Organisations have long struggled to manage the pivot from the use of employer-provided devices to those being sourced and purchased by the employee. The sheer diversity of devices and the lack of the means to monitor, manage, and secure them centrally has led to concern about how the use of such devices could lead to both reputational and legal issues around how data has been managed by the organisation. This results in even more opportunities for MSPs.
The pandemic has made this much worse. Now, rather than employees just trying to connect their mobile phone or tablet to the corporate network to access applications and data, the whole home environment has become an extension of the office. PCs and laptops, landlines and mobile phones, printers and other peripherals, are now used on a regular basis when dealing with corporate information and data assets.
BYOO and opportunities for MSPs
As the move from bring your own device (BYOD) morphs into bring your own office (BYOO), it should be easier to approach organisations with better ways to manage the devices used by employees. It is unlikely that many will go for an MSP becoming a full home office supplier, where all the required devices are sold by the MSP to the organisation, with delivery and provisioning and management carried out by the MSP within the home environment. This didn’t work with BYOD, as end users wanted to make their own choices as to what devices they bought and used – often based more on the appearance and cachet of the device than its actual capabilities.
Instead, the canny MSP should be focusing on what it can offer: the monitoring, management and control of data flows across the organisation and from there to the end user environment within the home office.
Growing concern for organisations
It must be accepted that the security environment around a home office is not going to be the same as it is within a centralized office environment. Not only is it highly unlikely that a home user will have implemented enterprise-level security around their devices, but they will also have been buying devices that by their very nature will have lower security capabilities.
For example, whereas an office may have an enterprise-class multifunction printer (MFP) with features like pull-printing with PIN control and secure deletion of print jobs, the home user is likely to have a low-end inkjet printer with minimal security capabilities. Their PC may be to be used for home-based activities, many of which open up opportunities for malicious actors to inject malware into the platform and from there gain access to the corporate environment. Likewise, the Wi-Fi network within the home may not have the same security capabilities as a well-designed office-grade Wi-Fi solution.
The proliferation of IoT devices such as webcams, video doorbells, voice-activated hubs and so on provide a raft of attack surfaces for these malicious actors as well. In fact, the home office environment should be of major concern to any organisation.
The opportunities for MSPs continue. They can help by offering services such as:
- Remote end-point management. Here, any device that attempts to access corporate resources can be checked to see if it meets minimum security requirements and is free of malware. If it passes, it can then be allowed to access the corporate environment on a time-limited basis – generally the session the end user requires. If it fails, it can either be remotely remediated or must be airlocked out of the environment until it can be fixed (either by the organisation or the end user).
- Information management. MSPS should be offering services such as help in developing and codifying data policies, including the use of classifications. Once these are in place, then services such as data leak prevention (DLP) can be tagged on to monitor and control data flows across corporate boundaries, preventing certain data types from being moved outside of controllable areas.
- Longer distance information controls. Even where DLP is in place, once the user has the information on their device, then the organisation has lost control. The user can make copies of it, print it off, send it to a competitor, etc. Whether this is malicious, or accidental is beside the point – it is a problem for the organisation. MSPs can offer digital rights management (DRM) services where access to digital assets can be controlled, preventing copies of assets being made, denying emailing or forwarding, and even cut and paste or printing from being executed.
- Backup and archive. This is a simpler solution, but one that many organisations have overlooked during the pandemic. If users are creating data/information on their own devices, then it is unlikely that this is being backed up at all. Even if it is, it may not be backed up to a place where the organisation can access it. Providing services that back up business data to a central environment helps to protect work that has been going on from the failure of a device.
MSPs must, however, recognise that there are differences between the work and personal environments on a device. Indeed, in certain countries, not understanding this difference could lead to legal arguments. Being able to offer services that differentiate between the two environments, either by using sandboxed systems or even remote desktop usage, can help in bypassing such concerns. It will be interesting to watch how the opportunities for MSPs continue to grow in this landscape.
Photo: Jelena Zelen / Shutterstock