This year a new ‘norm’ of working at home has complicated life for many of the organizations. At this time many companies are at the phase of recovering efficient control and prevention methods from phishing, identity breaches, password spray and other attacks connected to identity and access management are still actual.
HelpNetSecurity says, whether mandatory or not, remote work can pose unwanted security concerns for an organization, so it’s important to know how to be equipped to mitigate risk appropriately.
Remote work typically results in personal devices being used for work related activities or work devices being leveraged for personal use – where both are being run on substantially less secure networks. Home routers have a notable history with security issues and unsuspecting Wi-Fi hacks can be another potential concern. Social engineering tactics are even more effective on a distracted and vulnerable workforce.
IDC underlines that time is now appropriate to reconsidering the approach to employees, authentication and remote access as the COVID-19 WFH mass migration has made us aware that our approaches to remote access were considered in a different reality.
It’s important to evaluate what gaps may exist that didn’t before and re-establish confidence where needed in effort to reinstate a strong and trusted security infrastructure that can support a remote workforce.
World Economic Forum recently published 5 principles for effective cybersecurity leadership in a post-COVID world where it underlines the importance of changes and actions which would ensure effective business continuity in the "new normal." You can see that by World Economic Forum Cyberattacks and data fraud rank third among the greatest COVID-related business concerns.
Here are few options how to minimize risk with strong authentication and what technologies can be designed and deployed to solve the problem.
Option 1. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:
·External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
·Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. For more information about creating a tenant for your organization, see Quickstart: Create a new tenant in Azure Active Directory.
Azure AD offers many features and provides many layers of security for your Identities, navigating which feature is relevant can sometimes be overwhelming. Many organizations are already in the cloud or moving quickly to the cloud, this document is intended to allow you to deploy services quickly, with securing your identities as the primary consideration.
With Azure AD (different plans are available) you can
Disable anonymous access
Require authentication, including single sign-on and Multi Factor Authentication
Provide self-service password reset for your on-premises users
Provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed
Monitor, analyze sign-in logs, suspicious sign-in logs, Users fagged for risk
Review Azure Active Directory Checklist for Remote Workers which will help IT team to establish safe and secured identity infrastructure enabling users to work remotely.
Option 2. Networking
VPN is trusted, reliable and establishes technology. With an increase in remote workers, comes an increase in the number of people utilizing a VPN to securely access the corporate network. Supporting a rapid influx of VPN traffic loads has been a primary concern for many organizations, but securing these solutions is just as important. Enabling MFA for VPN login is crucial to help prevent hackers from gaining access to depths of a corporate network.
Also learn Azure Network Security Best Practices covering the issues on
Use of strong network controls
Adopt a Zero Trust approach
Build secured network subnets
Secure of critical services and many more
Option 3. Monitoring
Consider use Azure Security Center to quickly strengthen your security posture and protect against threats. You can quickly assess your security posture with Secure Score. This feature provides recommendations with numeric values to help you prioritize your responses. It works for cloud, hybrid, on-premise infrastructures and workloads.
Option 4. Make 1-week Cybersecurity Assessment
Assessment allows to get full insight into the current status of your security based on reliable facts scanned directly from your IT infrastructure and prepare action plan on security improvements. Cloud Services together with our partner QS Solutions provide such an assessment for various clients and industries.
Useful links:
Authentication - Manage Azure Active Directory self-service password reset, Multi-Factor Authentication, custom banned password list, and smart lockout. For more information, see Azure AD Authentication documentation.
Conditional Access - Manage access to your cloud apps. For more information, see Azure AD Conditional Access documentation.
Device Management - Manage how your cloud or on-premises devices access your corporate data. For more information, see Azure AD Device Management documentation.
Hybrid Identity - Use Azure Active Directory Connect and Connect Health to provide a single user identity for authentication and authorization to all resources, regardless of location (cloud or on-premises). For more information, see Hybrid identity documentation.
Active Directory reports and monitoring - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/
· You can also use the various Microsoft Cloud for Enterprise Architects Series posters to better understand the core identity services in Azure, Azure AD, and Office 365.
Comments