a person sitting at a table using a laptop
Read Time, 7 min.

Ask yourself: Imagine that a senior employee’s laptop is stolen. It could be industrial espionage. Are the security precautions you have in place today sufficient to stop the thief from extracting valuable information or credentials from the laptop?

Digital transformation and the changing workplace are shining a light on two intersecting trends: the variety and volume of endpoint devices, and the need to secure data and systems wherever they reside. Even before the pandemic, numbers were already alarming:

  • 64% of organizations experienced one or more endpoint attacks that successfully compromised data assets and/ or IT infrastructure.1
  • 5Bn threats are detected on devices on a monthly basis.2

And according to Gartner, by 2022, 70% of organizations that do not have a firmware update plan in place are likely to be breached due to a firmware vulnerability. Advanced malware that runs before the OS boots is a real threat and can be difficult to remove.

As security becomes table stakes for digital business, IT and security teams work closely to identify threats and vulnerabilities proactively across the entire IT architecture, and devices present some of the most vulnerable entry points to bad actors. Security teams understand the need to modernize endpoint security methods, from the device firmware up to the cloud, across all phases of the device lifecycle. But where do you stand?

According to October 2020 BCG’s research “Remote Working and the Platform of the Future“3, the foundations for the new hybrid workplace lay on technology solutions like modern devices and cloud based collaboration tools, grounded on security solutions that keep endpoints, data and identities secure. However, the same research confirms that only 27% of surveyed managers fully acknowledge to have the required technology in place.

Supporting a remote or hybrid workforce is a known new challenge. How to make it easier for people to do their jobs from any location while protecting data from threats, particularly at the endpoint level, knowing that many of these still consist of legacy devices with limited security.

Devices are used by employees across a variety of mission critical scenarios – from collaborating in Office on important documents to Microsoft Teams calls with coworkers across the globe. Providing robust protection against the latest malware and ransomware is a critical priority as organizations expect that their devices and data to withstand common attacks.

How to reduce the endpoint security risks of a remote workforce?

To build a more flexible and scalable approach to protect employee devices, data, and user identities across a dispersed workforce, 3 key dimensions should be considered:

1. Managing and securing remote devices

Protecting sensitive information on endpoint devices has typically involved a lot of manual configuration. These tasks become more impractical with a workforce dispersed among many different locations.

Many organizations are opting, therefore, to move to cloud-based solutions that combine device protection, information protection, and identity protection. Cloud-based mobile device management (MDM) eliminates bottlenecks and ensures that the software and operating systems on your devices are always up to date.

Endpoint security begins with the design of the device and continues throughout the entire device lifecycle, from deployment to end of life. An optimal security strategy enables administrators to control even the lowest level of hardware settings without having to touch the machine.

2. Protecting company information

Protecting your company’s information from loss, theft, and misuse becomes more critical—and more complex—with a dispersed workforce.

For many organizations, the best way to remain compliant with data privacy and other regulations is with a cloud-based solution that can help you classify and protect information regardless of where it’s stored or who it’s shared with. A modern information protection solution can automatically discover information as it appears, apply custom controls based on how it is classified, and apply policy-based actions to sensitive information.

Alongside a cloud solution for information protection, the devices you choose also play a big part in protecting sensitive data.

For example, modern biometric login solutions offer better protection than passwords, by using fingerprint and facial recognition. Plus, some devices offer instant and built-in data encryption, without the need for additional configuration by IT, so information on the hard drive can’t be accessed if the device is lost or stolen.

3. Securing identities

Many businesses have adopted a single sign-on (SSO) solution that lets users access multiple applications with just one credential. Consolidating logins to a single set of credentials improves security by reducing the attack surface (the more passwords used, the greater the opportunity for attackers to exploit weak passwords).

However, as the popularity of cloud applications grows, relying solely on an on-site SSO is no longer enough. Creating a direct connection each time between your SSO solution and every single cloud application, for every single user, is far too complex to manage. A simpler approach is to use a cloud solution for identity management.

Single-point identity confirmation is no longer enough either. Multi-factor authentication is more secure—and it needn’t be a burden for the organization or its users.

In addition to the convenience that SSO brings to how people work, there are new hardware technologies that help drive identity-based security. For example, Surface devices are configured out of the box with “containers” that isolate apps from other processes to protect them from misuse.

Choosing hardware that supports these new methods—in combination with cloud-based identity management—will help you build a strong defense against today’s growing threats. For instance, devices are increasingly available with fingerprint or retina-scan authentication in addition to traditional passcodes, as well as out-of-the-box software that isolates and hardens key system and user secrets against compromise.

The simple choice for device security with Surface for Business

a man taking a selfie

Endpoint security has always been at the core of Surface devices. Our engineering team has been using a unified approach to firmware protection and device security since 2015 through complete end-to-end ownership of hardware design, in-house firmware development, and a holistic approach to device updates and management.

Our Unified Extensible Firmware Interface (UEFI) is written in-house, continuously maintained through Windows Update, and fully managed through the cloud by Microsoft Endpoint Manager. This level of control enables enterprises to minimize risk and maximize control at the firmware level before the device even starts Windows 10. Additionally, Surface is the only manufacturer to have Device Firmware Configuration Interface (DFCI)4 enabled for cloud-scale remote firmware management with zero-touch device provisioning.  IT organizations have the ability through the cloud to disable a camera or disable the ability to boot from USB all at the pre-boot firmware level. The result is a reduced attack vector that is critical to endpoint protection.

Furthermore, to protect the firmware and initial boot of the device, Surface enables Secure Boot to ensure an authentic version of Windows 10 is started and make certain the firmware is as genuine as it was when it left the factory. Surface also ensures that each commercial device includes a security processor (TPM 2.0) to provide advanced encryption capabilities such as BitLocker, to secure and encrypt your data, and Windows Hello, to enable password less sign-in. Each of these built-in security options helps protect your device from malicious software attacks. DMA Protection, enabled by default in newer Surface devices, mitigates potential security vulnerabilities associated with using removable SSDs or external storage devices.

Surface has also worked diligently across multiple hardware platforms to enable VBS (Virtualization-Based Security) and HVCI (Hypervisor Code Integrity) by default on capable new Surface models. VBS and HVCI create and isolate a region of memory from the normal operating system using hardware virtualization capabilities. This security capability can stop most escalation of privilege attacks.

In an age of rising security threats, businesses need protection across multiple layers. From chip to cloud, Surface considers the most secure device capabilities available and continues to innovate to meet the evolving needs. With built-in protection at every layer, Surface is the best, most streamlined implementation of Microsoft’s security stack.

Learn more about security on Surface here and familiarize yourself with Eneco’s story – a leading energy supplier in the Netherlands – that chose Surface for Business devices to create a more sustainable and secure workplace.

 


1 Source: Ponemon Institute, “The 2018 State of Endpoint Security Risk,” October 2018
2 Source: Microsoft Security Blog, “The evolution of Microsoft Threat Protection, June update,” June 2019
3 BCG “Remote Working and the Platform of the Future“, October 2020
4 Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book, Surface Laptop 3, Surface Pro 7, Surface Pro 7+, and Surface Pro X. Find out more about managing Surface UEFI settings.

Protect your business with Microsoft security and Surface

Discover How IT and business leaders facilitate safety, trust, and collaboration in our modern workforce

Discover more related articles per industry:

Education

  • a woman using a laptop

    Make remote learning work better for everyone. Find out how.

    Since the COVID-19 outbreak first hit China, our education customers in the country have done amazing things to keep students engaged while they transition to remote learning. From eLearning innovations, to keeping students’ spirits high with photo and cooking challenges – teachers and students have shown extraordinary resilience during this difficult time. Now, as the […]

  • Cloud

    A guide to GDPR for universities

    With the EU’s new General Data Protection Regulation coming into effect on May 25, understand how universities like yours can take the right steps towards compliance with this free eBook – and other useful resources. Your university on a journey on a journey Your university is on a journey with lots of ‘data subjects’. They’re […]

Government

  • a large old building with many windows

    Raad van State: Creating a virtual courtroom through a remote-working solution

    “This situation has proven that with the right means, support and trust, you can remove half of the desks in your building – and in that sense, I don’t think we’ll ever see 700 people at the same time in the office again.” Ron Lamers, Project Manager at Raad van State, is talking about the […]

  • Iceland runs on Trust

    How the cloud helped a small nation realise big ambitions

    In December 2015, the Icelandic government kicked off a digital infrastructure review. With more than 100 different suppliers managed by over 100 IT managers in each public institution, the brief was clear; to simplify operations and streamline IT for over 20,000 users. The solution: Fast forward two and a half years, and a decision was […]

Healthcare

  • Nurse and patient

    MOB: increasing healthcare workers’ time with their patients using cloud technology

    “Time is the most valuable currency in healthcare. That’s what this technology gives us: more time with our patients.” Fettah Erdal, Senior Administrator at Dutch healthcare provider MOB is talking about the impact that cloud-based technology is having on his organization’s ability to deliver more patient-centred healthcare. “All of our care workers are in the […]

  • Healthcare professionals operating on a patient

    Maasstad Hospital: Working as one medical team during a crisis

    In times of crisis, an organization looks to its leadership for guidance. As COVID-19 spread through Europe in early 2020, Maasstad Ziekenhuis Hospital CEO Peter Langenbach had planned to lead his hospital’s crisis response as he would any other – being present and visible, leadership traits instilled in him during his time in the Dutch […]

Manufacturing

  • a woman smiling for the camera

    Etex Group: Future-proofing employees to work anywhere across the world

    When COVID-19 spread across Europe in early 2020, businesses entered a new digitally-dependent age. Social distancing measures had asked offices of all shapes and sizes to close their doors, sparking organizations to quickly find other virtual ways for colleagues to meet and collaborate remotely. But for Belgium building material specialist Etex, this was a step they were ready for – having already implemented a cloud-based infrastructure and collaboration tools […]

  • Etex

    Etex uses modern tools to unite its business and better focus on customers

    When it comes to construction, all components must come together in a timely manner in order to produce the optimum product. While Etex, a Belgian building solution manufacturing company, helps make this a reality on a day-to-day basis, it wanted to find a way to enhance productivity and collaboration internally. With locations across more than […]

Retail

Discover more related articles per dossier:

Customer Stories

Digital Transformation

  • NorthWest Clinics building

    Northwest Clinics: A new era in virtual healthcare

    “I am generally quite modest – I don’t like to brag about my achievements too much. But in this case, I want to make an exception. I want to tell the world what we have done.” For Ed de Myttenaere, CIO at Northwest Clinics hospital (Noordwest Ziekenhuisgroep) in the Netherlands, breaking with tradition is becoming increasingly normal. In responding to the COVID-19 outbreak, his team have implemented a virtual consultation solution that has the potential to redefine […]

Security & Privacy

  • a man in a striped shirt and looking at the camera

    The top 9 ways Microsoft IT is helping its employees to work from home

    From Milan to Puget Sound, tens of thousands of Microsoft employees have begun working from home as a result of the COVID-19 outbreak. Many of our customers have asked us to share the details of how we enable collaboration and remote working for such a large workforce. Here are the nine most important factors from a compliance […]

Tips

  • Lady on a Teams call at her computer

    5 reasons why you should start using Microsoft Teams today

    Collaboration and teamwork are the defining characteristic of modern organisations. Since its launch, Microsoft Teams has become the fastest growing app in Microsoft’s history with more than 330,000 companies worldwide using it. If you’re working in one of those companies, then you’re probably finding new ways to use the app on a daily basis. But […]