Virtually anywhere can be a workplace today, whether it’s a hotel lobby, a café, or even a park bench. Ensuring productivity, having the right tools, devices, and applications, as well as connectivity and interaction that is secure from interference, are the best business practices for organisations implementing remote and hybrid working arrangements. The conditions that necessitated this shift have led us into an era where cybersecurity and interconnectivity are the main drivers of ICT development. Scattered employees using their own hardware and connecting via their own service providers to a central network means that you and your IT department have absolutely no control over the endpoint user's security measures or the security of the internet connections they use. Remote working best practices require implementing some new endpoint management and security systems that can manage these risks. Here is how Surface is keeping you safe from threats and what you can do to enhance security by implementing remote working best practices in your ICT infrastructure.
Enterprise mobility (or business mobility) is a term that is often applied to remote working technology and business practices that allows employees to conduct work from outside a traditional office setting. This is used in work from home programs and touted as an employee perk – though businesses enjoy numerous benefits as well, such as:
- Being able to tap into talent resources that aren’t local to their office’s location;
- Increased productivity – as noted in a study conducted by Stanford University among 16,000 workers, productivity increased by an average of 13% over the past 9 months;
- Reduced overhead for office space – companies can add more workers without needing more floor space to accommodate them.
However, managing remote employees effectively requires having the right remote working technology. This includes both the actual hardware and devices your employees work on from home as well as your organisation's networking infrastructure that remote workers log onto in order to retrieve or store information, work on team projects, and communicate with each other via company email. If employees cannot consistently access vital workplace resources and collaboration tools, then they cannot be productive in a remote work setting.
A powerful tool for remote employees is the Microsoft Surface range of computing devices. Microsoft Surface mobility tools enable employees to connect to cloud-based collaboration tools from virtually anywhere they can get a cellphone signal, thanks to their LTE capabilities. With a variety of networking and security solutions available from several Big Tech companies, including Microsoft, you can transform the ICT hardware, software, and networking that supports the activities of your workers, wherever they may be working from.
Covered In This Article:
Remote Working Best Practices: Staying Connected, Safely
Remote Working Best Practices: A Rise In Security Breaches
Surface Is Covered From Chip To Cloud
Remote Working Best Practices: Advanced Security
Factory-Enabled Advanced Windows Security For Microsoft Surface
Managing Surface From The Cloud
Remote Working Best Practices: The New Face Of Secure Login
Remote Working Best Practices: Unsecure Network Connections
Remote Working Best Practices: Staying Connected, Safely
One of the biggest obstacles to business mobility is the need for a stable high-speed internet connection. If the employee’s access to the internet is intermittent or plagued with slow upload/download speeds, it will affect their ability to work efficiently. However, not every employee will have high-speed internet at home – or they may have to work from remote locations, such as a client’s office or a construction site (depending on industry and job role).
The Microsoft Surface with LTE helps solve this problem by using radio frequency communications (similar to how cellphones work) to connect to an LTE network tower. This allows remote employees using Microsoft business on the go tools, such as the Surface Pro 7, to access the internet (and thus any cloud-based apps needed for their work) from anywhere they can get a cellphone signal. By allowing employees to connect to mission-critical business apps and databases from virtually anywhere with a cell signal, work in whichever mode (laptop or tablet) is the most comfortable for them, and providing secure access to the internet, Microsoft’s Surface with LTE makes remote workers more productive and easy to manage.
Remote Working Best Practices: A Rise In Security Breaches
Without the security protections that office systems afford us – such as firewalls and blacklisted IP addresses – and increased reliance on technology, we are far more vulnerable to cyber-attacks. The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber-criminal compromising it. Your Cloud documents, emails and attachments, instant message clients, and third-party services are all vulnerable – and with so much information being shared digitally, the possibility that your information could be intercepted or corrupted has become bigger.
Many employees are using their personal devices for two-factor authentication, and they may well have mobile app versions of IM clients, such as Microsoft Teams. These blurred lines between personal and professional life increase the risk that sensitive information will fall into an insecure environment.
To protect against this risk, all work where possible should be done on a business-provided device subject to remote access security controls. The deployment of Surface for business can be done swiftly and without risking timely setup costs thanks to Microsoft’s integrated system, making remote setup for IT departments a breeze. Achieve peace of mind with a built-in, proactive defence. Security protections maintained by Microsoft are built into every layer of a Surface device.
Surface Is Covered From Chip To Cloud
Surface works closely with Windows and the Microsoft 365 security stack to ensure that the device not only meets every standard for a highly fortified PC but is also capable of automatically receiving updates from the dynamic world of defensive security. A product such as Microsoft's Endpoint Manager gives your IT department administrative abilities that can monitor remote devices connected to your network and easily deploy security and other software updates. Featuring the latest AI-driven automated scanning and monitoring, threats and intrusions on an individual device or on your network as a whole can be detected and disabled before they can damage your network infrastructure. Products such as Endpoint Manager are essential in any organisation's remote working best practices arsenal.
Remote Working Best Practices: Advanced Security
It’s more important than ever to protect your organisation’s endpoint devices, securing data and systems wherever they are. Surface technology for modern workers offers devices with proactive defences with security built-in and managed through the cloud wherever users decide to work. Security protections are built into every layer of a Surface device.
Factory-Enabled Advanced Windows Security For Microsoft Surface
For a detailed description of the various security measures implemented by Microsoft mentioned here, please refer to articles on the Microsoft website on Microsoft Surface Security and Advanced Windows Security. The most recent research in cyber security indicates that as manufacturers build more protections into the OS and its connected services, other ways of exploiting device vulnerabilities are emerging at an alarming rate, with firmware emerging as a top target.
Because device firmware mostly involves third-party providers, keeping track of how secure firmware is, is becoming incredibly complicated. Since firmware is essentially embedded software that provides a low level of control for a device's specific hardware – a standard set of coded instructions that tells the device what to do, used in all kinds of consumer electronics to computers themselves – they are an ideal entry-point to a device's actual hardware for any attacker.
Since 2015, Microsoft has been using a unified approach to firmware protection and device security through complete end-to-end ownership of both the hardware design and firmware development, which is done in-house. No third parties are involved in the supply of firmware for Microsoft devices, and this approach has proven to be highly effective in minimising the risk of firmware vulnerability.
For the Surface family of devices, Microsoft's Unified Extensible Firmware Interface (UEFI) is maintained in-house, regularly updated through Windows Update, and seamlessly deployed for management through Windows Autopilot, Microsoft Endpoint Manager, while Surface Enterprise Management Mode (SEMM) enrolls and configures any new devices that are added to your network.
To summarise, Microsoft's approach to security for its Surface range includes:
- Microsoft designed and built components
- Factory level security protocols and inspection
- No third-party BIOS vendors are involved in the development or production
- Virtualization-based security, or VBS
- Hypervisor-enforced code integrity (HVCI)
- Secure boot and boot guard
- Malware protection
- Dynamic Root of Trust Measurements (DRTM) in AMD devices
- Remote device management control.
With these measures in place, users can have confidence that the privacy and confidentiality of their data will be protected and that their data will only be used in ways consistent with their needs and expectations.
Managing Surface From The Cloud
Through coding, you can geo-locate and monitor surface devices anywhere. Another great feature is the ability to survive any reboot if the device is stolen, reimaged, or wiped, which prevents thieves from disabling it. Surface devices also automatically activate and report location using GPS, Wi-Fi triangulation, or IP address.
Remote Working Best Practices: The New Face Of Secure Login
There have been significant advances made in how a computer device identifies a user. Surface devices provide more than just the ability to log in with your face. With the Windows Hello for Business feature, passwords get replaced with 2FA on Surface. In addition, you can use biometric security – facial and iris recognition – to authenticate via a certificate stored in the Trusted Platform Module (TPM) located on the motherboard.
Security Wherever You Are
The adoption of mass remote working during the COVID-19 pandemic has helped to keep workers safe but it has also introduced further security challenges for businesses. As a result, the extra hardware security enhancements packaged with the Microsoft Surface devices are sure to be welcomed by firms and employees alike.
Keep data secure from a Surface device’s first deployment to its last, no matter how many times and under what circumstances it changes hands.
- Cloud-First Deployment and Management: Deploy and manage down to the firmware layer through the cloud with Microsoft Endpoint Manager and Device Firmware Configuration Interface (DFCI);
- Reduce IT complexity with Windows Autopilot;
- Windows Azure Virtual Desktop: Meet complex business and security requirements with broad device redirection support, endpoint protection, and Microsoft 365 virtualised in Azure;
- OneDrive for Business: Access and protect your business and school work with this intelligent files app. Share and collaborate from anywhere, on any device;
- Collaborate with Teams: Work better together. New integrations allow you to create shareable links, grant expiring access and follow configured policies.
Surface with Microsoft 365 provides unique protection at the front line of multiple vulnerabilities such as:
Stolen Device
- Data on the hard drive is encrypted. Surface devices ship with BitLocker drive encryption enabled by default, so the data on the hard drive cannot be accessed without credentials or the encryption key. Even if the hard drive is removed from the device and inserted into a new device, it cannot be decrypted;
- USB booting is prevented because the organisation used Microsoft Endpoint Manager to proactively turn off the ability to boot from USB through the firmware-level control that the Surface device offers;
- There is zero access to data even if the SSD is removed. If a Surface’s removable SSD is tampered with, the device will shut off power, erasing any residual data in its memory. Since the device is cloud-managed through Microsoft Azure and Intune, the organisation can wipe all the machine’s contents remotely.
Malicious Intent
- A Zero Trust approach means that even if a device is authenticated, the current user profile can only access data and content they have permissions for. The retail establishment assumes that a breach is always possible and maintains strict controls over data access. Conditional access capabilities in Microsoft 365 prevent data leakage from both internal and external actors;
- Any unusual behaviour on the device is automatically detected and remediated with Microsoft Defender for Endpoint, which analyses signals from the device to recognise any abnormal behaviour, like an uncommon executable running on the device. As part of the remediation path, the device is automatically quarantined from the network until the situation is resolved.
Remote Working Best Practices: Unsecured Network Connections
- Instead of worrying about encrypting data that could be shared on a public network, the organisation takes a proactive approach to having a guaranteed secure connection, especially for employees in the field, by equipping frontline workers with LTE-enabled devices. The entire Surface 2-in-1 portfolio (Surface Go 2, Surface Pro 7+, Surface Pro X) has LTE available;
- Any websites, cloud resources, or internal networks not explicitly defined as “trusted” are contained with Microsoft Defender Application Guard. These untrusted sites or files are opened in a virtualised container – essentially a separate PC within the existing PC – to isolate those potentially harmful sites or files from the rest of the device.