Rachel Coyne on 27 Apr 2021

Security: Identity is the new central defence and apex of control

The physical boundaries of your organisation are inconsequential when it comes to protecting the cyber security perimeter. The explosion of apps, devices, and users blurs barriers between who is in your network and out of it. Your organisation’s security perimeter now extends to every access point that hosts, stores, or accesses the organisation’s resources and services.

Today’s complexities of remote working and rapid digital transformation make it difficult for organisations to manage identities and protect user credentials. If your organisation relies solely on on-premises firewalls, VPNs, and passwords, inadequate protection from threat vectors is a dire consequence.

Knowledged-based authentication is a hazardous security strategy

A username and password alone should not be treated as identity. And the assumption that identity can somehow be assured based on knowledge-based authentication (KBA) is inaccurate. Using Google Search and a bit of social media trawling, hackers can quickly discover our mother’s maiden name or our favourite pet’s name. And there are so many services that have no reason whatsoever to have our date of birth but do.

Information from hacked databases or data aggregators is available for hackers to purchase. Hackers use this information for phishing and spear-phishing attacks to access individual accounts, infiltrate systems, and obtain detailed user information, therefore rendering KBA security questions worthless.

Relying on KBA enforces the idea of a ‘walled garden.’ A metaphor for a security perimeter around a system, with its interior a whole new world. Once a user gets through the security perimeter using KBA credentials alone, they’re free to roam around on the inside and do whatever they like.

Identity as security

Multi-factor authentication

The Australian Cyber Security Centre states that multi-factor authentication (MFA) is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information. When implemented correctly, MFA can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

Adoption rates of MFA are low in the consumer world because people don’t know its value proposition or even what it is. If it’s too hard for a consumer to log on to a B2C website, chances are they will go somewhere else. Furthermore, we see organisations that are hesitant to push MFA out as well. Microsoft’s Office 365 has the highest adoption rate of any SaaS application, but we are not seeing its MFA being utilised at the same pace. Reticence for enabling MFA usually comes down to disrupting user experience and fears around setup complexities.

Only hackers love passwords!

Verify identity with strong authentication to establish trust

Considering that 81% of data breaches are linked to weak or reused passwords, user experience does not compare in risk severity to a cyber attack. In the Microsoft Digital Defence Report (Sept 2020), data shows that having MFA enabled would have prevented most reported cyber-attacks between Oct 2019 to July 2020. Microsoft says MFA works to such an extent that it prevents 99.9% of cyber-attacks from breaching accounts. If your organisation is using Office 365, it has a solution to establish strong checkpoints that mitigate potential threats while also enabling employee productivity.

Manage identities and access in Microsoft 365 with Azure Active Directory

Conditional Access Management

Conditional Access is a powerful feature in Microsoft’s identity arsenal. It has been part of Office 365 since early 2020 (with Azure Directory Premium) and Microsoft 365. Conditional Access is a tool in Azure Active Directory that allows you to enforce access policies organisation-wide and make decisions based on signals from user and device identity. Signals can include user or group membership, IP location, device, application, and real-time risk detection. Your organisation can use these identity signals to set up access control policies and decisions. The decisions typically include blocking access or granting access with conditions. Your organisation can set up its policies based on the signals such as requiring MFA for administrator roles or certain management tasks or blocking access from specific locations or devices. Conditional Access policies are enforced after first-factor authentication is completed and uses signals from these events to determine access.

Azure AD Conditional Access

Azure AD Conditional Access – identity and access management

Privileged Identity Management

In contrast to Conditional Access that applies to everyone in the organisation, Azure Active Directory Privileged Identity Management (Azure AD PIM) is at the apex of control. Azure AD PIM is an identity-based security tool (in Azure AD Premium P2) enabling you to manage, control, and monitor access to essential resources in your organisation. You don’t want privileged accounts to have unnecessary access to critical apps and infrastructure, as it can put your organisation at risk. Azure AD PIM provides time-based and approval-based role activation and mitigates the risks of excessive, unnecessary, or misused access permissions.

Azure AD PIM overview

Reduces exposure to attacks targeting admins

  • Removes unneeded permanent admin role assignments
  • Limits the time a user has admin privileges
  • Ensure MFA validation prior to admin role activation

Simplifies delegation

  • Separates role administration from other tasks
  • Adds roles for read-only views of reports and history
  • Asks users to review and justify continued need for admin role

Increased visibility and finer-grained control

  • Enables least privilege role assignments
  • Alets on users who haven’t used their role assignments
  • Simplifies reporting on admin activity

Treat identity as the primary security perimeter

Identity is the new security perimeter in the cloud world. Employing a security model that ignores that fact and allows credentials without challenge or validation is not a good practice. In fact, it puts your organisation at significant risk by rolling out the red carpet to cybercriminals. At the very least, your call to action today is to activate multi-factor authentication across your organisation.

If you are concerned about your organisation’s ability to withstand a cyberattack and protect your employees and critical data, the Satalyst Team can help. We can help your organisation uplift with Microsoft Security or get the most out of the licences and tools you already have to improve your security posture.

Get in touch with our local team today at info@satalyst.com or 08 9355 2807