Category Archives: Zero Trust

Three essential elements of a successful Zero Trust cybersecurity program

Organizations have traditionally deployed cybersecurity approaches that adhered to the phrase made famous by President Ronald Reagan: “Trust, but verify.” This meant that most users and activities were considered “safe,” as long as simple standards were met – like logging in from within the network. However, with the ever-increasing volume, velocity, and sophistication of modern threats originating from both outside and inside organizations, “Trust, but verify” no longer suffices. Instead, senior security professionals and their … More

The post Three essential elements of a successful Zero Trust cybersecurity program appeared first on Help Net Security.

Cyberattacks and the five key enterprise security challenges to improve on

Estimated reading time: 2 minutes

Cyberattacks are the new norm right now. Just recently, the United States and Iran were in the middle of a heated skirmish where it is reported that the US had launched a cyber-attack against the country. In India, a cyber-attack caused mayhem and delayed many flights at Kolkata airport in April. This has apparently brought into focus the importance of cybersecurity in this day and age. Enterprises hence must stay committed and ensure they have their security systems in place.

A few major enterprise security challenges in recent times have been:

  1. Adopting a zero-trust approach

Organizations could consider adopting a ‘zero-trust’ approach to network security. Introduced by American market research giant, Forrester Research, the zero-trust network model eliminates the concept of a perimeter and calls for enterprises to inspect all network traffic without any classifications of ‘inside’ and ‘outside.’ Basically, no user or traffic is considered ‘authorized’ and all access to a specific network is governed by the same set of rules. Basically, there is ‘zero-trust’ in this model – all traffic to the network is untrusted and must be validated before allowed entry.

  1. Filling the cybersecurity skill gap

Cybersecurity is one of the functions which is almost continuously fighting a talent gap. A Frost & Sullivan report observed that the global cybersecurity workforce will have more than 1.5 million unfulfilled positions by 2020. Enterprises must find a sustainable solution to fill this gap and address it by looking beyond degrees and investing in constant certification courses.

  1. Underestimating the importance of patches and updates

While enterprises have woken up to the danger of cybersecurity and are taking measures to invest in enterprise security solutions, one challenge that often arises is a lack of maintenance. In this case, cybersecurity maintenance means keeping security software along with other essential programs updated and patched, that too, regularly. However, enterprises often miss out on updates making them extremely vulnerable. This is precisely the reason Seqrite Endpoint Security (EPS)’s Patch Management tool offers a centralized patch management strategy to remediate all application vulnerability patching needs.

  1. Ensuring compliance with regulations and norms

Thanks to the advent of GDPR in 2018, many businesses have woken up to the importance of data governance and compliance and taken some of the initial steps. But this has to be just the beginning. Data governance and compliance should not be done just because it has been mandated, because then businesses will just be ticking a box without really understanding the significance of what they are doing. Proper data governance and compliance policy benefit an organization in more ways than just making them compliant with the latest norms.

  1. Social engineering

An organization’s employees can be their biggest asset or liability. Unless they are also taken along the cybersecurity ride, it will be difficult for them to identify breaches, plug loopholes or not get taken in by phishing emails. For this, regular awareness and training are important.

Seqrite’s Unified Threat Management (UTM) provides a one-stop solution for many of the problems identified above. It acts as the first line of defense providing IT security management, a safe working environment, high productivity, regulatory compliance in a cost-effective bundled solution.

The post Cyberattacks and the five key enterprise security challenges to improve on appeared first on Seqrite Blog.

Enterprises catching up with the explosion of cloud use and shadow IT in the workplace

Businesses worldwide are gaining control of previously unmonitored and unsupported cloud applications and devices, known as shadow IT, that lurk in their IT environments, according to the 2019 Duo Trusted Access Report. The average number of organizations protecting cloud apps with Duo surged 189 percent year-over-year, indicating that enterprises are catching up with the explosion of cloud use and shadow IT in the workplace. In addition, the frequency of out-of-date devices has dropped precipitously, hardening … More

The post Enterprises catching up with the explosion of cloud use and shadow IT in the workplace appeared first on Help Net Security.

5 principles driving a customer-obsessed identity strategy at Microsoft

The cloud era has fundamentally changed the way businesses must think about security. For a long time, we built security around the perimeter. But today, the boundaryless landscape demands that we start with the individual.

In our journey with customers co-designing our products and services, Microsoft has learned that our identity solutions need to do more than just support employee productivity. We have to take things further to ensure our solutions empower our customers to work more closely with their business partners and nurture deeper relationships with their customers, who want help not just securing their personal information, but also protecting their privacy. The problems our customers need to solve, and the scenarios they want enabled for the future, have shaped the design principles guiding our identity strategy.

Embrace open standards

The world of cloud and devices is inherently heterogenous. Our customers, their partners, and their customers will use many devices, apps, and services from many different vendors. The complexity of managing and securing such a mixed environment could be overwhelming if not for open standards. For example, OAuth 2.0, OIDC, and SAML enable single sign-on across apps and clouds from multiple vendors, SCIM enables automated user provisioning, and the new standards from the FIDO alliance make signing in more secure. This is why every API and protocol Azure AD supports is based on open standards and why Microsoft is actively engaged in all the major identity standards bodies.

Offer industry-leading security

Our goal is to create an identity system that’s secure and private from the ground up. This means blocking every avenue of attack that we can. Enabling MFA reduces credential-based security breaches by more than 99 percent, but there’s still risk from people mishandling their passwords or getting tricked into handing them over. Adopting FIDO with the recently ratified WebAuthN standard makes it possible to eliminate passwords altogether, replacing them with a biometric device or a phone. If you have a Microsoft Account, you can go passwordless today. Soon, passwordless sign-in will be an option on every Microsoft platform and application, as well as for third party applications that integrate with Azure AD.

We now put the full power of the cloud behind every authentication request. Using Azure AD Conditional Access as a starting point, organizations can implement a Zero Trust security strategy that examines not only the identity of the user, but also the type and health of their device, the properties and reputation of the network they’re connecting from, the app they’re using, and the sensitivity of the data they’re trying to access. This not only makes security stronger, it also improves the user experience. For example, we can employ cloud-scale machine learning algorithms, which process trillions of signals daily, to learn each user’s common behavioral patterns and flag authentication attempts that are abnormal or high risk. This way, policies invoke MFA or other additional measures only when necessary, making the experience less interruptive to users.

Make governance easier and more automatic

Implementing strong governance strengthens security guardrails, but most customers find the task daunting. Granting access is easy. Remembering months later to remove access for each person who may have changed roles is not. Identity systems should make it easier to assign the right access to the right people, for example, by automating user access provisioning and deprovisioning based on a user role, location, and business unit. It should be easier for employees and partners to request access when they need it. And most importantly, the system should prompt administrators to review access permissions on a regular cadence or when people change roles. And all of these processes should be driven and informed by world class machine learning and AI which constantly monitor for unusual patterns and unrecognized risks.

Deliver a comprehensive solution, not building blocks

One of the key things we’ve learned from our enterprise customers is that they’re sick and tired of cobbling together identity solutions based on mix and match sets of identity building blocks acquired from a myriad of vendors. They want a holistic solution that supports all their applications and all their different identities while giving them security and control without the gaps that inevitably occur when multiple point solutions are patched together. We’ll do this by delivering a completely integrated identity and access management suite that gives them a single place to go to manage—and protect—all identities, whether they belong to employees, business partners, or customers and all of the resources, they need to access.

Give people control over their information

A holistic solution that accepts identities people bring with them is a necessary prerequisite to the vision of decentralized identity. Microsoft believes everyone has the right to own and control their digital identity—one that securely and privately stores all personal data. To achieve this vision, we need to augment existing cloud identity systems with one that individuals, organizations, and devices can own so they can control their digital identity and data. We believe a standards-based decentralized identity system can unlock a new set of experiences that empowers users and organizations to have greater control over their data—and deliver a higher degree of trust and security.

Taking the next step

Everyone in the identity division at Microsoft is passionately committed to ensuring the systems we build empower people to do their best work and live their best lives.

If one thing is clear, though, these identity initiatives are a journey. Over the coming months, we’ll invite you to participate in a series of technology previews, where your feedback will help shape how identity services will take us closer to a world without passwords, where organizations can easily manage and secure complex environments, and individuals can worry less and stop making trade-offs among ease of use, privacy, and security. Working together as an industry, we’re building a better path to security and privacy, anchored around the one constant in this fast-moving, heterogenous world—you.

The post 5 principles driving a customer-obsessed identity strategy at Microsoft appeared first on Microsoft Security.