What is Identity-Driven Security?

In the modern world of cloud and devices, there are few things that we can control to keep the bad guys out. We can no longer rely on a physical perimeter, but we can put controls around identity information. That’s why identity-driven security is so vital. Identity should be at the heart of safeguarding users, devices, apps and data.

Any organization adopting an identity-driven approach to their security must ask:

  • Users – Who is the user? What access should they have?
  • Devices – Personal or Corporate? Location? Device Type?
  • Apps – Who should have access? What should they have access to?
  • Data – What kind of data? Who should have access?

Organizations have many different scenarios to manage, all of which have their unique security risks. For example:

  • Users who are consuming corporate data on personal devices.
  • Individual users or whole departments who are consuming cloud services that are not under the control of an organization’s IT department (“Shadow IT”).
  • Organizations adopting multiple cloud services.
  • Users and organizations sharing data with customers and other business partners

Corporate applications and data now live both “inside” and “outside’ the organization – so the traditional security approach of “perimeter thinking” is not adequate. Find out more about “perimeter thinking” and why it’s now outdated.

Microsoft has built identity-driven security into their products, for example:

  • Identity data synchronized across on-premises and cloud systems, to provide reliable Single Sign-On (SSO).
  • Authentication and access based on data about the identity concerned, and real-time risks assessment – immediate remediation steps include forcing a password reset, stepping into Multi-Factor Authentication (MFA), or blocking.
  • MFA applied to key users, and Privileged Identity Management (PIM) to ensure that privileged access is only available when needed.
  • Security, access, and usage reporting; identification of anomalies and policy violations.
  • The ability to protect key cloud apps in a granular manner, through assessment of risk and behavioral analytics.
  • Mobile Device Management (MDM), and Mobile Application Management with device enrollment (MAM) – including policy enforcement and selective wipe of corporate data.
  • Classification and encryption of documents so that they can be shared safely (with known identities), and tracked, inside and outside the organization.
  • Proactive detection and remediation of threats.

_____________________________________________________________________

Further Support

Read more about identity-driven security.

Oxford Computer Group can help you put identity-driven security at the heart of your organization.