​Cloud-based Office Housekeeping

Author by Dirk Eisenberg, Technical Director Cloud & Mobile Management at Matrix42

A huge change is currently underway with innumerable organisations migrating their entire office systems to a cloud environment.

The majority of organisations will have completed this move and be working with cloud-based solutions by 2022. But this new “office” also needs to be managed efficiently in terms of time and cost.

So what do housekeeping services for cloud-based office systems need to provide? And what are the top issues in terms of security?

While housekeeping for the traditional computer workstation is a familiar concept, tidying up cloud-based office systems is relatively new and many people don’t yet know exactly what this involves. However, it is very important to organise not only the move to the cloud itself but the day-to-day management of the cloud-based office environment in the best possible way.

The mass move of organizations to cloud-based systems will make the web browser the dominant OS-independent hub for Office and other applications. Enterprises will quickly find themselves reaching their limits in this regard.

Who can remember 66 log-in details?

This move can easily cause problems for workers and enterprises alike. Users need to remember too many different passwords and user names. At the same time, user administration in the various SaaS applications are becoming increasingly complex and challenging for IT departments.

Many different devices are being used with different operating systems and browsers, each with various SaaS and web applications. This will increase risks in the future. In principle, every device that is connected to the corporate network and online is a source of risk for unauthorised access and also for unintentional misuse by users themselves. If, for example, a doctor accesses a patient’s files from home or from a restaurant using their mobile device, they are already on slippery ground in terms of data protection and data security.

Mobile devices have become a target of choice for hackers, primarily through weak spots along the communication path, i.e. in text messages, MMS, Wi-Fi, Bluetooth or a GSM network. Vulnerabilities in operating systems and browsers are also happily exploited by hackers. Uninformed users may also download a malicious code onto their device by mistake. The goal of such attacks is usually to steal sensitive data such as bank details, access data, private user information or even entire digital identities – with disastrous consequences for the professional environment.

How this works in technical terms is illustrated by a security gap discovered in WhatsApp that disenabled the allegedly secure end-to-end encryption. Here, the hackers resorted to an old security loophole. When they failed to tap into encrypted messages, they posed as victims themselves and arranged for communication by text message, for example, to be diverted to their own smartphone. They used the 35-year-old SS7 protocol to do this; a technology that providers use to connect to GSM and UMTS networks for roaming and forwarding services. Anyone who is familiar with this protocol can locate users, create motion profiles and even listen in on conversations. And that’s just one of many examples of the vulnerabilities in the mobile environment.

Adaptive monitoring of applications urgently required

To make a cloud-based office work, IT staff need to tackle these challenges. An important step here is identity and access management. In the cloud era, this process has to be massively updated by means of adaptive access. Many organizations have already introduced double or multi-factor authentication processes, but this is not enough. It is not just a matter of establishing the identity of the user with absolute certainty. It is also necessary to ensure that the right systems and the right data are accessed at the right time and from the right location. “Right” in this context means legitimate – legitimised by the organisation and the IT department.

It may seem complicated at first to include individual user contexts in identity and access management. But in fact there are only three main contexts involved: location, time and device. Modern solutions allow users to set these contexts up in a relatively simple way, using self-service for example. The first time a user uses their device, the user specifies, for example, their present location as their legitimate home office. The access system then defines this location as a “permitted” location for the use of specific business applications. From then on, the user can be blocked from using the applications as soon as they are in a restaurant, for example, or in some other location that has not been approved. The process is similar for the contexts of time and device. For example, users can only reply to their business Outlook e-mails by using their permitted corporate tablet. This also allows other benefits, such as the use of business apps after 8 p.m. being restricted, to make sure that workers have leisure time in the evening.

Housekeeping with workspace management solutions

These kind of adaptive access concepts allow organisations/IT departments to regain sovereignty over devices, systems, applications and data. But security is not the only key requirement for the “clean” provision of cloud workstations. Technology should be used to increase the productivity of employees and not land them in a maze of log-in and web addresses.

Licenses also require smooth and transparent administration. Cloud apps usually have a pay-as-you-go principle which means that every user that is set up is charged for. This can lead to unnecessary costs if, for example, an organization forgets to delete a user when the respective employee leaves the company or no longer needs the app. IT departments must also be able to quickly grant a new employee access to all the necessary applications on their devices and, similarly, need to be able to block users quickly and maintain data security when an employee leaves the company. It is almost impossible to meet these requirements without having a centralised solution.

Personal workspaces for employees

Workspace management is one such centralised solution. Modern workspace management systems enable the administration not just of workstations but also of the various devices and applications used by employees. It provides employees with their own personal workspace. This makes mobile device management one of the key requirements of centralised solutions.

Mobile devices need to be integrated into the system seamlessly to enable the smooth distribution of mobile applications, device compliance checks and license administration. This kind of solution also needs to have an identity and access management aspect including adaptive access control. The solution should be easy to integrate into an existing IT infrastructure and should require a low level of administration.

Using these methods, the cloud-based office can be managed in a time and cost-efficient way.

Tags mobile devicesIT departmentmmsoutlookcloud-based securitymatrix42

Show Comments