barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfoinfo-circlesign-in-altsignin text-widthtimesyoutube
Blog
5 min read

Understanding NIS2: A Customer Success Manager’s Perspective

Miradore Best PracticesNIS2Security

5 min read

Sami Mäkiniemelä

By Sami Mäkiniemelä

As a Customer Success Manager at LogMeIn Miradore, one of my primary goals is to ensure that our customers are well-informed and compliant with the latest regulations. One such critical regulation is the NIS2 (Network and Information Security Directive 2), which is the European Union’s updated cybersecurity directive aimed at enhancing the security of critical infrastructure.

What is NIS2?

NIS2 builds upon the original NIS Directive, expanding its scope and tightening security requirements. It aims to improve the cybersecurity resilience of critical sectors such as energy, healthcare, finance, and transportation. Organizations within these sectors must implement robust cybersecurity measures and report significant security incidents.

How Miradore MDM can help with NIS2 Compliance?

The most crucial aspect of NIS2 compliance is knowing all your devices. Ensure that every device is managed and connected to the internet. This comprehensive approach not only enhances security but also ensures that your organization can quickly respond to any potential threats.

Here are three simple practical examples of how Miradore MDM can help improve NIS2 compliance:

  1. Device Encryption and Security Policies
    • Miradore can automatically enable device encryption and enforce strict security policies, such as screen lock and strong password requirements. This helps ensure that all mobile devices meet NIS2 security standards.
  2. Remote Management and Monitoring
    • Miradore provides real-time visibility into the organization’s devices and their security status. You can remotely manage devices, perform remote wipes, lock devices, and quickly locate lost devices, which is crucial for rapid response as required by NIS2.
  3. Automatic Updates and Patching
    • Miradore can automate operating system and application updates, ensuring that all devices are up-to-date and protected against known vulnerabilities. This continuous risk management is a key part of NIS2 compliance.

Frequently asked questions

Some of the most frequent questions we receive from customers are:

“What kind of mobile device is compliant with NIS2?” or “What does it mean that a device is insecure?”

While I always recommend consulting with your Data Protection Officer for official guidance, here is our personal view on device compliance:

  • Android: OS Version 13 or higher with the latest patch level updated within the last month.
  • iOS: OS Version should be kept on the current version (currently 18.1) because older versions are vulnerable.
  • Windows and macOS: Should be on the current version, with no critical vulnerabilities shown in Miradore. Ensure that only software covered by patch management or with a solid update mechanism is installed.

Example on how you can report vulnerable devices

You can access the Miradore reports under the Home section and create a comprehensive report of your security patch status for the entire device fleet, identifying any vulnerable devices.

For example, on Android:

  1. Select Create a new report (“Add”).
  2. From the available columns, add Security.Android.SecurityPatchLevel to the report.
  3. Click Next and add a filter for the security patch level (Security -> Android -> SecurityPatchLevel).
    Miradore - securitypatchlevelpng
  4. Use the “Less than” filter to identify all vulnerable Android devices by specifying the required security patch level.
  5. Click Next and give a name and optional description for the report.
  6. Enjoy your report of vulnerable Android devices which you can either upgrade or replace with more modern devices.
    Miradore - securityreporting

Enhancing cybersecurity and meeting NIS2 requirement with Miradore MDM

By leveraging the following features, Miradore MDM can help organizations strengthen their cybersecurity posture and meet the governance requirements set forth by the NIS2 Directive.

NIS2 requirement Desciption Miradore key features Information about the features
Risk assessment & Asset Management Organizations must implement appropriate and proportionate technical and organizational measures to manage the risks posed to the security of IT Assets.

Asset management involves identifying and cataloging all assets within an organization, including hardware, software, data, and personnel. This inventory is crucial for risk management as it helps in understanding what needs to be protected.

Also asset vulnerabilities are identified and managed.

 Miradore Unified endpoint management
- Miradore inventory
- Miradore reporting
- Miradore Patch management		 Getting started / What is Miradore

Features / Device inventory data

Features / Creating custom reports

Features / Patch management in miradore
Incident response and business continuity Organizations need to have a clear plan for responding to incidents. This includes steps to contain the incident, mitigate its impact, and prevent further damage. Miradore Unified endpoint management
- Remote wipe
- Remote support		 Features / Remotely wiping device

Features / Remote support
Supply chain security Organizations must ensure the security of their supply chains, including the security of third-party suppliers. Miradore ensures that all devices in the supply chain are secure by enforcing security policies, such as password requirements, encryption, and remote wipe capabilities. This helps prevent unauthorized access and data breaches.

Miradore can automate software updates across all devices, ensuring that they are always running the latest security patches and updates

 Android / Device encryption for android

MacOS / Filevault disk encryption for MacOS systems

Windows / Enabling bitlocker for Windows
Testing and audits  involves a systematic review and examination of an organization’s security policies, procedures, and controls. Miradore offers detailed dashboard and reporting of the assets which are essential for demonstrating compliance with NIS2. These reports can be used to show that appropriate measures are in place and are being followed. Features / Dashboard and reports
Encryption By implementing strong encryption practices, organizations can significantly enhance their security posture and comply with the NIS2 Directive’s requirements for protecting network and information systems Miradore offers several features to help manage and enforce device encryption, ensuring that sensitive data on devices is protected. Android / Device encryption for Android/

MacOS / Filevault disk encryption for MacOS systems

Windows / Enabling bitlocker for Windows
Zero trust & Multi-factor authentication The NIS2 Directive emphasizes the need for robust security measures to protect critical infrastructure and services. Meeting the security requirements set forth by the NIS2 Directive, which mandates strong authentication mechanisms to safeguard network and information systems. A site administrator can enforce two-factor authentication for all user accounts on a Miradore site. Account / Two-factor-authentication
Awareness and Training The NIS2 Directive emphasizes the importance of training and awareness to ensure employees are knowledgeable about cybersecurity risks and best practices. This involves regular training sessions, ongoing communication, and accessible resources to reduce human error, enhance incident response, and ensure compliance Miradore’s resources, such as blogs, videos, and the knowledge base, can be particularly useful as training materials for administrators preparing to meet NIS2 requirements Blog
Training videos 
Knowledgebase

 

What is Miradore’s commitment to NIS2?

At Miradore we also understand the critical importance of staying ahead of regulatory changes to ensure the security and resilience of our services.

  1. Phase 1: We assessed the Directive’s requirements at a corporate level to identify the necessary measures and align our corporate policies and procedures with the directive's mandates. Our proactive approach ensures that we are on the right path towards meeting these new standards.
  2. Phase 2: Our corporate global risk and compliance team worked closely with our product teams to assess product-specific requirements to identify and address any potential compliance gaps. By integrating these requirements into our product development processes, we are committed to enhancing the security and resilience of our solutions.

Although the NIS2 Directive became effective in October 2024, several EU Member States have yet to transpose it into their national laws. As a result, there is still some uncertainty how the legislation will operate in practice in certain jurisdictions. We will continue to monitor developments, which will enable us to evolve our efforts and respond to any changes.

Our commitment to working towards NIS2 compliance reflects our dedication to providing secure and reliable services to our customers. We will continue to keep a close watch on regulatory developments and adapt our practices to ensure ongoing progress.

Get started with Miradore

Take control of your mobile devices today with Miradore’s MDM solution. You can get started for free and try out the Premium+ features with a 14-day free trial — or explore our Showroom with a virtual device fleet.

No credit card needed.

Get started now See plans & pricing