Exploring Microsoft’s four key security tenets with UNIFY
Working across multiple organisations and a variety of industry verticals - including the financial sector, education, health and government – UNIFY has a clear and proven approach to Security and in particular how it relates to Identity, Access, Governance and Privacy. This comes down to focusing on fundamental aspects of an organisation to consider all facets of its operation, and how best we can mitigate and protect against threats at every level.
UNIFY, in addition to being the leading Identity and Access Management organisation is also the number one Go-To Partner for Security Solutions from both a technology and management perspective.
As UNIFY Practice Lead, I manage the Security Practice for the Group and provide thought leadership, advisory, strategy and governance around Security, Identity and Access Management, Cybersecurity Assessments and Risk Management for our customers. As a passionate Security practitioner, my constant endeavor is to build a security ecosystem through trusted partnership with our customers and partners.
UNIFY and Microsoft: proud partners
At present, my team is continually working on improving and enhancing our Microsoft Security solutions offerings and our MSSP (Managed Security Service Provider) service catalogue against the ever-evolving threat landscape while delivering our ongoing assignments.
We consider Microsoft an especially valuable partner due to their holistic approach to technology. Their enterprise class technology suite consists of many applications, services and solutions which are bringing significant value to customers. It offers impressive end-to-end protection to secure identities, data and applications whether on-premises, in the cloud, or via mobile devices.
We’re currently running security workshops to showcase the Microsoft Security stack, as well as running assessments on organisations to provide their team a better idea of how best to leverage their investment in Microsoft’s Security portfolio. A good place to start for any organisation is with the four tenets: Identity and Access Management, Threat Protection, Information Protection and Security Management.
Identity and Access Management: the foundation of the technology stack
Today, when it comes to business, everything is more fluid. Employees work from their own laptops and mobile phones; they may be working from home; and they may be collaborating with their team via multiple devices or channels. Regardless of their location, the common piece, the ‘golden thread’ tying all of these different endpoints and actions together, is that in order to gain access to the corporate network, employees have to authenticate and authorise. Access credentials in the form of email and passwords are the two most compromised data types; that is why Identity and Access Management is the control plane of security.
Effectively, this tenet is a combination of technical systems, policies and processes that allow us to create, define and govern the utilisation and safeguarding of identities for the organisation. There is an art to providing strong access protection while also making things easier for the user.
The approach here is threefold:
- Provide secure authentication – and we believe in a password-less approach;
- Enabling conditional access to achieve zero trust; and
- Identity protection – safeguarding those identities under all possible circumstances.
A fundamental component of Identity and Access Management is Identity Lifecycle. This refers to securing an identity from the moment someone is hired until the moment they leave the company.
When this is done well, the new hire is given the resources they need to do their job from day one, without onboarding taking the usual days to weeks, and as the person leaves the company, they are no longer able to access internal systems or information. We achieve this by creating business rules around various tasks and access points, and automating repetitive tasks where possible.
The other crucial element of this tenet is managing the authentication and authorisation of those identities to resources, which means making sure right employees have the right access to the right resources at the right time.
Threat Protection: understanding attack vectors
Threat Protection is a wide area that covers many elements. To gain a deeper understanding of our customers, we will often begin with some simple questions such as: How do you detect suspicious activities within the network? How do you know if any of your credentials have been compromised? How can you quickly remediate any of those threats, whether they’re on-premises, in the cloud, or in an email format?
Today’s digital world makes threat protection complicated and challenging, however the Microsoft platform has done a fantastic job of correlating information and providing intelligence to users.
Let’s take digital estates, for example. Not too long ago we had firewalls, perimeter networks, bastion hosts and more. Today we have employees using different devices and services such as remote VPNs, mobile devices, tablets, etc., and IT organisations now find themselves responsible for protecting a set of technologies they may not even own. Somehow, we must find a way to correlate and link each employee to their activities in order to better understand the attack vectors that might exist, as any one of these points can be a point of vulnerability to the company’s digital estate
With Microsoft’s Security suite, if a user logs in from New Zealand and two minutes later the same user appears to log on from Australia, this is flagged as an impossible travel scenario. Now it can be detected as being an attack or a false positive (as they may be using a VPN) and will be followed by the appropriate response. Users can automate this action or raise a flag to manually trigger a response. Microsoft provides various tools and Advanced Threat Protection solutions such as this across the layers of its platform. Following the principle of zero trust, we advise the use of least privilege access, verify explicitly and assume breach.
Information Protection: defining and protecting data
Information protection can help organisations to know their data better and to protect and govern data throughout its lifecycle. It also assists with compliance management by simplifying risk assessment and mitigation in a more automated manner, providing visibility and insights to help meet compliance requirements.
We approach Information Protection with a few key steps. The first step is to effectively discover sensitive data within the organisation. This can take days to weeks depending on the volume and culminates in reports that state what data the company holds and where it’s located. Types of data may include various personal identifiable information (PII), credit card information, policy numbers, health numbers, medical records or banking information.
Once we’ve identified the different types of data, we classify and label it. Essentially, we classify and label data types in relevant categories based on distinct rules. For instance, a document containing credit card information may be labelled as a confidential document.
From here, we can protect and control sharing of this data. Using the example of the confidential document, we may create a rule around this which ensures the document is encrypted and only the finance department has access. Another rule could be to have an expiry date on certain documents, so after a certain time period they can’t be accessed anymore. What rule we apply to protect data is aligned to the organisations Governance, Risk and Compliance (GRC) framework.
Another related element of information protection is Data Loss Prevention (DLP). An obvious example of DLP is an employee sending an email to someone outside of the organisation, resulting in confidential information being leaked to the public. Applying DLP policies to a document or email prevents this.
The final element is monitoring and remediation. We see what’s happening to the sensitive data and gain more control over it. We therefore can govern the data by automatically retaining, deleting and storing data and records in a compliant manner. The speed of this remediation and recovery is key to limit the impact on the organisation.
Security Management: maintaining and improving security posture
When it comes to management, we start by asking our customers key questions to gauge where improvements can be made. Questions we ask include: How do you manage your security and your digital estate in real time? How easy these are to configure and manage the security posture across your organisation? How do you proactively improve the security practices over time?
An effective security management solution should provide 3 key tenets:
- Full visibility that will help understand the security state and risks across the organisation;
- Leverage built-in and custom controls to define consistent security policies; and
- Provide effective guidance to elevate an organisations security.
The overall aim, with management and with every element of our security approach, is to strengthen the security posture with insights, guidance and effective solutions for the whole organisation.
The digital estate, along with cyberthreats, will continue to grow and expand. Organisations therefore need a resilient and ever evolving ability to protect, detect, respond and recover from these threats and attacks. Microsoft 365 offers tight integration, intuitive user experiences and is supported by a strong Microsoft Cloud roadmap and commitment to security.
As a Microsoft Global Top 10 Azure Partner, UNIFY Solutions partners with organisations in their cyber transformation journey by enabling them to protect identities, data, application and devices - end to end across on-premises, cloud and mobile platforms, thus enhancing resilience, defence and security posture of their ever-expanding digital estate.
If you’d like to know more or to talk to us about any aspect of our Security offerings, fill out the form below.