Why your users will love EMS with Office 365

Enterprise Management of information works on many devices, as well as in the cloud

The world seems to run on leaks these days. It doesn’t seem to matter whether you are a large or a small business – or even the government of the United States of America – everyone is only too ready to claim that the leak wasn’t a result of their free will. Oh no, it was those nasty hackers that did it.

If you are charged with actually responding to the loss of some valuable intellectual property from your company, then it’s not often the case that you are the head of IT. There’s been a lot of talk about CIOs and the movement towards information-centric organisations, but the trickle down to the rest of us is taking some time to come about. And to extend a not-very-hypothetical case in point, if you’ve just lost money because a competitor stole your designs and therefore you’re now empowered to clean house and tighten up your information security, then the traditional state of an IT department facing this issue will not please you very much at all.

Security is scattered across roles in traditional IT. Crucially, the roles that have the most contact with users tend to be the ones with the least experience or authority in security. And now, the twin spectres of cross-platform security and bring your own device (BYOD) haunt the nightmares of the guys who actually understand the severity of the problem of information leakage. Changing the way the IT guys work together turns out to be crucial to actually managing to deliver a tight, but mobile-aware, security picture.

Are you expecting to read about a paradigm-shifting, revelatory, all-consuming fix? I hope not, because those are pretty thin on the ground when it comes to information protection. What has to happen isn’t that someone produces a whole new context, rather the quickest to implement will be using tools with some history and depth to them.

Shifting the balance of power
In this field, products don’t come much deeper than Enterprise Management Services (aka EMS), the part of Microsoft Azure and Windows. This draws in their long-standing mobile device platform, Windows InTune, to shift the balance of responsibility away from end-user service teams, and towards the guy who has to understand exactly what each person is really allowed to see, edit, copy, mail and so on: the Active Directory guy.

The theory is actually very easily expressed. If you make use of the extensible structure of Active Directory so that documents have to check their rights before they are opened, then it becomes possible to enforce digital rights management. To do that, however, you have to expose a lot of previously extra-private resources to global lookup. It’s not ideal to have anyone in the world able to interrogate the database that also holds your login names and passwords, especially when that is normally found inside your premises within the holy of holies – your server room. This is where Azure joins in, as a globally findable platform. Active Directory Premium on Azure shifts the point of lookup, away from your kit and on to the cloud.

Then the other pieces begin to fall into place. InTune presents the rights management platform alongside the phone and tablet platform, and uses the same credential set – your AD usernames and passwords. Crucially, it does it on the actual phones that are out there, emphasising Apple and Android devices long before it supports Windows phones.

That’s normally enough to achieve a sensible level of protection. It’s also enough to drive the traditional job segregation inside IT teams to complete distraction. You have to factor in a re-architecting of the workflow of security requests, device provisioning and upkeep, security audits and IPR changes (such as episodes of legal disclosure).

This means that quite a lot of the project won’t just be about clicking on Azure management screens, it’s going to need the IT team to work differently and think flexibly too. So your users will thank you, but your IT team might not!