The Escalation of Data and Identity Security
by George Phipps – VP Strategic Services | NetWize
The role that data and identity security has taken over the past few years has been escalated due to the increased complexity of device and identity threats forcing companies to evaluate and monetize risk. Firewalls and sophisticated Anti-Virus services helped in determining the best course of action for identifying and remediating threats, and once remediated and policies were put in place, businesses usually never needed to worry about them again. Attacks to vulnerabilities within your network will continue to threaten an organization, but the most serious threat that plagues us are those that attack end user behavior and personal vulnerabilities. NetWize has dedicated itself to building a platform that identifies the risks to an organization, builds or supports the policies that determine user access to resources and maintains a process to proactively protect against those threats.
Though we cannot accurately predict cybersecurity threats, what we do know is the threat landscape has widened to include user identities, user behavior monitoring and attacks, and IoT sprawl. Personal devices (i.e.: cell phones) accessing corporate and personal data have created a threat profile never before imagined.
Since network perimeters have become increasingly porous and that perimeter defense cannot be as effective as they once were prior to the explosion of BYOD devices and cloud applications, NetWize recommends the following best practices:
Treat Identity as the Primary Security Perimeter
Centralize identity management
- Use Azure AD to synchronize your on-prem and cloud identities
Enable Single Sign On (SSO)
- Users don’t have to remember multiple user names and passwords and access to company resources and applications are determined by the group they belong to and their status as an employee
Turn on conditional access
- Manage and control access to company resources based on groups, location and sensitivity of the application
Enable password management
- Empower users by setting up self-service password resets and monitor how it is being used
- Additionally, password complexity should be at least 16 characters with a goal to move to passphrases that only the user would know
Enforce Multi-Factor Authentication (MFA)
- Set up a two-step verification process that ties the ability to access a company resource to an approval a user receives through, for example, an app on their phone (Google Authenticator or Microsoft Authenticator)
- Without MFA turned on, users are more susceptible to threats that lead to data compromises
Actively monitor for suspicious activities
- Engage with a MSP or have an active monitoring system that notifies you of risks and can adjust risk levels (high, medium, or low) to your business requirements
For a specific NetWize policy encompassing protection from Phishing, please review the following whitepaper written by one of our engineers. If you would like to learn more about our security and compliance services or our other services, please reach out to me and I can coordinate the appropriate resource for your interest.