How Sprinto helps in getting Staff Devices Compliant Ready
Introduction
Staff devices often access the organization's critical resources, processing and storing critical data, making them critical nodes in its data security program. The organization's device management policy helps staff members understand and follow their devices' data security practices and configuration.
From the security compliance standpoint, it is critical to ensure that the staff members maintain the secure device configuration advised by the device management policy and align with the requirements of the organization's compliance program goals.
How Sprinto helps in getting staff devices security compliant ready
The Staff Devices section under the Security Hub is a dedicated space on the Sprinto app for managing staff members' device health status.
A typical journey of managing staff devices with Sprinto includes the following stages:
Step 1: Setting up Mobile Device Management (MDM) tool
The MDM tool is an essential medium for enforcing the organization's device management policy on staff devices. Staff members report their devices' health status using the MDM tool. You can choose any one of the following options for staff device health status reporting:
Dr. Sprinto: Dr. Sprinto is Sprinto's native MDM solution, assisting in taking complete control of staff device health reporting. Dr. Sprinto app comes with the following exclusive functionalities:
Custom device status requests: In addition to the predefined frequency of device status reporting, you can create a custom request for device reporting.
Review real-time device status: Allow you to review individual staff's device reporting status.
Individual reminders: Send reminders to any staff member to complete the pending device status reporting.
Third-party MDM tools: Sprinto also supports integration with industries' widely adapted MDM solutions to monitor staff devices status. Upon integration, Sprinto retrieves the reported devices statuses through the integration and maps it against the staff members added to your Sprinto account. Supported integrations for MDM tools:
Microsoft Intune
VM Ware Workspace ONE
Google Workspace Chromebook
Rippling
Workflow checks: If your MDM solution is not listed under Sprinto's supported services list, you can still meet your compliance requirements using Sprinto's workflow checks for staff device management. You can selectively enable the Sprinto workflow checks that meet your compliance goals with device reporting or create your own workflow check if required. Upon configuring the workflow check, you must manually upload evidence against the workflow check showcasing the specific configuration from the staff devices. Below is the list of Sprinto's predefined workflow checks for staff device management:
Staff device OS is up-to-date
Requires to run devices on the latest official operating systems version.
Upload screen captures from the staff devices showcasing the installed OS version.
Staff Device management
Requires to
Upload screen captures from the staff devices showcasing that the devices are configured and adhered to per the organization’s device management policy.
Staff Devices should have Data Leakage Protection running
Requires to enable the Data Leakage Protection (DLP) solution on staff devices accessing the organization’s resources.
Upload the screen capture from the staff devices showcasing the presence of the Data Leakage Protection (DLP) tool.
Staff devices should have Web filtering enabled
Requires to enable the web filtering on staff devices accessing organization resources.
Upload the screen captures showcasing the enabled web filtering through tools like antivirus or MDM tools.
Staff devices inventory should be maintained
It requires maintaining an exhaustive list of staff devices and the security configuration requirements per the organization’s device management policy.
Upload a document listing the staff devices and security configuration enforced per the device management policy.
Staff devices should have Anti-Malware Detection and Prevention enabled
Requires to enable the anti-malware detection and prevention solution on staff devices.
Upload the screen capture from the staff devices showcasing the configured anti-malware and detection solution.
Staff devices should have its storage encrypted
Requires to enable the device storage encryption.
Upload the screen capture from the staff devices showcasing the device storage encryption status.
Automatic lock screen should be enabled on staff devices
Requires to enable the auto screen timeout on devices. The auto timeout time must be equal to or less than fifteen minutes.
Upload the screen capture from the staff devices showcasing the configured auto-screen timeout.
Personal firewall on laptops and desktops
It required enabling the on-device firewall, ensuring the device's security against malware and unauthorized access.
Upload a screen capture from the staff devices showcasing the on-device configured firewall.
Sprinto device health checks: Upon reporting a device's health status, Sprinto computes the reported device's health status and starts failing the necessary Sprinto checks against the respective staff members who require a device security configuration update to meet the compliance requirements. To pass these pending checks, the respective staff members must update their device configuration per the failing Sprinto check requirements and report the device status. Below is the list of Sprinto checks for staff device health:
Staff Device Status Reporting
The check is responsible for tracking device health status reporting and starts failing for a staff member with pending device status reporting.
Screenlock should be enabled on staff device
The check ensures that the reported device has enabled the auto screen lock functionality for equal to or less than 15 minutes.
Reported device needs to be mapped to a staff
The check ensures that the reported device is mapped against an employee and defines the device’s ownership.
How to fix
Disk encryption should be enabled on staff device
The check ensures the reported device has enabled the on-device storage encryption.
Device OS should be upto date on staff device
The check ensures that the reported device is running on the latest officially released operating system version.
Antivirus should be running on staff device
The check ensures that the reported device has an antivirus enabled.
Periodic reporting: Device health status reporting is a cyclic process that must be repeated twice yearly (every six months) to align with the industry standard data security compliance requirements. To help with the same, Sprinto starts failing the Sprinto check "Staff Device Status Reporting," reminding us to run the device status reporting through the configured MDM solution.
Please contact our Support team for any queries related to staff device management or if you need assistance.
Last updated