Aura is a security platform that I have been keeping a close eye on for the last couple of months. I have even been using it myself as it incrementally rolls out its full suite of security, financial fraud, and identity theft prevention products and services. You can read my overview of Aura's offerings and how its modern digital security platform differs from other services like Norton and McAfee here. While my primary goal in that article was to talk about security, identity, and financial protection for the modern consumer, I now want to talk about Aura as an offering to employees of small and large businesses.
This model isn't something I had considered when I started researching the company, I'll admit, but the Covid-19 pandemic has changed things. I believe there is a need for a modern security platform for businesses and its employees. As the enterprise jumps head-first into the wild, wild west of hybrid work and digital transformation, there is very little awareness of how organizations can be exploited through these new work scenarios.
I am aware of many security platforms that contribute to the security of employees in various ways. I think about Box as a secure content management suite, Windows 365 as a solution bringing remote access to the office PC, and Samsung's mobile business offerings like Knox as a secure way to manage employee devices. Aura is not competing against any of these platforms or services—rather, it is looking to solve a different problem.
While there may be infrastructure in place to protect employee activity on a work-issued device, there is no available infrastructure to protect everything else in the home or digital life of the employee. If we look at the history of enterprise security, ten years ago, the focus was on establishing a firewall perimeter inside the confines of the corporate building. As the digital enterprise developed and matured, the discussion moved to app-level security solutions, and now the hybrid work environments, the focus has moved to secure the employee endpoint. However, that endpoint sits in a grey area. Is it the enterprise's responsibility to secure the home network and all personal devices of the employee? How much can the enterprise invoke on the home, specifically digital security, of an employee to protect itself?
Most homes don't have cybersecurity in place for all devices connected to the internet or even realize that they have unsecure devices on the network. Think of all the “smart home” devices you have connected. Are all of their firmwares updated? Do those manufacturers actually update for security? Are those companies even still in business? These devices are operating on the same network that their work devices are connected to.
While companies can look to secure their employees' homes, it would be a heavy task and hard on IT to make sure every employee's own network, computers, smart home devices and personal data is protected against security exploits. Even if a company manages to secure all of its employees, the limitations on the home are comical; things like gaming and social media would fall outside the security of the enterprise.
These scenarios are especially true when we think about the social engineering that can infiltrate the home. The threat is no longer "click on this box, and your PC has a virus." Bad actors are becoming smarter than that, and these are problems small and large businesses need to address before an employee-involved breach happens.
We can think of scenario after scenario of how employees can compromise sensitive information, but it all comes down to one fact: the average person is unaware of how digitally vulnerable they are. This unawareness becomes a critical issue for the enterprise whenever an employee accesses work information on a personal device without sufficient protection. Employees can transfer information using a USB drive, cloud storage service, or enterprise software that allows login on any device and cause a security breach. In fact, these three actions are the cause of a majority of enterprise security breaches. The risk facing the enterprise today is much more on the human side than the technology side.
Aura for enterprise
Aura's goal is to tackle this problem from the bottom up, aiming to serve as the solution to the human (employee) risk. If the average person has better security practices and is regularly alerted to threats to their information, the benefit will translate to the enterprise. By employing practices like having a password manager, diversifying passwords, and using 2FA, the risk of an employee being breached in a manner that would jeopardize the enterprise is dramatically reduced. That's why Aura is offering its digital platform as an option in employee benefits plans so that employees, their devices (work or personal)—and those of their entire family— are protected.
I believe this employee benefits model has many key advantages. It is an inclusive, but not overbearing, solution to ensuring employee devices are protecting company information. For companies allowing employees to use personal devices, businesses don't have to worry about employees being exploited when doing company work on a personal device. It is also a solution that is advantageous to small and medium businesses (SMB) that may not provide employees with company devices. And, further, it supports bring your own device (BYOD) policies that may be critical to employee productivity during the current chip shortage and beyond.
Most large companies are giving licenses for security to families for one extra device in the home. The challenge is that if not all devices are protected, then all devices are unprotected. The employee benefits offering is a holistic and realistic security and privacy solution that encompasses the reality of hybrid work environments and IoT/connected devices. PCs grew 70% last quarter in the US according to Canalys. This is partly because we’re going from a few PCs per home to one PC per person in the home. The security challenge is getting even harder.
Don't get me wrong, I don’t think Aura is looking to mandate every employee and its dog to be on a VPN 24/7 for the company's sake. It is more thoughtful than that. Executives at Aura tell me they want organizations and their employees to look holistically at how employees implement more secure financial, device, and identity practices to benefit the business, themselves, and their families.
Everybody knows VPNs slow everything down, so it's not about relying on all the security suite's solutions on all devices at all times. Rather it is about implementing better security practices at home to protect all aspects of an employee's digital life – from finances to identity, personal data, and devices – that could make them a target. It may be as simple as using Aura's identity monitoring tools and 2FA on logins whenever possible.
And, to make this process even simpler for consumers, Aura is also looking to launch a hardware product in the next year that will identify mobile devices and IoT devices that are vulnerable or malicious to then alert and protect the user. It will be a product that addresses exploits in the home system that are vulnerable even when you don't know it — like when software is outdated and in need of a patch. I could see this solution drastically improving security and mitigating vulnerabilities in the home. While I can't say much more about it now, it fits Aura's vision of bringing security solutions to modern digital users.
Now more than ever, cybercrime is growing at an incredibly alarming rate. But as cybercrime grows, cybercriminals are becoming much more sophisticated, looking towards tactics like social engineering to steal sensitive information that can be used to breach business accounts and networks. Aura as an employee benefit helps organizations better secure their employees and improve their overall security posture by working from the bottom up. The VSB, the very small business crowd, could easily replace the Nortons or McAfees with much better customer satisfaction ratings.
I think this unified approach could create a win-win scenario for both businesses and its employees. In all reality, bad actors are going to go for the easiest targets, and the people and employers who have secure practices in place will be less vulnerable to digital crimes. As Aura continues to roll out its whole suite of digital security offerings, I see it growing more and more appealing to businesses of all sizes looking to protect the business and employees against evolving threats.
Note: Moor Insights & Strategy co-op Jacob Freyman contributed to this article.