The universe of computer security is always expanding. The next frontier in Zero-Trust Security frameworks must include endpoint protection for your organizational habitat.
It’s every working parent’s nightmare. You’re in a busy airport with your company laptop and a child who desperately needs a snack. You turn your head for just a minute to dig for a snack, but when you turn back, your laptop bag is gone.
Luckily, you remember your recent cybersecurity training and call your company’s service desk immediately. As soon as the service desk verifies your identity, they wipe all of your company’s valuable information from every app on the device.
You avoided this potential tragedy because your organization’s Zero-Trust Security framework has begun protecting endpoints, as well as online identities.
What is Endpoint Protection?
In a previous blog in this series, I described how tools such as multifactor identification (MFA) protect online identities by adding an additional layer of security to your traditional username and password. Protecting endpoints — whether your desktop PC, Mac, smartphone, laptop or tablet, for example — means using tools like patches, updated antivirus software and group policies to safeguard every place you send or receive digital data.
Historically, organizations secured endpoints by choosing vendors and installing their software on server infrastructure within the organization’s data center. Back then, employees did not need to access company resources outside of that network. But today, vendor applications have moved outside of these “safe” organizational environments to all those remote endpoints.
The Software as a Service (SaaS) model smoothed the transition by making it easier to update vendor software. But with today’s much greater need to access work data online — and the staggering growth in apps employees can easily access — organizations need to step up their endpoint security game.
The problem now is that you need to check every endpoint used by every employee, even if your organization has thousands, tens of thousands or more employees around the world. How can you do that? That’s where endpoint protection tools such as Microsoft Intune come in.
How Intune Protects You
Microsoft Intune is an endpoint management tool that checks each endpoint against an organization’s list of approved apps, security policies and more automatically. Its goal is to determine if each endpoint is compliant with every factor on the list. Company policies guide those factors.
For example, Intune can be configured to verify if a device is encrypted with a tool like Bitlocker, that it meets minimum operating system requirements, that all passwords are sufficiently complex and recently changed, and that the user installed all required firewall, antivirus and antimalware software.
In other words, Intune can automate the process of identifying endpoints that are not compliant with your company’s policies and notifying their owners what actions to take. Once owners have made the modifications, Intune can again automatically notify owners, mark the endpoints compliant and return them to service.
The result: secure endpoints that allow today’s employees to work safely on any device wherever they go.
In addition, Intune can do things like preventing endpoint users from copying and pasting information from company apps to personal apps installed on the endpoint. This feature allows businesses to stop buying company cell phones. Instead, Intune secures company apps on personal endpoints through policy metrics. If the employee’s personal endpoint doesn’t have the latest manufacturing security updates on the endpoint, Intune prevents them from installing or using company apps and data on their device.
Intune is included in most Microsoft licensing agreements, and you can use it on Microsoft, Mac, Linux, iOS and Android platforms.
Endpoint management software is another important tool in the cybersecurity arsenal. In my next blog, I’ll look at application security, which you use in conjunction with endpoint and identity security to powerfully protect your organization.
Intune analysis is part of our Zero-Trust Security Assessment service, which includes looking at your security posture, developing a customized roadmap, and discussing security awareness training.
Zero-Trust Security’s goal is to provide a more holistic view of your organization’s security to keep ahead of bad actors’ attack methods. In addition to identities and endpoints, that means securing apps, data, infrastructure and network signals — all of which I will cover in future blogs.