Confirming identity... Stand by Stand by IDENTITY CONFIRMED

Identity is the New Security Plane

With COVID-19, user identity has become the new focal security threat plane. What is even more concerning is that once an identity is compromised it takes an average of 146 days to detect an attacker within a network and that over 81% of network intrusions are due to compromised user credentials . Every organisation has now either moved to full or partial remote working for all its employees. There has been an exponential increase in “bad actors’ and hackers who are now taking advantage of what can be a significant decrease in our security posture, now that large numbers of users are remote working.  The greatest threat is that the perimeter has now moved to the end user’s; identity, devices, their home networks and home offices as opposed to the comparative safety of the corporate network. Many of you have already    deployed VPN solutions to encrypt and secure access to corporate data. This is a great start but is vastly insufficient.   It is critical for IT to maintain a fine balance between enabling the business to continue to operate, while also maintaining compliance and security.   Cloud Solutions Group delivers the following 7 security solutions to help organisations protect, automate and enhance their security posture. We are offering a free 2 hour Identity focussed security workshop to the first 5 clients that contact us.

With Users’ identities now being the new security threat plane, MFA is critical. Especially now that many organisations have enabled Single Sign On to all their applications. MFA will act as an additional layer of security on top of your remote employees’ accounts and passwords. You can utilise policies to prompt users to authenticate by SMS, phone or by asking additional security questions. This can all be automated. MFA comes with the free version of Azure AD and with Office365 subscriptions, Google has a similar offering at the moment.

The limitation of the free version of MFA from Microsoft is that it enforces a second authentication at every login which is very frustrating for users. This is why adding Conditional Access is important.

A logical add on to MFA is Conditional Access where you enable zero trust with enforcement and automation of access policies. Conditional Access policies are simply a set of policies that become automated workflow rules that determine if and when a user can have access to a particular application, datasets, devices or files. 

Typical criteria are:

a. The user’s location– if a user is suddenly logging in from Bulgaria when they work in Melbourne, they can be prompted for a multi factor login or just be blocked, or have read only access etc.

b. The device they’re logging in from– does it meet the minimum patching and OS requirements of your organisation? You can either block or enforce another level of authentication.

c. What User or Group Membership they are part of- determines what applications and data they have access to.

Whether they are:

· internal or external to your organisation, 

· are sent by email, 

· on premises or in cloud platforms.

Having a powerful and more importantly easy to use and enforce, document protection solution is critical to your data security.

This is especially when users work remotely for prolonged periods of time. The temptation to export confidential files to USB, email to personal accounts or share and store on non-corporate Cloud solutions is very strong. There are some excellent solutions that allow you to tag data, using easy to create policies and templates and enforce data security policies on your data, either when it is being emailed out of your organisation, exported to USB or shared on a Cloud Platform. 

Relevant solutions like Azure Information Protection that enforce these policies to ensure that only specific people can have access to your data and determine what they can do with it. 

Up to 80% of employees use non sanctioned applications. Now that employees are accessing resources and apps from outside your corporate network it’s no longer sufficient to have rules and policies on your firewalls. Shadow IT or as some users call it “getting stuff done” can be particularly pervasive in times of change. IT will only find out later on when something inevitably goes wrong. The solution to this is to use a Cloud Application Security Broker or CASB such as Microsoft’s Cloud Application Security solution (MCAS). MCAS will:

a. Discover- it will show you what Cloud Apps your staff are accessing.

b. Assess- determine the app’s compliance against agreed upon risk factors.

c. Control- allow you to non-intrusively control access to these applications and overlay policies across data and files.

Secure SSO is a key enabler for remote working. Having to sign in every time you log in to an application is a great way to frustrate users. There are many great secure SSO and password management solutions. Azure Active Directory is an excellent one and SSO for 10 applications is part of the free version of Azure AD. It scales to 1000’s of applications in Azure AD premium 1 or P2. A critical part of this is enforcing strong password policies and regular password changes.

There are many solutions that will enable you to facilitate BYOD, which are especially useful in times like these as many employees will be logging in from their own devices. MDM -which most of you already have- will only enable you to enforce limited device level policies. What is more important is being able to allow users to access applications and data from their own devices, while you quarantine (excuse the pun) corporate data and applications. User’s personal data and applications are completely separate from a security perspective and you can block data transfer and visibility between them. Virtual Desktops are another popular enabler of BYOD. New cloud-based solutions like Microsoft Intune for Hybrid Device Management and Azure Virtual Desktops are easy to deploy and activate.

Automated solutions like Azure Advanced Threat Analytics with Advanced Threat protection and Darktrace are critical in a time when hackers are also using the power of the cloud and AI to hack users identities. these solutions learn your Users “normal” behaviour and then can identify and advise IT based on policies (that you set) when malicious activity is occurring. This can be things like logins from unlikely locations (where travel time would be longer than the location of the last log in), known “bad” IP addresses”, legacy browsers and many others. These integrate with Conditional Access and MFA to ensure you can protect you organisation and can enforce a password reset or a second form of authentication. 

For Microsoft shops all these solutions complement and integrate nicely with each other. For example, Single Sign On, Multi-Factor Authentication with Conditional Access and the Cloud Application Security, all can be either deployed as stand-alone solutions and when deployed together, integrate and add value to each other.  Many of these security solutions are bundled in Office365 E3 and E5 packages and all of them are in the Enterprise Mobility and Security Suite. Microsoft is rebranding Office365 for Business to Microsoft365 for business for organisations with less than 300 users on April 21. This means that if you own Office365 for Business you will already own 90% of the above solutions.