Some have the seemingly logical idea that with SaaS such as Office 365, only the applications and the users themselves need to be managed. However, O365 while in the cloud, is still accessed via devices, and these devices, now increasingly fully remote, themselves need proper care and protection.
We spoke with CoreView Solution Architect Matt Smith about identifying and managing remote O365 workers’ devices.
Diving into Device Management
CoreView: How does configuration and security change as many move to remote work? Does this raise the bar for device management?
Smith: As we expand the surface and the usability of the Microsoft Office 365 platform, we have expanded it now from inside the corporate walls to the internet, and now to home devices, configuration becomes critical.
It was much easier for IT when there was a single brand of laptop, or a single brand of desktop that had the corporate image on it and the applications installed, and you could only access the file server when you were in the office plugged into the wired network.
Wireless introduced a bigger attack surface, and cloud SaaS platforms increase that surface. Connecting from home has increased it yet again, and each time it is exponentially bigger.
CoreView gathers configuration information from all these devices. Our management platform rests on top of the data and alerts you when the configurations are not what you expected, or not configured to company standards.
Here is an example of why this is important. Earlier this year (2020) there was a highly critical Microsoft security flaw. It was so bad that the U.S. National Security Agency pointed out the flaw and instructed every government agency to report on which machines had that version of Windows that needed patching — and gave them a whopping two days to do it. If you can imagine the federal government doing anything within two days, that is amazing. They gave them seven days to report back on exactly how many of those devices they fixed with the patch.
This is a big problem in IT. Knowing what devices are attaching is an issue. Doing that inventory is an issue, and correlating the devices with the user is an issue.
CoreView has all that data. We are wickedly fast, and leverage the power of Azure to throw a ton of computing resources at very large reports and information requests.
Plus, CoreView has already correlated the data, which we call data enrichment. As information comes in, we combine user information, department, all the Active Directory information, with those devices, so data correlation is already there. We produce reports, and on top of it, communicate directly with users from within the platform.
Device Management and the Trouble with Remote Devices
CoreView: How does CoreView support device management, especially remote devices?
Smith: We talked about devices, enabling remote users, the ability to report on specifically what devices users have, communicating directly with users, provide them training, and configuration information. We are not a device configuration platform. We leave that to Microsoft Intune and a Microsoft product called System Center Configuration Manager (SCCM).
We are not pushing down patches and software to devices. What we do though is report back and show that policies were applied to these devices correctly, or these devices do not have any policies applied. That is a security event. Who has these devices and how they are being used for what applications are something the Microsoft products do not show. Microsoft’s native O365 Admin Center does not tell you that a user used a device to access an application and transferred or uploaded a specific file and the name of that file.
Let us say IT finds a device that has been compromised, since CoreView surfaces devices with malware. IT can dive further. CoreView shows that user has malware on a device, and since that device is compromised and that user is suspect, IT can see everything he touched, all the files he has uploaded, all the files he has accessed, where he logged in from, what IP addresses, and what devices were used. This is critical because they are all now suspect.
In this specific case, IT identified a risk, and can now look at a user and everything that they have done versus always looking at 10,000 users. That is the Splunk approach of casting a wide net and hoping you catch something. With CoreView, you get a risk signal, and then can do a deep dive exactly on that specific event. That is something nobody else does.
CoreView: So we know the patch level of Windows? Office?
Smith: We know it for Windows and Office. What is important is we know the build number, not just the version. So if you have Windows 10 at home, we know the build number of that Windows 10 device and we can target that. CoreView knows the iOS version of your Apple device down to not just that it is version nine — but it is 9.4.
Secure Remote Workers with CoreView’s Help
Learn more about making remote workers happy and productive with a CoreView demo.
Get your O365 user workload usage and security profile FREE with our new CoreDiscovery solution. You can get your free software now at the CoreDiscovery sign up page: https://www.coreview.com/core-discovery-sign-up/