Security threats are getting more complicated so anything that simplifies IT security management is a welcome relief. We look at how Microsoft Secure Productive Enterprise can easily bolster IT security while making user’s lives easier and more productive.
Running an organisation, no matter if it is a large multinational or a small firm of a few employees, is never easy. Providing the tools users need to perform their jobs needs to be done effectively and efficiently and the intellectual property they create has to be protected.
For the IT department this is a task that has become increasingly complicated as users seek to do more. At the same time hackers are becoming ever more sophisticated in their attacks upon IT infrastructure.
One way that IT departments can make their lives easier for themselves and their users is Microsoft’s Secure Productive Enterprise (SPE). This is a single licensing option that brings together Office 365, Enterprise Mobility + Security Suite and Windows 10 Enterprise upgrades. It replaces the Enterprise Cloud Suite that Microsoft introduced a few years ago.
It also means a simplification of contracts that the IT department has to sort out. Previously, organisations may have bought an Enterprise Agreement, but soon found themselves with a myriad of contractual documents as new products spanning client computing, infrastructure, databases and cloud were launched.
The Microsoft Products and Services Agreement (MPSA) simplifies this with a single contract to procure Microsoft solutions and services.
This simplification of licensing means that businesses have lower up-front costs. It also gets rid of the need for all-consuming device counts and audits, making it easier to remain compliant. It also allows an easy move from Windows 10 Pro to Windows 10 Enterprise E3 without rebooting.
For Tony Lock, distinguished analyst at analyst firm Freeform Dynamics, having the suite makes IT simpler in one important way, it makes the licensing simpler.
“And that is something that people always think ‘well that’s not really that difficult, to do, is it?’, but trust me if you have ever tried managing licenses in an organisation, it is a pain in the neck. Anything that simplifies licensing, you should really not underestimate the value of that,” he says.
Lock says that licensing can become an issue when there are too many choices or you have options that are sometimes difficult to understand.
“It has certainly been the case in the past that finding people with a good grasp of all the range of licensing options is enormously difficult. This is particularly true when you are talking about a broad sweep of products, as you are here, where it is really difficult to understand what options are available for each of these products, what is the most economic way of buying it, and what is the easiest way for me to license everything,” says Lock.
Lock believes that large enterprises usually get a global license, but for smaller organisations, working out what to do and how to do it, just on basic licensing knowledge is really difficult.
“The number of people that understand it well and can give really good advice on that is really very limited,” he says.
Simplifying the implementation through the organisation
For IT teams implementing tools within the organisation, the simplification comes through the standardisation of the package offerings. Two tiers are offered to enterprises: Secure Productive Enterprise: E3 and E5.
The E3 tier will be very familiar to those organisations that already have Enterprise Cloud Suite within their infrastructure. It comprises of Office 365 Enterprise E3, Enterprise Mobility + Security, and Windows 10 Enterprise E3.
Meanwhile the E5 plan has an important security advantage over the E3 version – Windows Defender Advanced Threat Protection (ATP). This service helps organisations find targeted and advanced cyber-attacks on their networks, as well as simplifying the process of identifying and commencing appropriate responses.
Adrian Sanabria, industry analyst at 451 Research, says that when it comes to implementing Secure Productive Enterprise, his recommendation would be to take a look at the big picture. “Everything that comes in these bundles, and also look at the company’s needs, current products and workflows. Work with the business and employees to determine which products will be adopted, and which are extraneous and won’t be used,” he says.
Secure Productive Enterprise (SPE) offers the Office 365 Productivity Suite. This allows Office 365 to be deployed on up to five PCs or Macs per user, as well as apps for tablets and smart phones.
There are also rich communication and collaboration tools such as Exchange Online. This eases the task of setting up a user’s email accounts and comes with unlimited mailbox and archiving storage per user.
It also includes Skype for Business and Yammer to promote collaboration not only between organisations, but also within teams inside the business.
There is also complete cloud communication with Modern Voice and Cloud PBX.
Getting more mobile
SPE also allows simple management of devices and their security through Enterprise Mobility + Security, which is the new name for what was previously the Enterprise Mobility Suite.
Mobile productivity is attained using Microsoft Intune which enables the management of PCs, laptops and mobile devices, while protecting company data stored on such systems. The package makes mobile management more simple as it can look after many different types of devices that use a variety of operating systems (Windows, Windows RT, Windows Phone 8, Apple iOS or Google Android).
Getting more secure
Security can be a massive pain for IT departments but also can be the largest business risk that the Enterprise is exposed to. Poorly configured security can, in some cases, be worse than no security at all. The new security features introduced in Secure Productive Enterprise are the key differentiators from previous offerings.
With Windows 10, the security features it offers enable businesses to secure sensitive data and identities and ensure devices are protected from hackers. Users have the freedom and flexibility to access sensitive data on a range of devices.
Identity and access management is simplified by using Azure Active Directory. These identity and access management solutions help IT protect access to applications and resources across the corporate infrastructure and the cloud, allowing additional levels of security through multi-factor authentication and conditional access policies.
Azure Information Protection can be used to protect sensitive data. It uses policies to classify and label data based on the source, context and content of the data. Classification can be fully automatic, user-driven or based on a recommendation. Once data is classified and labelled, protection can be applied automatically on that basis.
Getting into the cloud
SPE makes it easy for firms to get into the cloud while still making the most of their investments in on-premise infrastructure. It offers flexible licensing for organisations moving to the cloud with a single, per-user subscription that’s cloud-first with on-premises capabilities.
The suite offers businesses the right to install, access and use Microsoft Exchange, SharePoint, and Skype for Business servers in dedicated environments without the need to buy an on-premises application or server software. This means existing productivity investments can be leveraged while users move to the cloud.
Having the right tools in place to simplify and secure your organisation
Lock says that after the implementation stage, having good security and management tools is essential.
“More importantly, it is actually having the processes wrapped around those. Make sure that they are used well. When it becomes really valuable and can actually improve security and resilience. And that is something that is really important to bear in mind here,” he says.
He adds that the fact that you have got the tools doesn’t help “unless you use the tools well and if you keep on using the tools because most of these tools are not fire and forget, they are things that need to be managed day by day.”
Sanabria says that if a security team wants to monitor outgoing files and communications with a data loss prevention (DLP) product, they have to consider that this bundle includes no less than three chat/IM platforms (Skype, Yammer, Teams), each of which use different protocols.
“Six products offer the means to transfer files outside of the organisation: Outlook/Exchange, OneDrive, Sharepoint, Teams, Yammer and Skype,” he says.
“Fortunately, Microsoft Cloud App Security, can help filter, control or enforce whichever methods the IT team chooses to standardise on.
“Choose one product for messaging and one or two for collaboration and file sync. Locking down the extraneous products and features reduces attack surface, reduces maintenance and training overhead and reduces confusion among employees.”
Implementing a process and sticking with it
Lock recommends that once tools are in place, getting a system established is key. He adds that adhering to that process is also important in order to keep IT simple and sane.
Lock says that the process needs to be updated because tools change as your business changes.
“Get that governance process in place and make sure that it is used every day or every week, every month. Whatever the process says, ensure it is used when it should be used, that is the important point,” he says.
“It is great having the tools, it is great having the process, but unless the two are actually used together, then that is where things fall apart. You have got to make sure that both are carried out together.”
Getting the right mix as per your needs
As Secure Productive Enterprise is offered on a per user basis, the offering can be scaled up or down according to needs. This means it is ideal for businesses who do not have dedicated IT resources or limited IT staff, and want their licensing and IT needs managed by a trusted and experienced partner.
Partners can also be useful in configuring and managing devices. They can help in developing a device security and management approach with the great features of Windows 10. Organisations can view subscriptions and usage for Windows 10 Enterprise, and any other Microsoft cloud services purchased, in their partner portal.
Sanabria says that Microsoft is tough to compete with, because it owns the industry standards – Exchange, Office, Active Directory, Windows.
“Once they take all those standard products and platforms and bundle them with security offerings and complementary offerings for productivity, mobile and communications, the result is something that’s difficult to beat, and impossible to match, product for product and feature for feature for anyone that isn’t Microsoft,” he adds.
By buying SPE, organisations no longer need to renew Software Assurance of the existing SharePoint, Exchange or Skype for Business servers in the existing Enterprise Agreement and acquire additional SharePoint, Exchange and Skype for Business servers.
This means simpler management with a single contract, a single user account, a single support contact and a single bill. Absolute simplicity when you need to work smarter.
Crayon is a global software and cloud expert. To find out how we are already optimising enterprise agility and security, whilst delivering best practice IT governance structures for clients, call us today or click here to read some working case studies.