Cloud Best Practices: Audit Checklist for Endpoint Security

Colin McArdle - Senior Account Director at Tikit 

Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.

Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.

However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.

However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.

Saving Time

For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.

Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.

Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.

Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.

This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.

The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.

“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”

– Ian Smith, partner at Ryecroft Glenton

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

MobileIron is a government-grade cloud and endpoint security platform. Here is how our customers leverage MobileIron technology to address the checklist above:

Checklist # 1, 2, 3, 8 
Enroll device in MobileIron:
Use MobileIron to install a configuration profile on the device that allows IT to take the security actions necessary to protect business data. 

Set security policies:
Set the appropriate password and encryption policies in MobileIron. Use biometrics for authentication if available. If a device falls out of compliance, automatically quarantine or selectively wipe it. When employees leave the organization, do a full wipe on the device if corporate- owned or a selective wipe if employee-owned. 

Put business apps under management:
Use MobileIron to distribute business apps through the Apps@Work enterprise app store or Managed Google Play. When installed, these apps are managed through policy controls set in MobileIron. That means IT can prevent data sharing between business and consumer apps and delete the apps over-the-air when necessary. This puts enterprise data under the control of IT without compromising the privacy of personal data on the device.  

Checklist # 4 
Deploy per-app VPN:
Use MobileIron to configure business apps so that they only connect to on-premises services through MobileIron Tunnel per-app VPN. This separates business app traffic from consumer app traffic, so that excess personal data does not flow through the corporate network. 

Checklist # 5, 6 
Allow only trusted devices and apps to access cloud services:
Use MobileIron Access to block unmanaged, unauthorized, or non- compliant devices and apps from authenticating to cloud services like Office 365, Salesforce, ServiceNow, Workday, etc. MobileIron Access is a multi-cloud, multi-identity, standards- based solution that extends across the many cloud services and identity providers in an enterprise.

Checklist # 7
Detect and remediate zero-day threats:
Use MobileIron Threat Defense to monitor for suspicious device, app, and network activity. When an issue is uncovered, trigger MobileIron policies to take the appropriate remediation action, like user notification, device quarantine, or data wipe. 

Checklist # 9, 10 
Don’t compromise on security certifications:
MobileIron was the first solution to gain certification for the Common Criteria Protection Profile for MDM v2. MobileIron is also SOC 2 Type 2 compliant and has FedRAMP Authority to Operate (ATO). Modern security is evolving and IT professionals sometimes ask if Microsoft Intune can fully support this checklist. We do not think it can, especially for checklist items # 3, 4, 5, 6, 7, 8, 9, and 10. MobileIron is committed to a multi-OS, multi-cloud, and multi- identity security architecture that supports the best-of- breed technology choices of modern enterprises.

Summary
Most organizations will face a security audit of some type, either internal or external, over the next few years. The goal is the same – protect data from both malicious compromise and well- intentioned loss – but the mechanisms to do so are very different between traditional and modern security architectures. A structured audit checklist can provide a starting point for the people, process, and technology investments that will enable an organization to quickly and securely tap into the innovation of cloud services.

In any cloud deployment, endpoint security must stay top-of- mind to satisfy the GDPR, the NIST Cybersecurity Framework, and similar compliance models. Modern apps on modern endpoints are how employees consume cloud services, but data will be lost if those endpoints and apps are not secure. How much data is lost will depend on how quickly organizations implement an end-to-end, multi-cloud security solution like MobileIron as they move to Microsoft Office 365, Salesforce, ServiceNow, Workday, and beyond. 

May 2018

Time to use data more strategically 

For too long time recording has been seen as a back-office activity, and not one of strategic value. In this article, Colin McArdle, Tikit’s Senior Account Director for the Accountancy sector in EMEA corrects that view by arguing that timekeeping can actually become a critical component of strategic planning – if practices use the right tools to exploit its potential.