Authors: Will Udovich and Steve Andrews
You’ve likely heard a lot about security in the last six months. Between crypto-ransomware and security breaches at some of the world’s largest companies, it seems that the security practices that have kept us safe for years no longer are doing the trick… but why?
Let me take you on a brief journey. It’s a journey through information security thought, shifting paradigms, and new realities, all of which lead to the ultimate conclusion that what you’ve done in the past is no match for the security threats of the future.
The way it was - ‘Traditional’ security mindset/methodology
Back in the day, we were all commuters. From the house to the car to the office, we’d sit down, log onto our machines and work the day away. All of our devices and work resided on a corporate network that was securely separated from the web and outside traffic with firewalls. While some may be nostalgic for a workday that ended at 5PM, we probably haven’t seen a computing environment like this in many years. Only in the most risk-averse environments, like Government Security or ultra-secure Finance environments, does such a rigid perimeter wall still exist.
Holes in the wall - The ‘transitional’ period in information security
As technology progressed and employees clamored for more flexibility, Virtual Private Network (VPN) connections were made available which allowed corporate resources to be accessed outside the company’s physical walls. While this technology let employees access resources off site, the perimeter firewall was merely extended via these VPN connections, requiring only a minor shift in security thought to securing corporate computing environments. Remote users, no matter where they were, were still managed as corporate resources and systems like Network Access Control (NAC) systems became common as the ‘perimeter’ was only as secure as the least secure device on the VPN. Such systems are still widely used today.
The way forward - The new security focus on identity
With the shift towards cloud computing in today’s technology environment, corporate resources are no longer solely within the physical walls of the locations, or even within a corporately controlled network. Remote workers no longer expected to be tied to VPN connectivity and expect access to corporate resources no matter where they are in the world, or what connection they are on. In fact, no matter what your physical location, workers in the office and outside of the office walls (probably on a beach somewhere) are connecting to the same services, without VPN access.
Since these services are no longer just within company walls, the concept of a secure perimeter is no longer an effective way to manage corporate security. There is no true ‘wall’ to secure when your corporate resources exist in services such as Microsoft Azure, SalesForce, and Dropbox - all of these are 3rd party services whose servers reside in the cloud and whose networks or data you, as a corporate consumer, have no control over. Firewalls on your network can no longer be the sole source of protection from a security standpoint. Security now has to focus on validating that an employee, wherever they are, is who they say they are and is on a reasonably secured endpoint, before allowing them access to services. Enter - the identity!
Before we dive any deeper, let’s make sure we’re on the same page. ‘Identity,’ at least in the context of computing and information security, can be described as ‘a virtual object or set of attributes that can be defined as representative of a physical or virtual person.’ This is probably second nature at this point - your personal email account would be one type of identity, and your corporate email account would be another, separate identity, which grants access to different resources. You may have even heard of things like:
- Identity unification: Single Sign On (SSO) or Federation
- Multi-Factor Authentication: Two factor authentication to prove someone logging in is who they say they are
- Provisioning and Deprovisioning Workflows: Technical workflows that ensure corporate identities have the access they need from day one and that access is revoked when an identity is decommissioned (or offboarded)
The point is, identity and the secure management of it is now our last hope at securing corporate resources. A compromised identity can wreak nearly the same havoc from a Starbucks in Kuala Lumpur, as it can from a workstation used by your CFO.
Tools for securing the new technology landscape
While any network security admin reading this may be shaking in their boots, protecting computing environments in this new era of cloud computing need not be complicated. Just because the perimeter is ‘dead’ doesn’t mean that traditional security thought is now totally defunct. It just means that new concepts must be applied to the old, in a layered approach, to achieve the most complete security possible.
Before you run to your datacenter and throw out any equipment remember, firewall security is still important. Ensuring that illegitimate requests to corporate resources are denied is just as important now as it was years ago. The only difference now is that with firewalls in place, the identity can now become the focus.
- How many accounts do users have?
- Can we unify them into a single account?
- How strong are user passwords?
- Are users trained to know what is a legitimate website to enter their credentials into vs what is a ‘phishing’ scam?
If you’re using Microsoft tools at your organization, and my hunch is that most of our readers are, know that Microsoft has numerous tools to help you solve pieces of this identity-security puzzle.
- Need to unify and federate identities across corporate and cloud resources?
- MIM and Azure AD Premium can help!
- Need to monitor logins for potential hacking attempts or compromised credentials?
- OMS Log Analytics and Advanced Threat Analytics can help!
- Even better, did you know that Microsoft uses analytics across all of its login services to identify compromised credentials faster than competitors? They have an entire team that buys compromised data on the Dark Web and checks to see if any of your identities show up where they shouldn’t.
- Worried about users having credentials compromised by having their endpoints (PC, Mobile, etc.) compromised?
- Microsoft Intune and SCCM can help!
If you’re not using any of the products above, you might be missing out! These toolsets integrate into your existing environment, and many are included with the Microsoft licenses you likely already own. Services mentioned above take only a bit of time to setup and configure, and can save months of time in prevented security breach remediation.
If you’re curious about what these new toolsets can do for you, or about how your team can enhance their security posture for the new computing landscape, reach out! We’d love to help bring your team into the next generation of identity management and security.