So: What happens, when all the endpoints come home to roost in the corporate nest, at the end of this crisis?
After weeks of end users logging on to their corporate endpoints from random and private networks and visiting shady addresses, security is highly compromised. Especially because the users haven’t been installing security updates, because the devices aren’t connected to your controls …
Ideally, upon returning to the office, John from Accounting would stop by Emily in Internal IT with his company laptop and phone, and have them cleaned up. Emily would install updates, scan the devices for malware, and run through John’s access history. He would then hand the devices back to Judith, who could now log on to the corporate network.
In real life, of course, John from Accounting shows up at his desk in the office, logs on, grabs a cup of coffee, and gets to work.
And when he does that, all the bugs that he has picked up and all the vulnerable applications that haven’t been patched, present a huge risk to your organization’s security, and to your compliance.
Check list for when we’re back to reality
So how do you sanitize your endpoints and keep malware from spreading? How do you shield your infrastructure from security threats?
The questions you need to ask yourself:
1. How much do I know about the current state of my endpoints?
2. Could everyone log straight on to the network, without risk?
3. Are there some endpoints I should quarantine, before I let them loose? And which ones are they?
The work you should do now:
1. Update all apps and programs in your network.
2. Perform pilot testing on designated environments
3. Perform an IT governance assessment of risk, assets, policies and procedures
How you approach these tasks, depends on your reality:
If you run a hybrid infrastructure, based on SCCM and Intune, the best advice is to set up a Cloud Management Gateway. This can be done in a week, you can do that straight away, and once done, you can roll out updates, and manage endpoints properly, from remote.
If you run a traditional PC-VPN based infrastructure with only few remote access point and limited scalability, you can prepare and configure most upgrades and updates, and test them on a limited number of endpoints. And then you write up a prioritized ‘update-and-reboot’ plan, to roll out when your end users are back in the fold.
If you’re 100 percent cloud, you shouldn’t be experiencing any issues at all, and will have been rolling out updates at your regular pace, through-out the crises.
What are your next steps?
Whatever your current state, it helps to get full visibility to the state of health of your endpoints and your systems. Only if you can see what and where the problems are, you can prioritize what to fix, in what order.
And finally: You get a plan together to migrate to a 100 percent cloud-based, modern-managed, truly digital workplace, so that next time we end up in a situation like this, you can deliver a high performing, stable IT operation to the business, while maintaining control and keeping up security.
Want to know more? Get in touch, or
Read more about how to prepare the business for the return of end users in Peter Odgaard’s blog post
Visit our COVID-19 Enterprise IT resource page where you can sign up for live and on-demand webinars
CTGlobal – we get IT and we got IT