In the modern world of cloud and devices, there are few things that we can control to keep the bad guys out. We can no longer rely on a physical perimeter, but we can put controls around identity information. That’s why identity-driven security is so vital. Identity should be at the heart of safeguarding users, devices, apps and data.
Any organization adopting an identity-driven approach to their security, must ask:
- Users – Who is the user? What access should they have?
- Devices – Personal or Corporate? Location? Device Type?
- Apps – Who should have access? What should they have access too?
- Data – What kind of data? Who should have access?
Organizations have many different scenarios to manage, all of which have their own unique security risks, for example:
- Users consuming corporate data on personal devices
- Individual users or whole departments consuming cloud services that are not under the control of an organizations IT department (“Shadow IT”)
- Organizations adopting multiple cloud services
- Users and organizations sharing data with customers and other business partners
Corporate applications and data now live both “inside” and “outside’ the organization – so the traditional security approach of “perimeter thinking” is not adequate. Find out more about “perimeter thinking” and why it’s now a thing of the past.
Microsoft has built identity-driven security into their products, for example:
- Identity data synchronized across on-premises and cloud systems, to provide reliable Single Sign-On (SSO)
- Authentication and access based on data about the identity concerned, and real time risks assessment – immediate remediation steps include forcing a password reset, stepping to Multi-Factor Authentication (MFA), or blocking
- MFA applied to key users, and Privileged Identity Management (PIM) to ensure that privileged access is only available when needed
- Security, access and usage reporting; identification of anomalies and policy violations
- The ability to protect key cloud apps in a granular manner, through assessment of risk and behavioral Analytics
- Mobile Device Management (MDM), and Mobile Application Management with device enrollment (MAM) – including policy enforcement and selective wipe of corporate data
- Classification and encryption of documents so that they can be shared safely (with known identities), and tracked, inside and outside the organization
- Proactive detection and remediation of threats
Further reading and resources