by Steve Galloway | Dec 4, 2014
Microsoft is expanding its built-in mobile device management (MDM) features built for Office 365.
Small businesses tend to adopt a BYOD (bring your own device) policy to mobile devices when granting email and in-house business information to its employees. However, as this article explains, giving employees wider access to business IT networks poses serious data protection and security risks.
The new tools enable network administrators to selectively restrict senstitive business information so that in the event of, for instance, a temporary loss emails and Word docs can be wiped from a mobile device while leaving an end user’s personal data and apps in place.
Large businesses use applications like Microsoft Intune to automate deployments and management of large mobile device fleets. Office 365 includes provisions for basic device management in its business and enterprise Office 365 services. In early 2015, these tools are being expanded to include:
- configurable security policies on devices that connect to Office 365 to ensure that Office 365 business email and documents are synchronized only on phones and tablets that are managed by your company. For instance, whereas employees could potentially connect multiple devices including home PCs to services, Office 365 administrators can manage which devices a user can authenticate.
- configurable security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is misplaced, lost or stolen.
- remove Office 365 corporate data from authenticated devices when an employee leaves an organization, while leaving their personal data, photos and apps intact.
MDM for Office 365 is built directly into the productivity apps like Word, Excel, Outlook, etc., and mobile device policies can be managed with MDM within the Office 365 administration portal using the Office 365 user interface and wizard-based workflows. MDM generates ueful management reports detailing information about connected devices, including automated Wi-Fi, VPN and email profiles. Intune also provides bulk tools for pre-configuring large scale application delpoyment and can provide users with a self-service portal where they can enroll their own devices and install corporate apps.
by Steve Galloway | Nov 18, 2014
From October 1st ComStat can provide support to help organisations and users manage data leakage and data protection.
On a large scale, data leakage is a serious issue which finds its way into national headlines. American retailer Target faced enormous losses and serious reputational damage in November 2013 when the company lost 40 million credit card numbers to hackers.
Small businesses may argue they do not face such risks, however small businesses are subject to the same data protection governance for due diligence regarding personal information, and even if a small business does not store credit card numbers electronically, users can still “leak” senstive date to third parties that can come back to haunt businesses.
ComStat network administrators have access to a large array of geographically relevant “policies” which can be established monitor outgoing email for sensitive information like credit card numbers, drivers licenses, passwords, in fact just about anything. On identification of an imminent “leak” users are notified with a number of options:
1. Users can override and permit transit of email, although the event is logged,
2. Sensitive information can be masked by the system,
3. Sensitive information can be delted,
4. Entire emails can be deleted with user notification.
ComStat’s engineers work with businesses with a strategy of using these kinds of tools to educate users of risk while enabling them to conduct their business with minimal obstruction.
In addition to monitoring email textual content, services also extend to identify attachments, which might comprise forms like applications, patents, etc.
Data leakage and data protection issues are difficult to meaasure because the risk of loss is usually hard to quantify until a significant event, by which time businesses can be exposed to substantial threat. As a lowest common denominator, however, businesses have an strict obligation to protect customer and third party personal information, and increasingly free email services like GMail, Yahoo, and Live do not provide tools to manage with the responsibilities European and UK law impose on businesses.
Although these services are aimed primarily at ComStat’s Exchange email users, the same tools are being expanded in 2014 and 2015 to encompass raw data storage like document libraries, spreadsheets, pdf’s, etc.
Please contact us to find out more about how our data protection services can help you.
by Steve Galloway | Nov 18, 2014
From Sept 25th, ComStat is providing management services for users and organisations who need help managing business information on mobile devices like laptops, tablets, and mobile phones.
While users increasingly connect to organizational data using multiple devices, the pace for keeping up with the protection of sensitive business and personal information has fallen behind that curve. Losing a mobile phone is one thing. Loss or theft of a mobile phone which holds business data is a potentially serious issue, and one which can put entities in breach of data protection laws.
ComStat’s mobile device management services enable us to manage an organisation’s mobile “fleet” in a number of ways:
1. Controlling access to services by equipment brand, or model, or user
2. Implementing selective or global PIN access to mobile devices
3. Temporary restrictions to services from mobile devices
4. Wiping all information associated with user accounts.
For instance, if Alex loses a mobile phone in Frankfurt, he can probably get the SIM stopped rapidly. However, without management tools of some kind in place, whoever has custody of the phone has potential access to everything on Alex’ desktop at work. On notofication of loss, ComStat engineers can invoke any of the techniques above to restrict or stop all services associated with Alex’ account instantly.
The issue of “mobile” data protection is important for another reason. Entities who give you or your organisation access to their personal data expect a duty of care requiring the “custodian” to use the data for the purposes it wa given and to protect it. In cases where mobile devices are lost, information which at law belongs to your customers and which falls into someone else’s hands may leave you or your organisation with reputational and potentially legal liability.
Please contact us for more information about data loss protection and mobile device management services.
by Steve Galloway | Sep 1, 2014
With effect from September 1st, ComStation.co.uk is providing support network administration for EOP security tools for email.
EOP (Exchange online Protection) is a Microsoft solution for managing virus, spam, phishing and other malicious formats. Critically, the service is managed at the data centre for incoming AND outgoing email. Managing incoming email in this way reduces the risk of contaminated email reaching users’ machines.
Microsoft estimates that over two thirds of email transiting the Internet is junk, spam, or malicious. In the field, ComStat devotes significant time to repairing customer equipment compromised by users inadvertently opening suspect email.
EOP includes control panels for customising filtering, IP blocks, domain name blocks, and more. EOP also integrates with ComStation.co.uk tools for data leakage protection, enabling organisations to manage senstive information in outgoing email which might include regulated personal data, credit card numbers, other company information, etc. Invoking data policies in thi way helps organisations to educate employees. Systems can be configured to allow users to override system recommendations while logging user decisions, and also unilateral suppression of sensitive information (e.g. credit card numbers, passwords, etc.)
EOP does not manage over PC security, however is a game changing solution for end users because it minimizes risk of costly damage to buiness networks and machines. Also, because the security process is managed at the data centre, ComStat is able to deliver “clean” email not only to user workstations, but also to the user’s connected devices like mobile phones, laptops and tablets.
EOP was orginally developed to support Microsoft Exchange, and is more than anything else specialised software that deals with email. In this respect, EOP’s email protection services are often more comprehensively tooled than conventional Anti Virus applications, and is used widely by the world’s largest businesses.
EOP is included in ComStat’s subscription email services for business users. EOP can be provided as a standalone solution (£2.00/mo per user account, £20.00 annual) for services provided by third party data centres.
by Steve Galloway | Aug 18, 2014
With effect from August 18th, ComStat is providing 100GB inline email archiving. Inline archiving is provided in addition to the 50GB limits established for individual user accounts.
Inline archiving is a technique that relocates arhived email from on-premises equipment to users’ allocated services at the data centre.
Typically, small business users archive email using Microsoft Outlook to a segragated data file that sits apart from their Outlook inbox, sent Items, and other current folders. Archiving helps to improve system runtime. However, archived emails continue to reside on users’ individual workstations, and archives can only be accessed from the workstation that the arhive is situated on. This leaves the risk of data loss in the event of hard drive failure or machine failure. Unless the archive itself has been backed up using .pst, the archive remains vulnerable.
In our experience, users are not comfortable with Outlook’s backup functions and email backup, whether by copying current folders or using archives, is generally not organised. Typically, users’ email records are usually about as historic as the lifetime of their machine.
ComStat’s email services for premium business users provides 50GB mail storage per user. There is a case to argue that archiving is not necessary at this level. However, users who connect to email services with mobile devices via telco connections may have trouble managing large volumes of email on mobiles, particularly where bandwidth is limited, where data transfer volumes may be an issue, and where smartphones are physically limited to lower capacities (8GB, 16GB, etc).
Inline archiving helps to reduce inbox sizes, while relocating historic archives to the managed data centre also means users can access their archive via a variety of devices.
Inline archiving is available to premium business users by default. Other users considering this service should talk through options with ComStat. Existing users who want to upgrade to this service would need a manual rebuild of their environment, so it is important to plan needs in advance of execution of service.
by Steve Galloway | Aug 18, 2014
From August 18th, ComStation.co.uk is providing a new platform for commercial users. The new subscription services provides 50GB mailbox limits per account, and for enterprise users we are providing in-line archiving which provides for a 100GB real-time archive which is housed in Exchange/Outlook Web Access.
