The days when users accessed corporate applications and data via desktops at the office are long past. Mobile devices enable anytime, anywhere access to both internal and cloud-based resources. The traditional network perimeter no longer exists.
Security is not defined by a place that organizations can enclose to keep cyber criminals out. Instead, identity has become the new perimeter. Every time a user accesses a resource, there’s a potential risk to the organization. The only way to prevent unauthorized access to applications and data is to carefully manage user credentials and entitlements and implement robust authentication mechanisms.
In many organizations, however, cybersecurity remains focused on firewalls, intrusion prevention systems and other perimeter defenses. Identity and access management (IAM) is a process rather than a core element of the security strategy. User entitlements are issued based upon traditional roles and rubberstamp approvals, with limited consideration of the access requirements of a specific individual.
In many cases, user identities must be manually updated across disparate applications and resources, leading to mistakes and delays that impact productivity and increase security risks. Worse, IT may have little to no control over access to cloud-based and mobile resources — particularly “shadow IT” applications.
The risks associated with this approach are enormous. After all, human beings are the weak link in the security chain. Cyber criminals use social engineering and phishing attacks to steal user credentials, which allow them to enter and traverse the corporate IT environment undetected. According to the 2017 Verizon Data Breach Investigations Report, 62 percent of breaches involve hacking, and 81 percent of hacking-related breaches used stolen or weak passwords.
In order to combat these threats, organizations need a holistic approach to IAM, with visibility into users and entitlements across the enterprise. Automated tools should map corporate policies onto all systems and resources to ensure that users have appropriate access to the right resources at the right time.
AdaptivEdge helps organizations simplify, automate and fortify IAM using Azure Active Directory Premium, the cloud-based directory and identity management service that powers Office 365. Azure Active Directory Premium goes beyond basic directory services, providing a full suite of identity governance and access management capabilities. It enables privileged account management, role-based access control, multifactor authentication, and device registration, and provides advanced monitoring, auditing and alerting.
Its point-and-click interface makes it easy to extend on-premises Active Directory implementations and other directory services. This provides consistency across the hybrid environment. and enables organizations to leverage their existing investments and operational workflows to manage access to cloud-based resources.
Azure Active Directory Premium works seamlessly with thousands of on-premises and web-based application, providing users with single sign-on access to all of the resources they need from a personalized portal. Self-service features enable users to manage their passwords, reducing the burden on the help desk.
Microsoft delivers Azure Active Directory Premium out of 28 data centers around the world with automated failover for 99.9 percent availability. Identity data is replicated across two of more data centers in different regions to ensure instant access.
It only takes one compromised credential to cause a security breach. Let AdaptivEdge help you leverage Azure Active Directory Premium to secure the new identity perimeter.
Written and composed by one of our Microsoft System Engineers, Raul R. Perez II