Think Different About Your Modern Workspace Home

March 9, 2017
Colin Prime-Moore

Gone were the days when endpoint devices were huge ugly beige-coloured boxes located under the desks. These days, endpoint devices are no longer shackled to the desk by weight or wires, they exist more as mobility devices. Initially spurred on by the introduction of laptops over desktops, these have evolved into “all in ones” tablets, phablets and even phones now get in on the workspace. The majority of these devices allow users to mobilise their workspace and take it where ever they need to work, however, this then poses new challenges regarding security and data management. If you continue to manage these devices in the same traditional manner, but that has limitations, and there is another way.​

Managing the Device is so Limiting with MDM 1.0
So with the sprawl all these devices, IT administrators acted quickly to protect them against threats and loss, but applied the same rules as traditional systems, which means they were locked down and controlled from centralised on-premises management platforms. Very limiting functionality was provided, and usually could only be controlled whilst the devices was accessing the internal systems.  With the explosion of vendors releasing mobility devices, management of all these differing types and devices meant that usually the lowest common factor was applied to all, thus removing the majority of the functionality from the device (which in most cases was the reason for the device choice). So now is the time to look at the alternatives – why not let users have the freedom and productivity of any device they choose, whilst still maintaining the security, infact further enhancing it.

It’s not all about the device – its about the data!
Securing data by securing the devices it may be located on can bring huge challenges,  and the data is only secure the whole time it remains within the controlled environment, however if we were to extend the ecosystem across all devices, including personal, then security can be greatly enhanced. So how can this be done?

If we were to protect the data at the source, rather than on the endpoint device, we effectively negate the requirements of protecting the device itself. Utilising cloud based encryption and enforcement  systems to maintain visibility and management of information and data, means that if the data is leaked to unauthorised systems, users or devices, it maintains its protection.

Cloudification of Your Cyber-Security
Using modern technologies and techniques to protect your data is essential, this can be easily achieved using solutions like Microsoft Azure Rights Management, Information Protection and Cloud App Security, however these are not restricted to cloud based systems, they also protect traditional on-premises equipment too, even consumer based systems that may store your corporate data can remain protected.  

Utilising the Cloud where appropriate for the extended management and visibility of your data and information and devices can truly enhance your businesses productivity, whilst enhancing your businesses security requirements.

The End-to-End Workspace Stack with Microsoft
If we were to re-imagine the desktop for modern working, it would seem ridiculous to manage all of our devices from a LAN based / on premises infrastructure as the majority of devices these days would never be connected back to that infrastructure directly. So we have to think different ad perhaps learn from the Generation Z working practices.

IMHO Microsoft have got this right, the ability to discreetly manage distributed services regardless of the user’s location or device has become a reality with utilising Microsoft Azure services. For the traditional user and device management, join the devices to Azure AD (rather than on premises, don’t worry,  Azure AD integrates with traditional AD), Then use InTune to deploy applications, configuration and packages to those devices (and they don’t all have to be Windows). Introduce Enlightened applications for IOS and Android for BYO – basically sand-boxing within the application, rather than the app itself (users no longer have to join an MDM solution to remain protected). This lets the user utilise the app safely with personal and corporate data remaining protected. Protect your data with RMS and AIP (above). A full productivity suite served from the cloud, all subscription based and therefore managed on a per user basis.

But what about all those applications reliant on on-premises services, well you need not worry.  Microsoft have partnered with Citrix to deliver XenApp from Azure (that fully integrates with on-premises) – now your legacy applications can be securely delivered to any endpoint device.