Endpoint Security Data Visibility & Protection

Enforcing location policies in work- and learn-from-anywhere environments

September 27, 2021

3 Min Read

As we slowly recover from the pandemic, it’s clear that the future of work is a hybrid one. In these new work- and learn-from-anywhere environments, the hallmark of a successful business or educational organization is being able to provide reliable, resilient work- or learn-from-anywhere experiences that maintain maximum security without compromising end-user productivity.

For IT and security practitioners tasked with managing distributed endpoint fleets, this intrinsic need for flexibility makes the role even more challenging.

One of these challenges is due to location. Employees, without prior approval, may be working from locations that differ from the ones that they were originally assigned, resulting in HR challenges and potential tax repercussions for the organization. Within the Education sector, it is commonplace for students to bring 1:1 devices that were provided to them by their schools to multiple locations. In the past that would typically have been limited to the school and the home, but as routines have changed, so have the locations where students use these devices.

So, in addition to the health of critical security applications and the deployment of patches, a basic indicator of device status that IT and security administrators should monitor is the device’s geolocation. Is that endpoint currently located where it should be? If not, what is the associated risk? Has the device changed location regularly over the last few weeks or months, and are these changes both explainable and acceptable? With any highly-mobile device, there is naturally going to be heightened risk due to the potential use of insecure Wi-Fi networks and the greater chance  that devices will be left unattended, get lost, and possibly stolen. As employees tend to store more sensitive data on endpoints (e.g., PII, corporate IP, customer data), a device falling into the wrong hands either physically or through a compromised network connection can quickly lead to financial and reputational repercussions to the organization or school district.

With these challenges in mind, Absolute recently announced significant updates to its Geolocation and Geofencing capabilities, making it easier for IT and security teams to reliably track their endpoints and be instantly notified of suspicious or unauthorized device movement. Absolute Geolocation analyzes multiple datapoints such as Wi-Fi triangulation, GPS coordinates, and IP address to provide the most accurate location reading for any . Absolute’s presence in the firmware of devices shipped by leading system manufacturers ensures the feature is tamper proof, providing a superior location tracking experience when compared with alternative solutions that rely on external tracking devices or software that can be deleted or modified.

In response to the need for greater customizations and security,  super administrators can decide whether to assign the same granular permissions to other Absolute administrators or limit their access to high-level geolocation (e.g., state-level versus street-level) to ensure end user privacy is maintained. Some of the key capabilities include:

  • Enhanced geolocation tracking Visually locate endpoints through interactive map and satellite views to identify ones that are in unauthorized geographical areas.
  • Historical device location – Analyze historical location records to identify anomalies or suspicious movement, aid in the recovery of a lost or stolen device, or for internal or external security audits.

  • Instant alerting of unauthorized device movement – Being notified whenever devices cross approved geographical boundaries to take swift remedial action. Custom creation of location boundaries aligned with organization or school district policies by choosing specific cities, states, or countries, as well as manually drawn geofences.

 

  • Customization of location permissions for end user privacy – Modify the location permissions of specific Absolute admin accounts to balance security with end user privacy.

Absolute Geolocation is available through all Absolute products (Absolute Visibility®, Control®, and Resilience®), while the creation of Location Rules and Geofences is available through Absolute Control and Resilience subscriptions.

 

 

 

Endpoint Security Data Visibility & Protection

Share this article

Financial Services