Planning a successful move to identity-based security
The mainstream adoption of cloud technologies and continuing mobilisation of the workforce have created a pressing need to re-engineer our IT security. Complex technologies have bred complex vulnerabilities that can only be satisfied by using identity-based security to protect our organisations’ data and infrastructure.
Traditional IT security involved a degree of trust in our users, devices and applications, putting them in one place and surrounding them with numerous security measures. But applications are now available from many sources and increasing numbers of employees use personal mobile devices, email and cloud storage services to access sensitive corporate information and assets. Plus, not just employees but contractors and customers now have to be supported over the internet. All this creates the potential for any number of security holes that hackers are exploiting. In short, the traditional approach no longer works.
Security for a new world
Companies need to shift their focus from using firewalls and a strong corporate perimeter to using identity-based security to control access to their data and systems. Identity-based security is based on a zero trust model, i.e. there is no such thing as a trusted user, network or device—inside or outside the corporate perimeter—and every single action must be properly authenticated and authorised.
There are some alarming statistics that emphasise why zero trust is so necessary in today’s world. In 2017 the Annual Cybercrime Report from Cybersecurity Ventures predicted that the global cost of cybercrime would grow from $3 trillion in 2015 to $6 trillion in 2021. Furthermore, the 2017 Data Breach Study from Ponemon Institute and IBM found that the average size of global data breaches had increased by 1.8% to more than 24,000 records.
Quite simply zero trust is the best way to go if you want to stop breaches. Once you adopt such an approach, identity becomes the critical component of your security strategy. We’re not just talking about the identity of people. We’re talking about the identity of the devices they use and the identity of the networks, applications and systems they access.
How to make the shift
Azure Multi-Factor Authentication (MFA) is a scalable, easy to use, reliable identity-based security program that grants users access only after they have presented at least 2 pieces of evidence. This includes something only they know (knowledge), have (possession) and are (inherence). It helps safeguard access to data, systems and applications while keeping sign-in processes simple. A range of verification methods can be used, including text messages, phone calls and mobile app verification. Together with Azure Active Directory (AzureAD) self-service password reset (SSPR) letting users reset their passwords when and where they need to, Azure MFA provides a seamless solution allowing users to continue working wherever they are. SSPR can also vastly reduce the number of calls made to service desks.
Azure AD Privileged Identity Management (PIM) allows you to oversee what users are doing with their admin privileges, and mitigate the risk of excessive, unnecessary or misused access rights. It enables you to:
Identity-based security is essential as the technologies we use and the threats those
technologies face continue to evolve and advance. Making use of Azure AD Privileged
Identity Management and Azure MFA protect identity and access to your data and
systems while drastically reducing the risk of breaches.