security on their borders to protect on-premise servers and data centres. With next generation firewalls and intrusion detection systems, it all adds up to be an expensive and complex solution to safeguard company data and recourses. With growing threats from the internet, these measures are now a norm when considering any IT infrastructure. The issue that companies are now faced with is their data is no longer only on-premise or in their data centres. 

Over the last decade the internet has exploded with the increase of cloud apps. The advancement in mobile technology and increased internet speeds has provided people with greater connectivity to the data they need wherever they are. With cloud storage, CRM, project management and finance cloud apps (just to name a few) it is no surprise that employees are moving to these for their daily work. With employees working from their favourite note taking app to their go to task collaboration solution, it is a trend that companies can’t ignore. The need to access company data outside of the traditional security borders is growing and needs to be embraced. The big concern is how?

Employees could be using the tools that are most convenient to their needs. Potentially this then leads to company data leaving the secure borders, thus losing visibility and control of that data. This is the biggest risk and one that results in companies refusing to move to the cloud. So how do companies overcome this? Maybe increase security, block all mobile devices, block remote access to data - in some cases, this is true, but in most it can have a detrimental effect to the flexibility and efficiency of the business. Companies need a solution that will provide the control over their data, inside and outside of their secure borders.

Office 365 is now a large part of many companies who embraced the move to cloud services. It provides great resilience to services that would have resulted in huge infrastructure costs and maintenance overheads. Whilst providing these services it also raises the concern of who is accessing the cloud data and what is happening to that data after it leaves Office 365. Enterprise Mobility and Security (EMS) is the security bolt-on to Office 365 that Microsoft has developed to overcome these concerns. It covers areas such as, who is logging in to Office 365, what devices are accessing Office 365 and what happens when that important data leaves Office 365. The flexibility of the EMS solution can be tailored to the company’s requirements, but ultimately it provides the control and visibility companies need over their cloud data. 

Condition access is the first form of defence in EMS. Hackers and opportunists have targeted the weakest part of any cloud app, which is the username and password. Malware and phishing emails are popular methods used to retrieve this information. As soon as the hacker has this information they have no trouble accessing data in the cloud service undetected. 

Conditional access puts a stop to this using Multi-factor Authentication as well as location and device awareness. It can’t be stressed enough the requirement for Multi-factor Authentication on all cloud services. This means that if someone was to gain access to your username and password they will also require your mobile phone to successfully login to the cloud service. EMS also provides location awareness, so for example, if the company only expects employees to login from the UK, it can automatically block any attempts to login from outside of the UK. Lastly, logins could only be allowed from company registered devices, this leads on to another vital part of the EMS suit. 

Mobile Device and Application Management (MDM & MAM) are the key to having visibility and control over the devices accessing company data. The EMS MDM and MAM solution is called Intune. This provides a set of rules that the device will adhere to before being allowed access to company data. This can range from many requirements including enforced device encryption, up-to-date software, Anti-Virus software and mandatory device passwords. Intune provides not only control over company devices but also any personal devices that employees wish to use to access company data. This feature allows the company to look at the potential of BYOD with the security and visibility of the devices accessing Office 365. If a device doesn’t meet the company’s requirements, or is blocked, then it will no longer be allowed to access company data. So now the company have increased security over who is logging in to Office 365 and what device they are using, what about the data they are taking out of the business and sharing with others?

EMS can automatically tag and encrypt data depending on its content or name. Data loss prevention policies and labels can be used to highlight the sharing of potential sensitive data. Once the data has been encrypted it can only be accessed by the people whom have been given access. For example, if an important project document was shared with a third party they will not be able to read the data as they do not have permission. 

As well as securing data, EMS can extend its reach to other cloud apps. Single sign-on and discovery services provide the company with visibility and control over third party cloud services. As well as the features mentioned EMS also provides reporting and insights into the security and vulnerability of cloud apps. EMS ultimately gives companies greater understanding and control over the technology landscape of cloud apps and mobility.