When you embrace a mobile workforce, the way the company should handle incidents will not change the core foundation (assuming there is a process in place and the user knows how to report the incident), but it will include a series of new considerations. You can review this curation that I created with some good articles about IT Security Incidents and how to create your own incident response plan. From the IT perspective, administrators must be ready to leverage technology in order to contain an environment from contamination coming from a compromised mobile device. You can rationalize your security strategy based in Microsoft’s Pillars of Security described in this White Paper and shown below:
One cloud service available with Enterprise Mobility Suite is the Microsoft Intune that can be used in incident response scenarios. Let’s say a user opens an incident reporting that he lost his device. At this point IT will have to evaluate if it is better to remote wipe the device or remote lock the device. The decision will vary according to other variables, for example: the company security policy might dictates that first IT needs to lock, wait 24 hours and if the device is still lost than it should be wipe it out. For both cases you can use the steps from the article Help protect your data with Remote Wipe, Remote Lock, or Passcode Reset Using Windows Intune to handle this case.
While incident response is important part of the security plan, identifying potential threats before they happen are also very important. Another capability available with Enterprise Mobility is the Azure Active Directory Premium and the reports available with this service that can assist IT to identify suspicious activities. The Azure AD Premium reports available are the following ones:
You can use those reports to better understand patterns and once you understand those activities you can determine if further investigation is necessary in order to address that potential threat.
Didn’t try EMS yet? You can try it for free, got get your trial here.