PROTECTING DATA, DEVICES, AND APPLICATIONS

Objectives:

Protecting data, devices and applications in modern organizations is not any easy task.  Our resources explore a wide range of topics related to options around protecting sensitive business operations and assets.  A common theme throughout this section will discuss ownership and accountability as it relates to endpoint device management.  To learn more about how to protect your data, devices, and applications explore the content below or reach out to us directly, contact@jadexstrategic.com.

Who ARE THESE RESOURCES FOR?

These resources are for anyone looking to better understand how to protect data, devices, and applications.

Understand the types of data you create

Understanding the types of data we create is the first step in learning the best ways in which we can protect that data.  At the fundamental level, we have two types of data that all users generate, Structured and Unstructured.  Basically, structured data is generated, and managed by systems and applications. Whereas unstructured data is often defined as content we create and manage.

One of the key challenges related to protecting data comes from the management of unstructured data. The task of protecting data for an entire organization is frequently left to a single person or team with expertise in security, compliance, or technology. In a perfect world, the responsibility of protecting data would lie with everyone in the organization. Because everyone creates data, it is important for every organization to be actively documenting the proper methods for creating and storing unstructured data. Up next, we will present concepts related to why your data is important.

Why would anyone want our data?

The data you create is more important than you think.  What if we told you that there are individuals, teams, and government supported entities that are trained in information dominance?  They are trained to look for the connections in the data we create and exploit the vulnerabilities they identify.  Most large-scale security breaches occur as the result of vulnerabilities exploited through a target’s vendor network.

A key concept to understand is that data can become much more useful and valuable when combined with other sources of information like Personally Identified Information (PII).  It is important for everyone within an organization to understand that accountability begins by accepting ownership of the content we create across all devices and applications.

Do you leave your front door unlocked at home?

For most people, the answer would be NO. When you leave the house, you lock the front door.  The problem is most organizations don’t apply the same logic to protecting their organizational data.  When someone joins an organization, they are given access to sensitive organizational data that, if compromised, could reflect negatively on the organization.  The data we create lives in applications and on device endpoints where users download the latest spreadsheets or documents.  Now ask the question, how are we protecting that data?

In the spirit of transparency, there are a combination of third-party tools that an organization could purchase to potentially secure this data, but consider this: If you had an open wound, would you protect it with 10 band-aids, or would you bandage it properly and secure the wound? The answer seems obvious but utilizing numerous third-party applications to secure your data is what we call “The band-aid approach.” With Microsoft 365, your organization can rest assured that all your data is protected with data loss prevention, insider risk management, mobile device policies, and application management available through Microsoft Endpoint Manager.

The advantages of labeling your content

At JADEX, the concept and act of labeling documents is embedded in our culture.  Our founders began their careers in the United States Intelligence community where content was either labeled Unclassified, Confidential, Secret, or Top Secret.  This was a manual process and applied to all content with a colored stamp of the given label classification.

Fortunately for us, it’s not like the old days.  Microsoft has revolutionized the entire process of sensitivity and retention labeling. They have enabled the ability to automatically label content based on common identifiers such as social security numbers, credit card numbers, or bank routing numbers. Given the proper Microsoft 365 cloud licensing, technical implementation, and training any organization could utilize these features across the Microsoft suite of business applications.

What does Endpoint device and application management mean?

At the base of what endpoint device management entails is providing systems administrators the ability to fully control applications, configuration policies, and security features of any device connected to a domain. Typically, organizations either leverage internal personnel to manage endpoints or outsource the function to third-party vendors.

For organizations that utilize endpoint device management features internally, they often use core capabilities associated with a Mobile Device Management (MDM) while neglecting specific feature configurations that might provide added security or improved user functionality. The gap referenced often resides in an organization’s lack of application management tools and policies provided through Mobile Application Management (MAM). With MAM solutions, you can provide an additional layer of security that wraps your data with a protective shield which can be wiped or recalled at any time.

What JADEX strives to accomplish is to educate users of Microsoft’s cloud services. Specifically, this will focus on the benefits of protecting your data, endpoints, and applications where content originated and is potentially exposed. Microsoft provides a comprehensive endpoint device management system called, “Intune,” which is capable of fully managing devices and applications. Intune is the only MDM/MAM capable of adhering to strict regulatory compliance standards.

Protecting Data, Devices, and Applications Remotely

When we discuss managing data, devices, and applications we should once again reinforce the concept of ownership and accountability.  Ultimately, ownership of the data, devices, and applications reside with the organization that physically owns it.

Today’s trend for endpoint device management is to outsource or delegate external vendors to remotely manage assets. Would you rather hand over your social security card, birth certificate, and credit card information to someone else to manage, or does it make more sense to acquire the tools and skills to manage and protect this critical data yourself?

Before trusting someone with the keys to your businesses’ data, devices, and applications it’s important to ask those vendors how they plan to be accountable for the environment you are expecting them to protect.

The fact is, most MSPs are managing multiple clients’ environments and attempting to do so as cheaply and simply as possible.  To compound that problem, most MSPs aren’t security focused and therefore overlook the importance of protecting their own environments.

Jadex feels believes that endpoint device management should begin and end with the organizations’ internal staff. The risks, vulnerabilities, and threats associated with outsourcing these services greatly outweighs the benefits.

You don't need that physical server

What most MSPs won’t tell you is that you don’t need a physical server or firewall on-premises. Microsoft has developed a robust cloud infrastructure capable of virtualizing any server or firewall your local MSP is trying to sell you. Given the proper licensing and pay per usage model, organizations can leverage the enterprise security and protection of Microsoft Azure. Additionally, if you have strict regulatory requirements such as meeting FedRamp authorization, Microsoft GCC High is currently the only option for storing your data.