Guest Column | February 10, 2017

How Channel Firms Can Start The Conversation Around Endpoint Security

Retail Security Infrastructure

By Al Sargent, OneLogin

An organization’s data is only as secure as its endpoints. Over the last few years, a perfect storm of workforce and technology trends have collided making endpoint management a Sisyphean task.

To start, enterprise hardware is no longer limited to fleets of Windows PCs, behind a firewall, in an office, used only by full-time employees. Desktops, laptops, and notebooks — some running MacOS and some running Windows — coexist in most businesses. Second, work is no longer limited to the physical office. Employees are always on, checking email and apps from their bedrooms, coffee shops, and airports, outside the company firewall. And finally, companies today often have an extended workforce of non-W2 users — contractors, brokers, agencies, outsourcing firms, and more — who need to access a company’s applications and data.

Exacerbating both issues, organizations’ data is increasingly valuable and vulnerable. Last year the average total cost of a data breach hit $4 million and, as breaches at Yahoo, Sony, and the U.S. federal government prove, even organizations with large security budgets can be a target.

With IT environments growing more complex, channel firms have an opportunity to help clients overcome the hazards and headaches of endpoint management.

Everyone’s In The Market For Endpoint Protection
Understanding modern endpoint perils starts by looking back. Legacy security infrastructures, such as Microsoft Active Directory, were built in the 90s when Windows and on premise were the rule and only employees accessed apps. Today, both cloud native organizations and more established firms burdened with on premise systems wrestle with the consequences.

Cloud-native businesses that operate almost entirely on SaaS apps ultimately face SaaS sprawl, leaving IT departments in need of a comprehensive way to manage user identities across a swelling pool of programs. Because these organizations often rely on Macs, connecting to Active Directory is difficult (if not impossible) and consumes days IT could better spend elsewhere.

Even organizations with more traditional IT environments have AD Exiles who can’t connect to (or be protected by) the corporate directory. Active directory may suffice for employees using PCs in the office, but it’s a non-starter for plenty of other audiences: remote sales teams for whom VPNs may or may not work, developers writing code on Macs, even external business partners like freelancers, marketing agencies, and brokers.

In either scenario, IT has no way to consistently enforce strong passwords across all PCs and Macs for all users. As a result, devices are protected with weak, easily guessed passwords that are never changed.

Guiding Clients Toward A Better Solution
Advances in cloud directory technology, single-sign on, and multi-factor authentication present service providers with a chance to do more than educate clients about the importance of endpoint security. Instead, they can offer a new way forward, recommending tools that will protect their data, save IT staff from wasted helpdesk hours, and respect employees’ demands for flexible workstyles. To kick-off the conversation, there are key questions firms should ask clients:

  • How do you enforce password policies across devices? More often than not, IT leaders will respond with something along the lines of, “Our PCs are secured via the corporate directory.” But as we know, traditional directories ultimately leave Mac users, remote staff, and business partners exposed to the risks of noncompliance.
  • How do you secure data at rest on laptops? FileVault or BitLocker can only go so far if an organization doesn’t enforce stringent password standards (around complexity, regular resets, multi-factor authentication, etc.) If a user’s password is easily guessed — or readily for sale on the deep web — any data on their device is up for grabs.
  • What happens when a device is lost or stolen, or employees leave the company? In any of these instances, IT needs the ability to immediately revoke device access to ensure data, files, and apps don’t fall into the wrong hands. Without a cloud directory to unify endpoint management, this becomes a manual process that gives malicious actors even more time to make a move.
  • How dependent is your organization on Active Directory? Businesses that are completely reliant on AD don’t have to quit cold turkey to enhance endpoint security. Flexible cloud directory solutions can connect to existing Active Directory installations to extend AD to Mac users and to allow all laptop users, regardless of OS, to connect to the corporate directory without the hassle and unreliability of VPN.

​The IT landscape, from hardware and software to security threats, is always evolving. Channel firms have a responsibility to ensure their clients’ endpoint strategies do the same.