Last year it was reported that more than 160 million customer records were compromised, and that each breach had a cost/business impact of three million dollars. Plus, it’s estimated that on average there was a gap of 229 days between infiltration and detection. That’s more than seven months of undetected compromised information and data exfiltration.
As such, it’s no surprise that more and more organizations want to focus on identity and access management, but many question how. When we work with clients, we help answer this question by mapping out solutions to protect their assets, using a combination of people, process and technology.
When discussing options with our customers, we often begin with Microsoft’s Enterprise Mobility + Security Suite, which is core to protecting data wherever it might be. Working with a mixture of customers running large server-based environments to those who have moved entirely to the cloud, Microsoft has evolved, refined and in many ways defined IAM in what is a turbulent time for security. Because work isn’t where you go, but what you do, security needs to extend to any location and on any device: Microsoft’s EMS consists of a collection of technologies to make this happen.
To better understand the many facets of identity and access management, it’s important to take a deep dive into some of the technology that works to help organizations stay secure.
Azure Active Directory (Azure AD)
Azure Active Directory provides comprehensive cloud-based identity and access management capabilities for employees, partners and customers. It provides a combination of directory services, identity governance, application access management, and a standards-based platform for developers.
One of the real benefits of Azure AD is the ability to implement single sign-on across not only Azure and Office 365, but thousands of software-as-a-service applications like Salesforce, Dropbox, Google Apps, Concur and more. From an identity management capabilities perspective, Azure AD includes multi-factor authentication, device registration, self-service group management, self-service password management, role-based access control, application usage monitoring, rich auditing, and security monitoring and alerting.
For many organizations, the capabilities within Azure AD are a real eye opener. The capability of tying together a single user name and password across a multitude of SaaS applications without adding infrastructure not only streamlines IT processes, it secures cloud-based applications and mobile access to on-premises applications, cuts costs and keeps organizations compliant.
Another key benefit of Azure AD is the Identity Protection feature, which identifies risk event types using machine learning and heuristic rules. Identity Protection calculates user risk levels and then provides custom recommendations and highlights vulnerabilities to improve overall security. Some of the risk event types could include sign-ins from infected devices, sign-ins from IP addresses with suspicious activity, sign-ins from anonymous IP addresses, leaked credentials or impossible travel to atypical locations. For example, If an employee signs into your network from Philadelphia and again from San Francisco a few minutes later, it will immediately understand that something isn’t right and flag the anomaly. And because it’s constantly learning, it puts alerts into context and reduces false positives, which can distract administrators from legitimate alerts.
Azure Information Protection
As employees become more mobile, a company’s sensitive data becomes more mobile, too. Azure Rights Management, which works with Windows, iOS and Android, and is compatible with virtually any file type, encrypts files so users can share them safely via email or a cloud storage service. When a file is shared by email, only authorized users can open it, even if the document or email is forwarded to others.
To ensure your files are protected, Azure Rights Management lets you audit and monitor the usage of protected files, even after they leave your organization’s boundaries. This means you can identify when people open documents, whether people you didn’t specify attempted — and failed — to open a document you sent because it was forwarded or saved to an unprotected location, and whether anyone tried — and failed — to change or print the document.
Adding Azure Rights Management to your mix will provide a layer of protection to your data that will not only keep you compliant, but aware of how your information is being disseminated.
Microsoft Identity Manager (MIM)
In many organizations, administrators are bogged down with managing employee identities throughout their time within a company — new hires, departures, promotions, transfers, sabbaticals and any other shift that might occur during an employee’s tenure. Tracking and maintaining these identities, provisioning and deprovisioning access as necessary, and managing credentials like passwords or certificates manually is often fraught with complications, losing valuable time and potentially causing costly errors. Even when it goes smoothly, administrators are spending valuable time on housekeeping tasks versus bringing innovation to their own organizations.
Implementing Microsoft Identity Manager allows organizations to oversee identity lifecycle management by allowing administrators to create automated processes. Not only does this help keep employees compliant by increasing administrative security with policies, privileged access and roles, MIM helps thwart identity theft.
Microsoft Advanced Threat Analytics
It’s estimated that over 60 per cent of all network intrusions are traced back to credentials, which is an astonishing number when you consider that the estimated cost of cybercrime to the global economy is $500 billion. Keeping a firm grasp on your organization’s credentials and an eye on any aberrant behavior is mandatory in today’s high stakes environment. Microsoft Advanced Threat Analytics adds on a layer of analysis for abnormal behavior by leveraging machine learning. It detects malicious attacks almost instantly, and provides alerts for known security issues and risks.
This includes Cloud App Security, which helps companies take advantage of cloud applications with visibility into activity and control over what’s being used. It also helps protect the flow of data across cloud applications, and includes tools to assess risk, enforce policies, investigate activities and stop threats.
These solutions are really the tip of the iceberg. Organizations have the opportunity to dig very deep or start small and begin a modular approach when it comes to Identity and Access Management (IAM). Whatever the approach, there are certainly enough reasons to act quickly, and New Signature has the experience and the skills to help you navigate your way through the process.
This blog post is the third in our IAM series. In my next blog I’ll discuss some of the reasons to invest in IAM, and then provide a practical guide on how to get started.