a person sitting at a table using a laptop
Read Time, 7 min.

Ask yourself: Imagine that a senior employee’s laptop is stolen. It could be industrial espionage. Are the security precautions you have in place today sufficient to stop the thief from extracting valuable information or credentials from the laptop?

Digital transformation and the changing workplace are shining a light on two intersecting trends: the variety and volume of endpoint devices, and the need to secure data and systems wherever they reside. Even before the pandemic, numbers were already alarming:

  • 64% of organizations experienced one or more endpoint attacks that successfully compromised data assets and/ or IT infrastructure.1
  • 5Bn threats are detected on devices on a monthly basis.2

And according to Gartner, by 2022, 70% of organizations that do not have a firmware update plan in place are likely to be breached due to a firmware vulnerability. Advanced malware that runs before the OS boots is a real threat and can be difficult to remove.

As security becomes table stakes for digital business, IT and security teams work closely to identify threats and vulnerabilities proactively across the entire IT architecture, and devices present some of the most vulnerable entry points to bad actors. Security teams understand the need to modernize endpoint security methods, from the device firmware up to the cloud, across all phases of the device lifecycle. But where do you stand?

According to October 2020 BCG’s research “Remote Working and the Platform of the Future“3, the foundations for the new hybrid workplace lay on technology solutions like modern devices and cloud based collaboration tools, grounded on security solutions that keep endpoints, data and identities secure. However, the same research confirms that only 27% of surveyed managers fully acknowledge to have the required technology in place.

Supporting a remote or hybrid workforce is a known new challenge. How to make it easier for people to do their jobs from any location while protecting data from threats, particularly at the endpoint level, knowing that many of these still consist of legacy devices with limited security.

Devices are used by employees across a variety of mission critical scenarios – from collaborating in Office on important documents to Microsoft Teams calls with coworkers across the globe. Providing robust protection against the latest malware and ransomware is a critical priority as organizations expect that their devices and data to withstand common attacks.

How to reduce the endpoint security risks of a remote workforce?

To build a more flexible and scalable approach to protect employee devices, data, and user identities across a dispersed workforce, 3 key dimensions should be considered:

1. Managing and securing remote devices

Protecting sensitive information on endpoint devices has typically involved a lot of manual configuration. These tasks become more impractical with a workforce dispersed among many different locations.

Many organizations are opting, therefore, to move to cloud-based solutions that combine device protection, information protection, and identity protection. Cloud-based mobile device management (MDM) eliminates bottlenecks and ensures that the software and operating systems on your devices are always up to date.

Endpoint security begins with the design of the device and continues throughout the entire device lifecycle, from deployment to end of life. An optimal security strategy enables administrators to control even the lowest level of hardware settings without having to touch the machine.

2. Protecting company information

Protecting your company’s information from loss, theft, and misuse becomes more critical—and more complex—with a dispersed workforce.

For many organizations, the best way to remain compliant with data privacy and other regulations is with a cloud-based solution that can help you classify and protect information regardless of where it’s stored or who it’s shared with. A modern information protection solution can automatically discover information as it appears, apply custom controls based on how it is classified, and apply policy-based actions to sensitive information.

Alongside a cloud solution for information protection, the devices you choose also play a big part in protecting sensitive data.

For example, modern biometric login solutions offer better protection than passwords, by using fingerprint and facial recognition. Plus, some devices offer instant and built-in data encryption, without the need for additional configuration by IT, so information on the hard drive can’t be accessed if the device is lost or stolen.

3. Securing identities

Many businesses have adopted a single sign-on (SSO) solution that lets users access multiple applications with just one credential. Consolidating logins to a single set of credentials improves security by reducing the attack surface (the more passwords used, the greater the opportunity for attackers to exploit weak passwords).

However, as the popularity of cloud applications grows, relying solely on an on-site SSO is no longer enough. Creating a direct connection each time between your SSO solution and every single cloud application, for every single user, is far too complex to manage. A simpler approach is to use a cloud solution for identity management.

Single-point identity confirmation is no longer enough either. Multi-factor authentication is more secure—and it needn’t be a burden for the organization or its users.

In addition to the convenience that SSO brings to how people work, there are new hardware technologies that help drive identity-based security. For example, Surface devices are configured out of the box with “containers” that isolate apps from other processes to protect them from misuse.

Choosing hardware that supports these new methods—in combination with cloud-based identity management—will help you build a strong defense against today’s growing threats. For instance, devices are increasingly available with fingerprint or retina-scan authentication in addition to traditional passcodes, as well as out-of-the-box software that isolates and hardens key system and user secrets against compromise.

The simple choice for device security with Surface for Business

a man taking a selfie

Endpoint security has always been at the core of Surface devices. Our engineering team has been using a unified approach to firmware protection and device security since 2015 through complete end-to-end ownership of hardware design, in-house firmware development, and a holistic approach to device updates and management.

Our Unified Extensible Firmware Interface (UEFI) is written in-house, continuously maintained through Windows Update, and fully managed through the cloud by Microsoft Endpoint Manager. This level of control enables enterprises to minimize risk and maximize control at the firmware level before the device even starts Windows 10. Additionally, Surface is the only manufacturer to have Device Firmware Configuration Interface (DFCI)4 enabled for cloud-scale remote firmware management with zero-touch device provisioning.  IT organizations have the ability through the cloud to disable a camera or disable the ability to boot from USB all at the pre-boot firmware level. The result is a reduced attack vector that is critical to endpoint protection.

Furthermore, to protect the firmware and initial boot of the device, Surface enables Secure Boot to ensure an authentic version of Windows 10 is started and make certain the firmware is as genuine as it was when it left the factory. Surface also ensures that each commercial device includes a security processor (TPM 2.0) to provide advanced encryption capabilities such as BitLocker, to secure and encrypt your data, and Windows Hello, to enable password less sign-in. Each of these built-in security options helps protect your device from malicious software attacks. DMA Protection, enabled by default in newer Surface devices, mitigates potential security vulnerabilities associated with using removable SSDs or external storage devices.

Surface has also worked diligently across multiple hardware platforms to enable VBS (Virtualization-Based Security) and HVCI (Hypervisor Code Integrity) by default on capable new Surface models. VBS and HVCI create and isolate a region of memory from the normal operating system using hardware virtualization capabilities. This security capability can stop most escalation of privilege attacks.

In an age of rising security threats, businesses need protection across multiple layers. From chip to cloud, Surface considers the most secure device capabilities available and continues to innovate to meet the evolving needs. With built-in protection at every layer, Surface is the best, most streamlined implementation of Microsoft’s security stack.

Learn more about security on Surface here and familiarize yourself with Eneco’s story – a leading energy supplier in the Netherlands – that chose Surface for Business devices to create a more sustainable and secure workplace.

 


1 Source: Ponemon Institute, “The 2018 State of Endpoint Security Risk,” October 2018
2 Source: Microsoft Security Blog, “The evolution of Microsoft Threat Protection, June update,” June 2019
3 BCG “Remote Working and the Platform of the Future“, October 2020
4 Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book, Surface Laptop 3, Surface Pro 7, Surface Pro 7+, and Surface Pro X. Find out more about managing Surface UEFI settings.

Protect your business with Microsoft security and Surface

Discover How IT and business leaders facilitate safety, trust, and collaboration in our modern workforce

Discover more related articles per industry:

Education

  • Pencil

    Hybrid learning and GDPR: maintaining security and compliance in disruptive times

    Like most areas of society, over the past six months the education sector has had to face challenges unlike any before. Students thrive when they have access to personalized learning. As schools have moved quickly to adapt to remote learning, using technology to create new experiences that meet students’ needs has become more important than […]

  • a woman using a laptop

    Make remote learning work better for everyone. Find out how.

    Since the COVID-19 outbreak first hit China, our education customers in the country have done amazing things to keep students engaged while they transition to remote learning. From eLearning innovations, to keeping students’ spirits high with photo and cooking challenges – teachers and students have shown extraordinary resilience during this difficult time. Now, as the […]

Government

Healthcare

  • Nurse and patient

    MOB: increasing healthcare workers’ time with their patients using cloud technology

    “Time is the most valuable currency in healthcare. That’s what this technology gives us: more time with our patients.” Fettah Erdal, Senior Administrator at Dutch healthcare provider MOB is talking about the impact that cloud-based technology is having on his organization’s ability to deliver more patient-centred healthcare. “All of our care workers are in the […]

  • Healthcare professionals operating on a patient

    Maasstad Hospital: Working as one medical team during a crisis

    In times of crisis, an organization looks to its leadership for guidance. As COVID-19 spread through Europe in early 2020, Maasstad Ziekenhuis Hospital CEO Peter Langenbach had planned to lead his hospital’s crisis response as he would any other – being present and visible, leadership traits instilled in him during his time in the Dutch […]

Manufacturing

  • Mais on a sunny day

    COFCO International: How cloud technologies ensured business continuity during challenging times

    “I have worked at COFCO for 12 years, always in an office. But I have spent the last 63 days working from home.” Marcus Seelbach, Chief HR Officer at global agribusiness COFCO International, is talking from his home via video call about the transition he and all his colleagues have undergone since COVID-19 led to the closure of the company’s offices worldwide. “But thanks to the preparation and […]

  • Etex

    Etex uses modern tools to unite its business and better focus on customers

    When it comes to construction, all components must come together in a timely manner in order to produce the optimum product. While Etex, a Belgian building solution manufacturing company, helps make this a reality on a day-to-day basis, it wanted to find a way to enhance productivity and collaboration internally. With locations across more than […]

Retail

  • Picture from the back of a person attending a Teams meeting with 2 colleagues, discussing about a furniture fabric.

    Zuiver: Supporting both business and culture through technology

    “Since moving to the cloud, there are no limitations anymore. And I’m certain without this technology, we would not have seen the growth we have today.” Jaap Landsaat, CFO and Head of IT at Dutch furniture designer Zuiver, is talking about the profound impact technology has had on the business he co-founded more than 20 years ago. “Back then, we had 100 orders a week […]

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

Discover more related articles per dossier:

Customer Stories

  • Fitness24Seven

    Fitness24Seven: Flexing new muscle with Intelligent Communications

    Fitness24Seven is one of Europe’s fastest growing fitness brands. But the company found itself needing to connect dispersed teams and improve information sharing. As Stefan Hult, Senior Consultant at Stratiteq explains: “each location was in their own little world. There was really no sort of connection across the entire company.” The solution: Simplicity and flexibility […]

Digital Transformation

Security & Privacy

  • a close up of a logo

    Five things we learnt from the Security and Compliance Summit

    On November 4th 2020, Microsoft Western Europe hosted its first Security and Compliance Summit. Experts and Security Blackbelts from across Microsoft, including the Detection and Response Team and the Digital Crimes Unit, came together virtually to share perspectives on the latest security, compliance and privacy challenges that seek to compromise the modern workplace – a […]

Tips

  • A woman holding a white mug

    Working from home. What I’ve learned as an early adopter.

    I guess you could call me an ‘early adopter’ of remote work. About 15 years ago, I was responsible for mobility and convergence at a large telecoms company when those concepts were in their infancy. So, I decided I’d try to practice what I’d be preaching all day, and insisted on working remotely as often […]