Last week, I was invited at the Microsoft Campus in Redmond for the Security Airlift training. This conference was organized for a limited set of partners from all over the globe which are focusing on security. A lot of people might not know this, but Microsoft has become an important player on the security market. They invest over a billion dollar in security every year.
During the Keynote at the first day of the conference, Microsoft’s corporate Vice President Julia White set the scene by presenting the Microsoft vision on security. The 3 pillars in this vision are Protect, Detect and Respond.
Protect – Your Apps and data at the front door by managing access to devices and controlling the identity of your end users. Once the identity of one of your end users or administrators has been breached, hackers can get on to your environment and they will start making lateral movements in your infrastructure to gain access to your corporate business data and intellectual property. A guiding principle here is ‘Assume breach’. This means that your starting point is that ‘at a certain point in time you will be attacked’ or that ‘an attack has already happened without you knowing this’.
Detect – What is going on in your organization by proactively monitoring your users, their devices, the applications and which data they use. You need to understand how users are working together in which business scenarios and with whom they share data inside and outside your organization.
Respond – As an organization, you need to be able to respond to a cyber-attack or even better, prevent this from happening.
Another important value of the Microsoft security vision is the intelligent security graph. Due to the strong growth of public cloud services like Office 365, Azure and Hotmail over the past years, Microsoft has datacenters all over the world to host these services. These services are being used from devices from all over the world as well. This generates millions of signals which are being captured and monitored by Microsoft and analyzed with machine learning techniques so that Microsoft can identify suspicious activities and take proactive actions to avoid security incidents.
At SPIKES, we believe that in this era of digital transformation, security has become an important domain where every organization needs to pay attention to. In the past, security was not getting enough attention in the board room and was mainly technology driven. IT managers looked at security from an infrastructure point of view by implementing perimeter security with firewalls and DMZ. With the cloud, this physical boundary is gone and you need to do something else as an organization to protect your valuable assets. Identity has become the most important asset to protect and secure your business.
With our secure modern workplace, we have created a solution which allows our customers to enable business to become more productive – always with security in mind. Discover 3 key steps towards a successful implementation of security management…
Tom Van Oosterwyck
Step 1 – Situating Security in your Digital Workplace landscape
A digital workplace gives your employees the tools – often cloud-based technologies – they need to improve their communication, collaboration and connections with each other. BUT: introducing these new technologies to support the ‘new way of working’ (NWOW) cannot be done without a well thought-out governance model of security policies, rules and risk management.
One of the cornerstones of your digital workplace is to enable your people to ‘securely connect’ with technologies, services and applications. As an organization you need to help manage and protect users, devices, apps and data in a hybrid cloud world, and to mitigate the risks of losing corporate data and force compliance with the company standards.
Investigating and situating the security section is a mandatory step when you plan to migrate your mass volumes of content on local and shared drives, document databases, etc. to the appropriate cloud storage (e.g. Groups, OneDrive, SharePoint, …). With a security program you enable end users to securely consume, exchange and store data in the future.
Step 2 – Defining Security program
A well-balanced security program as part of your digital workplace includes 3 main security streams: identity driven, data driven or device driven security. Here we describe them more in detail.
Identity driven security
This is the core of security in the digital workplace. It enables you to be sure you can put trust in the individuals accessing your platforms, applications and data. WHY? Think about all the identity risks your company copes with, such as: ‘How to avoid that people (need to) manage multiple identities, which results into loss of control of who is doing what and where? Do I know the user, do I trust this person, does he work at a trustworthy location and using devices I trust? Am I still in control of the (many) administrators and administration rights at my organization? Etc’.
Based on the identity of the end user you can decide what a user can and cannot do and track what a user has done. Do this by means of:
- Identity synchronization: you want your end users to only remember one identity which can be used in several applications on the digital workplace. To achieve this, identities need to be synchronized across platforms.
- Authentication: synchronized identities are used to authenticate before access to applications or data is granted. Although a single password strategy preferably is enforced in the digital workplace, in some cases multi-factor authentication (MFA) may be required, providing the ability to introduce a second authentication step before granting access to the resources based on risks (high risk application or data) and end user information (location from where access happens, devices from which the access happens …).
- Privileged access & Identity management: you need to manage all the administrators at the organization by granting them the appropriate level of access at the time they really need it. By replacing permanent admin access by just-in-time admin access you ensure that stolen passwords do not automatically result into data leaks.
- Security monitoring: security administrators have access to the granular controls and policies they need to monitor access of people and apps, detect anomalies, react quickly to suspicious activity, manage risky behaviour and reduce the possibility of attacks.
Data driven security
Data driven security enables you to ensure that company-critical data is protected in line with the company data classification policies and cannot get lost or compromised. BECAUSE: in a digital workplace, end users no longer operate within their own perimeter. Data is traveling between users, devices, apps, and services more than ever before. Even simply identifying the data that needs protection can be a major challenge.
It’s all about protecting your company data in transit and at rest. To do this, you need to:
- Classify data: based on sensitivity and apply persistent data protection to your most critical assets. This is done based on source, context, and content at the time of creation or modification, either automatically or manually.
- Protect sensitive data: by encrypting it and only allowing authorized users access to the data. The protection is persistent to ensure data is protected at all times, regardless of where it’s stored or with whom it’s shared.
- Gain visibility and control over shared data: users can track activities on shared files and revoke access if they encounter unexpected activities. Monitoring solutions provides rich logs and reporting that can be leveraged for compliance and regulatory purposes.
Device driven security
Device driven security ensures you that company applications and data cannot be accessed from non-managed devices, or that company data gets stolen. BECAUSE: with the proliferation of mobile devices in the workplace, end users can work from just about anywhere. And with the increasing volume and diversity of both personal-owned and corporate-owned devices being used at organizations today, a growing challenge is arising for IT departments to keep corporate information secure.
Many pertinent questions still demand adequate answers:
- Are you able to provide for secure management of personal and corporate-owned devices across the most popular platforms (Windows, Android, IOS)?
- Can you restrict users from accessing corporate resources on an unenrolled or non-compliant device?
- Are you able to manage these devices by applying device settings that can enable remote actions such as passcode reset, device lock, data encryption, or full wipe of a lost or stolen device?
- Can you prevent leakage of company data by restricting actions such as copy, cut, paste, and save as between company-managed apps and personal apps?
- What about protection against threats to enter your organization via these devices?
Mobile application management (MAM) and mobile device management (MDM) solutions help minimize this complexity by offering management capabilities both on-premises and in the cloud.
Step 3 – Implementing security
Spikes can support your company in ‘becoming a security-aware organization’. With the implementation of a roadmap – based on industry best-practices – and a phased approach, we help you to migrate a multitude of on-premises and hosted content sources to the cloud. This is our approach:
We provide a live demonstration of all aspects related to security and enterprise mobility in the three security domains: identity, data and devices. This one-day session will give you all the insights you require and will bring a clear vision of the potential end-result and benefits for your organisation. The deliverable is knowledge of what the impact of security on your organisation and migration project can be.
This phase consists of three subphases: fact based data (assessment, detecting security patterns in your live data), usage scenario assessment (focusing on business value discovery and customer immersion) and a roadmap definition based on your business scenarios. The deliverable of this phase is a business case including ROI calculator and roadmap for implementation.
Here we usually have three subphases: solution design (including setup of the migration factory in case of data upload to the Cloud), execution of a pilot (based on specific business scenarios) and the full deployment project. The result is a secure digital workplace fully aligned with your company standards, enabling end-users to securely collaborate on content anytime, anyplace and anywhere.
Our security managed services are designed to serve as an extension to your current IT or security team. We will proactively report on the status of the security of your environment en will help you to get the maximum out of your security investment.
Discover how our phased approach can give incremental value to your organization too. Find out more and feel free to contact our experts!