What is the Endpoint Security and Protected Access Program?
The Endpoint Security Program encompasses multiple services used to defend against increasingly sophisticated and constantly evolving cybersecurity threats. Two of these (Endpoint Protection and Endpoint Assessment) specifically protect user endpoints (i.e. end user devices such as desktops, laptops, and mobile devices) from malicious activity and require that some or all of Queen’s enterprise suite of endpoint security tools be installed on them. The third (Protected Access) uses other compensating cybersecurity risk mitigation controls in lieu of installing software on user endpoints.
At Queen’s, employees are required to adopt security measures to protect institutional data as well as valuable research and intellectual property. As cybersecurity threats and protective technologies change over time, the security controls specific to this service may also change. Queen's-funded devices* are required to be enrolled in Endpoint Protection.
*A Queen’s-funded device (QFD) is a device that is paid for using a Queen’s account code, a research grant managed by the University, or a professional expense allowance.
Endpoint Assessment uses a cloud-based endpoint management solution. This toolset provides the ability to confirm that a user's device meets defined health standards (for example, that the device's operating system is up-to-date). As cybersecurity threats and protective technologies change over time, the security controls specific to this service may also change.
To use your personal device (BYOD) to access Queen's systems, employees may choose to enrol in Endpoint Assessment.
Protected Access enables eligible employees to access Queen’s resources (the Microsoft 365 suite) without the need for additional software on their personal devices, and instead to be subject to other compensating cybersecurity risk mitigation controls implemented through a managed browser session. As cybersecurity threats and protective technologies change over time, the security controls specific to this service may also change.
Protected Access is available to eligible Queen's employees who do not have access to a Queen’s-Funded Device through any of their appointments.
Eligible employees currently include:
- Term Adjuncts
- Graduate Teaching Assistants
- Graduate Research Assistants
- Teaching Fellows
- Undergraduate Teaching Assistants
- Undergraduate Research Assistants
- Residence Dons
Enrolling in the Endpoint Security Program
Enrolling in Endpoint Protection is easy. We provide tutorials based on the ownership status of your device and your device's eligibility.
Endpoint Security and Protected Access ProgramHealth Standards and Compliance Requirements
The intent of the Endpoint Security Program is to ensure that only healthy devices connect to Queen's systems to ensure no vulnerabilities or data compromises are introduced.
Devices enrolled in Endpoint Protection (Queen's-funded devices) must meet specific health standards and compliance requirements to be able to access Queen's resources.
You are not required to enrol a personal device in the Endpoint Security Program; however, if you would like to use your personal device to access Queen's resources, you can enrol it in Endpoint Assessment.
Health Standards and Compliance RequirementsData Collected on a Queen's Managed Device
Queen’s University cannot see your personal information when you enrol a device into Queen's Endpoint Protection program. When you enrol a device, you give your organization permission to view certain pieces of information about your device, such as the device model and serial number. Queen’s University uses this information to help protect University systems and data being accessed by the device.
Data Collected on a Queen's Managed Device