October 17, 2017

Microsoft Security Forum: Security in a Cloud-First, Mobile First World

Whether it was the convenience of accessing documents through any internet connection, easing the budgetary pressure of maintaining a private server or appreciating new technology, I was an early-adopter of Microsoft's cloud computing platform that debuted over ten years ago. As mobile applications have evolved and become readily available, I find myself using a smartphone to access my documents stored in the cloud more frequently. While conveniently accessing documents stored or apps hosted in the cloud is important, keeping the information secure is always paramount. Therefore, I did not hesitate to register for a mobile security forum, "Security in a Cloud-First, Mobile First World," Microsoft hosted on Oct. 10, 2017 in Bellevue, Wash.

Security for Your Digital Transformation

In his presentation, "Security for your digital transformation," Javier Dominguez, a Technical Solutions Professional at Microsoft, highlighted the four-step process Microsoft utilizes to secure its cloud computing platform: (1) identity and access management (protect users' identities & control access to valuable resources based on user risk level), (2) threat protection (protect against advanced threats and recover quickly when attacked), (3) information protection (ensure documents and emails are seen only by authorized people), and (4) security management (gain visibility and control over security tools).

He also noted that two billion records were compromised in 2016, which led to an average cost to a business of $15 million per breach (not including the reputation impact a business may experience when its data is compromised).

Identity & Access Management

Speaking during the second session, "Identity & Access Management," Mr. Dominguez said 81 percent of breaches are caused by credential theft, 73 percent of passwords are duplicates, and 80 percent of employees use non-approved apps. In securing its cloud platform, Microsoft asks the following questions about access control:
  • Who is accessing? What is their role? Is the account compromised?
  • Where is the user based? From where is the user signing in? Is the IP anonymous?
  • Which app is being accessed? What is the business impact?
  • Is the device healthy? Is it managed? Has it been in a botnet?
  • What data is being accessed? Is it classified? Is it allowed off premises?
Mr. Dominguez also highlighted a new service called Windows Hello for Business, which replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. In addition, Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.

Protecting Against Modern Attacks

Speaking on protecting against modern attacksKen Malcolmson, an Executive Security Advisor at Microsoft, emphasized to the audience that cyber threats are a material risk to their business. He noted how Microsoft is detecting malicious activity in organization including (1) detecting compromised user credentials, (2) detecting malicious apps and data, (3) detecting advanced threats and abnormal behavior, and (4) detecting advance threats to hybrid workloads.

The objective with implementing multiple detecting mechanisms, Mr. Malcolmson said, is to "raise the cost of attack." In other words, increasing the time and financial resources required to compromise a cloud system will diminish a hacker's incentive.

Mr. Malcolmson then outlined five methods for responding to threats quickly:
  1. Respond to Compromised Identities. Get recommendations and remediation actions in case of a suspicious activity on-premises or in the cloud; review next steps on a simple, actionable attack timeline; and identify threats before the attackers access critical data and resources.
  2. Respond to Malicious Email Files. Remove emails found to be malicious after they land in user inbox; intelligent filters which update based on evolving cyber threat landscape; and ability to remediate for real-time malicious emails.
  3. Respond to Compromised Data. Identify high-risk and anomalous usage in cross cloud apps - including Office 365 and get recommendations and remediation actions for next steps.
  4. Respond to Compromised Devices. Remediate potential threats and prevent reoccurrence using built in technologies; receive mitigation guidance for remediation for threats and future risks; and assess organizational security score including trends over time.
  5. Respond to Compromised Workloads Across Hybrid Infrastructure. Prioritized security alerts that help you respond quickly with azure security center; recommendations to mitigate threats and vulnerabilities; and threat intelligence reports for deeper insights into attack.
Information Protection

Mr. Dominguez then made a presentation on protecting and managing your data throughout its lifecycle noting that the "new world of work is driving change." Elaborating on this point, he provided some statistical data:
  • 41 percent of of employees say mobile business apps change how they work;
  • 85 percent of enterprise organizations keep sensitive information in the cloud;
  • 88 percent of organizations no longer have confidence to detect and prevent loss of sensitive data; and
  • 58 percent have accidentally sent sensitive information to the wrong person.
Mr. Dominguez discussed the lifecycle of a sensitive data including how data is created, imported, and modified across various locations:
  • Data is detected across devices, cloud services, on-premises environments;
  • Sensitive data is classified and labeled based on sensitivity, used for either protection policies or retention policies;
  • Data is protected based on policy. Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP (data loss prevention) action such as blocking sharing;
  • Data travels across various locations, shared protection is persistent, travels with the data;
  • Data is monitored. Reporting on data sharing, usage, potential abuse; take action and remediate; and
  • Retain, expire, delete data via data governance policies.
Microsoft Security Management

Making the forum's final presentation, Mr. Dominguez noted the different ways chief information security officers can secure their company's data including:
  • Use Azure Active Directory to secure identities in your environment;
  • Enable threat management for your devices through Windows Defender Security Center;
  • Manage and control apps and data for your SaaS apps with Office 365 Security and Compliance Center as well as Microsoft Cloud App Security; and
  • Consolidate security management for your infrastructure in cloud and on-premises with Azure Security Center.
I found value in the information presented during the security forum. As a customer of Microsoft's cloud computing platform, I appreciated getting a better understanding on how the company is protecting their customer's data against unauthorized access, detect attacks and breaches, and help with responding and adapting to prevent it from happening again.

While I am not a IT director/manager or security officer, per se, as an active user of cloud computing platforms for personal and business purposes, I understand the importance of cybersecurity and the financial and reputational impact a data breach can have to myself or my business.

How are you or your business using cloud computing? What methods are you using to secure your data?

Aaron Rose is an advisor to talented entrepreneurs and co-founder of great companies. He also serves as the editor of Solutions for a Sustainable World.

No comments:

Post a Comment