IDENTITY AND SECURITY MANAGEMENT IN MICROSOFT WORLD
IT security is always in the news, sometime for good reasons and sometime for bad reasons so the question is how Microsoft technologies can detect the threats and prevent them on it infrastructures, digital assets and information systems?
Since last few months we can see another cycle of bad security news including the stolen emails, hacking of television network and tampering of health records. Plus some severe fallout was seen when the record £40K penalty handed over to TalkTalk for falling behind the strict security measures. It is important to mention here that policies existed to handle and counter all this kind of situations but these were not implemented properly or were ignored and if organisations want to avoid penalty and prevent reputation damage then policies must be implemented in rightful manner. Last but not least, it was onsite vigilance and largely good fortune which saved the television network as the new service was launched on the same day and the IT engineers were present. Those engineers were able to disconnect the compromised system which was used to begin the attack before the attack could be completed.
It is commonly known fact that good guys need to get 100% to win, while the attackers can lose 99% and still can achieve success with a single shot. This lead to the point that the attackers somehow have the upper hand and the people who is defending the system somehow destined to lose. Having said that, attacks on commercial organisations are increasingly motivated through commercial benefits. Therefore, to prevent and detect the attacks we must implement proactive tools.
Identity Management - Without a reliable and robust identity management platform, it is difficult to know the presence of intruder in the system and it is not clear “Who is doing what inside the network?”
Microsoft’s platform for Identity management offers both cloud and on-promises mechanisms, leveraging Azure Active Directory and MS Identity Manager respectively. In system where both these said mechanisms gelled together and work efficiently will stop having expired accounts that represent a major security threat. On top of that the combined play of both mechanisms will deliver timely new account creation so the productivity of the user can be enhanced from the start.
- Condition based Access: Limited or controlled access is pretty much the basic concept. The idea behind that the company knows who is trying to access the network. Identification process could be more powerful if the identity information piece contains some extra bit of information like device type, current location and device behaviour. After all the above mentioned factors access can be granted or denied based on real-time factors.
Azure AD condition based Access, implement this compound identity management to control access to Exchange and SharePoint online as well as any AAD-integrated application. In recent days, joint venture between Microsoft and Ping identity allows the cloud-derived compound identity to be used with Ping Identity on sites, so that the publication of on-site web apps and APIs can also be controlled in the same way.
Companies generally keep detailed inventory of their hardware and staff. This information comes in to play when compound identity in discussion. Trust on “Staff” and “Hardware” helps companies to protect from intruders and attackers. Many organisation, however, don’t have any idea about the level of information they got. They knows the classifications like customer data, accounts, blueprints, project information and marketing information but they often don’t keep track of individual documents. This can lead to the problem that happened recently with Snowden at Booz Allen Hamilton who got caught and these attackers from inside organisation. Now the question is how it was done? It was very simple as attackers were able to copy the documents from central storage server. If the affected company knows that this can happen then could have protected the document at least by encrypting it. Encrypting will make it difficult to use the documents even after they access it initially and stop them to decrypt it.
This kind of protection mechanisms from inside threats is the main goal of MS’s Information Protection functionality.
- Azure Information Protection:
Those organisations that still did not shape their information will often start by setting up classification process involving content policies like Internal only, Confidential and Public access. Each of the mentioned policy would apply to the informational document that lead to the build of inventory.
Microsoft’s investment in Secure Islands delivers the great tools for the organisations to classify their information base, which put minimum load on users while delivering maximum flexibility. These tools are fully incorporated into the Azure Information Protection. Classification FAQ can be access via - -
Encryption of the document is the major process in the protection of information as per classification of the content. Controlled access through encryption keys for each authorize recipient create good level of protection of organizational documents. Encryption keys can be received after necessary authentication. Smooth and timely distribution of the encryption keys to the intended recipients is nicely performed by the Azure IP services in the cloud.
It is pertinent to mention here that the cloud component is the only requirement to distribute the keys and content itself does not have to be in the cloud to get the protection under Azure IP. Modified or manually generated keys (Normally known as BYOK – Bring Your Own Key) can be uploaded in to the Azure cloud to cater the special needs of the documentation based on organizational requirements. In serious cases key generation can be maintain in organization’s private network and that technique called HYOK – Hold Your Own Keys. BYOK and HYOK can be used together to deliver better results.
More information about Azure IP can be accessed via https://docs.microsoft.com/en-us/information-protection/.
Different approaches are used by the organizations to protect the sensitive data from the internal and external attacks. A combination of technologies and approaches makes the attack more difficult to happen and even it happens it is worth less.
|Who We Are|
|What Drives Us|