Endpoint - Cybersecurity Controls, Safeguards, Policies & Management
Cyber Security is more than a ubiquitous buzzword. The risks coming along with an insufficient security strategy reportedly led firms around the globe to bankruptcy in the last decade. The requirements for a business regarding cyber security are not only technical in the era of cloud technologies. They include every single step of the value creation chain of a company. Most of those requirements are in fact of a non-technical nature.
Brother International Europe Ltd. mandated the University of Applied Sciences Northwestern Switzerland (FHNW) to support the organisation with its IT security strategy. In the context of a student project, three part-time Business Information Technology (BIT) students completed the mission of evaluating the risks related to Brother’s endpoint device, write technical as well as non-technical guidelines and tested a solution for an automated control of the defined safeguards.
Alexandre Miccoli & Cedric Roggwiller & Dario Stöckli, 2019
Projektarbeit/Praxisprojekt, Brother International Europe Ltd
Betreuende Dozierende: Gabriel Felley
Keywords: cybersecurity, endpoint, clients, intune, microsoft, ems, policy, standard
Brother has adopted the CIS20 framework to work with, but still must create business reasoning and an assessment on each control to determine if safeguards are appropriate, including what level of investment in safeguards is reasonable.
The goal of this project is to articulate an endpoint device management policy for Brother Europe, based on the risk assessment and proper safeguard analysis.
Additionally, the organization is looking to adopt device management using the Microsoft Azure based Enterprise Mobile Security (EMS) E3 level toolset.
At the start of the project, management of some device types (e.g.: mobile phones, tablets) has already been configured for Europe with some basic management and security controls.
Since EMS E3 licenses are quite expensive, Brother wants to ensure that the purchase of around 1'500 licenses makes sense, which is why a proof of concept shall be conducted.
The solution was delivered in an iterative, agile approach to optimize the achievable outcomes and to handle impediments early.
The first part of the project consisted of assessing the risks incurred by Brother and was therefore of managerial and theoretical nature. The CIS 20 security framework, which the company already defined as its preferred methodology, has been taken as basis for any further work, including an IT security policy and standard.
The second part of the project included a proof of concept (PoC) with Microsoft EMS E3 and particularly Microsoft Intune. The project team's task was to incorporate the current software deployment solution, introduce basic compliance checks, maintain system updates, force certain configurations as well as enforce conditional access policies across some services.
The CIS 20 aligned endpoint device management policy, standard and risk assessment can be used to revise the currently used policy and standard within Brother Europe, which will improve security and help to educate the end-users.
During the PoC phase, Intune was tested in different functional areas, namely automated software deployment including self-service marketplace, conditional access, device compliance, configuration and management. The configuration and policies that were created during the PoC phase set the cornerstone for rolling out Intune across Brother Europe and saved its client engineering team a considerable amount of time.
Brother can now move from an on-premise to a hybrid-cloud environment and thus extend its endpoint management perimeter to anywhere in the world. Policies, software and general changes can be pushed out any time and will be applied by managed clients no matter where they are currently located. Compliance is constantly evaluated and reported back to the portal.
Studiengang: Business Information Technology (Bachelor)
Fachbereich der Arbeit: Wirtschaftsinformatik & IT-Management