Microsoft Security Newsletter – September 2012
Ok, didn’t have the time to search where online the newsletter is located so I just copied some of it into this post. I think that there where some interesting posts/articles around “BYO”, Cloud etc. So browse and enjoy! 😉
| Welcome to September’s Security Newsletter! |
This month’s newsletter focuses on personal devices in the workplace, often times referred to as “Bring Your Own Device,” or BYOD. BYOD is a very hot topic these days as organizations grapple with the challenge of managing the risks involved in allowing corporate data to be placed on personal devices such as smart phones. At face value, BYOD has the potential to be a win-win proposition. However, depending on how BYOD is implemented and managed, it could be a Pandora’s box.The primary challenge is that some of the devices employees decide to bring to work may not have basic security or management capabilities. This challenge is compounded by the risks associated with connecting to social networks and by the diverse ways organizations and people are choosing to connect and share data today – such as the utilization of cloud services. We recently conducted a study to find out more about how personal devices are being used in the business environment. Our study found that:
BYOD does have distinct advantages. From the standpoint of the IT department, BYOD is generally seen as a cost-cutting measure because the burden of supplying the equipment is shifted to the employees. Some organizations subsidize BYOD policies with a per diem to offset the costs for users, but it still results in lower costs for the organization by relieving IT of its traditional role of maintenance and support. Another advantage of BYOD is that individuals tend to upgrade and embrace new platforms and technologies much faster than businesses. The organization benefits from being able to take advantage of cutting edge tools and features without the pain of deploying new hardware to the entire company. From the user’s perspective, BYOD means using devices and applications that are more familiar. Empowering users with the ability to choose which hardware and platforms they use creates more satisfied and productive workers. It also allows them to carry a single mobile device instead of one for work and another for personal use. The list of smart personal devices capable of connecting to private and public networks is rapidly and constantly expanding. For chief information security officers (CISOs) and chief security officers (CSOs), managing an ever growing list of devices and applications isn’t a sustainable model. Some of the security professionals I have talked to are shifting their focus to managing the data instead of the devices. They have concluded that device security is only a proxy for data security; if they can’t effectively manage the security of the devices that employees bring to work, they will focus on managing the security of the data itself. I think the industry recognizes the importance of securing personal devices and are making steps toward better management controls in the future. If you are interested in learning more about BYOD, I encourage you to read these blog posts recently published on the topic:
|
Don’t Let BYOD Backfire on Your BusinessThere are several reasons for organizations to at least consider adopting BYOD; however compliance mandates and security issues are two large hurdles that should be carefully considered when weighing the pros and cons of BYOD. See why, even if those issues are managed, BYOD can go down a path that neutralizes the benefits and turns into a source of employee dissatisfaction.
| Top Stories |
| Working Toward a Privacy Framework for the “Big Data” EraOver the past several months, Microsoft has been talking with some of the world’s foremost privacy thinkers, including representatives of regulatory bodies, government policymakers, academia, and industry to explore alternate models for privacy in a modern information economy. Learn more about these discussions and the types of issues being raised. |
| Microsoft Security Response Center Progress Report 2012The Microsoft Security Response Center (MSRC) recently published its annual MSRC Progress Report. This year’s report provides the latest information on the progress of various security initiatives that share information to foster deeper industry collaboration around software security, increase community-based defenses, and better protect customers from malware. Check out the new report today. |
Microsoft Technologies for ConsumerizationExplore the technologies that can help you embrace the latest trends in consumerization while maintaining control over your IT environment.
Consumerization of IT Jump StartGet a high-level overview of the consumerization of IT and BYOD trend, then delve into more detail with demonstrations of key IT scenarios related to supporting this trend in an enterprise organization:
|
| Security Guidance |
| Consumerization of IT FAQGet answers to common questions about the consumerization of IT trend including recommendations on how to approach mixed-OS environments, smartphones, and desktop virtualization. |
| Infrastructure Planning and Design Guide for User State VirtualizationWindows user state virtualization (USV) can help IT find the right balance between centralized management of business-critical data and a rich user desktop experience. This guide offers instructions on how to gather relevant user and IT requirements, then compare and contrast Windows USV technologies (Folder Redirection, Offline Files, and Roaming User Profiles) in light of scenarios that are relevant to your business. |
| Network Access Protection Deployment GuideLearn how to deploy Network Access Protection (NAP), an extensible platform that provides infrastructure components and an application programming interface (API) for adding components that verify and remediate a computer’s health and enforce various types of network access or communication. |
| Managing “BYO” PCs in the EnterpriseFind tips and insights to help you more securely manage Windows on ARM (WOA) PCs and configure basic security and data protection policies. |
//Richard
The IT Melting Pot! 