With the immense pressure for organisations to get remote working services up and working many SaaS providers are offering free trials which are very tempting. Whilst these services may seem to offer a convenient short-term fix, they could have implications for your governance and compliance.
Here’s are some suggestions to help you deliver what is needed successfully and securely:
- Stick to your principles
- Security - authentication and endpoint management
- Use Desktop as a Service to limit data held on end-user devices
- Secure collaboration and file sharing
- Communicate with your users regularly
Stick to your principles
Whilst it is tempting to allow temporary measures, be aware that whatever you implement is likely to have lasting implications. Shadow IT is a legitimate concern as are GDPR and security breaches as staff adapt to working out of the office. Try to make choices and communicate a strategy that supports your policies and best practice.
It is important to ensure that staff understand they need to follow existing processes and ask for help and advice if they encounter difficulties or raise a change request for a new software if they think they need new tools. By collating this information, you get better visibility of what people need and identify the most effective solution. You will likely need solutions to common tasks such as file sharing and video conferencing so anticipating these avoids people implementing workarounds.
If you are sourcing new services to assist with collaboration or reviewing SaaS tools remember to review all of the Service Level Agreements and check: where will your data be stored and how it is stored? Is there data encryption in transit and at rest? What is the guaranteed service availability? If sovereignty is an issue and data need to be in the UK or EU then does the service support this? Vitally, what happens when you end the service, does the supplier guarantee to delete all copies of the data?
Security – authentication and endpoint management tools
You should be using multifactor authentication as widely as possible, but especially for your most sensitive data such as your company accounts, email and personnel records. If you haven’t done this already rolling this out to your users may require a little planning, but is relatively simple and can be enabled through Azure AD and Active Directory.
If you’re still maintaining devices manually, or have a raft of new laptop equipment, now is a really good time to deploy Microsoft Endpoint Manager which will provide your IT team with the flexibility to secure, manage and monitor BYOD and corporate owned devices. This suite of tools includes SCCM, InTune and Autopilot combined with Desktop Analytics and will enable you to improve your mobile device management posture and support a diverse range of devices with advanced security features such as conditional access to data and services based on the location of your users. The best news is that if you are currently subscribers of EMS E3, EMS E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 F1 then you should already be licensed to use many of the features.
Use Desktop as a Service to limit data held on end-user devices
Desktop as a Service, a cloud based VDI solution can be deployed to provide secure access to services on any chosen end-user device. If your end-users normally use a desktop machine and they are reliant on their home devices because you are unable to provide them with a dedicated laptop then VDI also offers HTML5 functionality allowing access to the desktop and common applications through a web browser.
The security benefits of this service are that the data is stored and backed up centrally instead of being stored on an end-user device. Centrally managed desktops can be easily patched and updated to keep them secure. The service is also managed centrally and can be scaled up and scaled down based on your current needs and you only pay for what you use per user per month.
A service image can be designed and deployed very quickly, making it an efficient and future proof solution. Currently, Fordway can facilitate this process within 5-10 days.
Secure collaboration and File Sharing
If your organisation has Microsoft 365 or Office 365 then Microsoft Teams Group Chat Software & Collaboration Tool can provide an excellent platform, encompassing Sharepoint, OneDrive and Exchange. If you are currently running Skype for Business then it is possible to upgrade your tenant automatically. One of the benefits is that Teams is optimised to bring networking and performance benefits including call quality which Microsoft estimate to be 40% better than Skype for Business based on their user research. Microsoft is currently offering a free six-month trial of Office 365 E1 and Teams including full meetings, collaboration and workflow capabilities. We’re happy to provide further information on this.
And finally, we repeat - Don’t forget to regularly communicate with your users!
When everyone is out of the office, it is crucial to keep staff informed about IT progress, issues and threats. Take for instance the current spate of Coronavirus phishing emails and malware attacks; with staff working at home, they may be more vulnerable to this activity especially given the current situation. Make sure that your staff understand the signs of scam emails – here is a useful list of characteristics from the NCSC. Also, encourage staff to report all such occurrences centrally. We’ve also got some advice on developing an effective security culture, three tips on being prepared for ransomware attacks. There’s a raft of information out there so can also take the opportunity of sharing some of the resources you think are most useful with your staff.
