Posts

4 Pillars for Integrated Security

All of us have data and services in the cloud and on-site. Whether we have local servers or just our laptops, securing your business means an integrated security strategy. These 4 pillars for integrated security create a foundation that can be applied and adapted for your business.

4 Pillars for Integrated Security

1Identity and Access Management (IAM)

IAM protects users’ identities and controls access to valuable resources based on user roles and responsibilities, risk levels, and regulatory (or policy) requirements. IAM solutions are often a collection of logins, each with their own requirements and processes, such as multi-factor authentication.  Integrated IAM solutions simplify the user experience, improve security, and lower hard and soft costs.

2Advanced Threat Protection (ATP)

ATP protects against advanced threats and, if done well, helps you recovery quickly when attacked.  ATP is more than “next gen” email protection.  ATP applies to threats from infected websites and human behavior exploits. Integrating ATP into your security architecture helps prevent increasingly sophisticated attacks from succeeding.

3Information Protection (IP)

Information Protection shares the same acronym, IP, as intellectual property.  This fits well as Information Protection ensures your documents, emails, and other communications are seen only by those authorized to do so. IP uses encryption, advanced access controls, recipient validation, and other services to manage data visibility. Integrated Information Protection is key to security hybrid cloud/on-site environments effectively.

4Security Management

Security Management gives you visibility and control over your security tools, processes, and activities. As part of an integrated security architecture, Security Management empowers you to assess risk and compliance, manage services, and respond effectively.

Make it Happen

How do you know if your security architecture is up to stuff?  Do you have opportunities to simplify security for your team?  To save money?  Here is a roadmap.

ASSESS

Assess your current security architecture against your regulatory, industry, and business requirements. Ensure you have the necessary components, policies, and procedures. Assess the “user experience” and look for ways to simplify. If security is a burden, users will finds ways to sidestep the protections.

PLAN

Plan you updated security integration. Understand the impact on your systems, and your people, and how you will make the changes. Communicate your needs and plans, as communications is key to success.

EXECUTE

Make the changes.  Too often, needed solutions get delayed or dropped as other issues arise.

Next Step

Security, Privacy, and Compliance is a cornerstone of what we do. Contact us to speak with a Cloud Advisor; we are here to help.

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain

 

 

3 Reasons to Consider Replacing Active Directory

Identity ManagementActive Directory was designed for on-premise local and enterprise networks.  As the use of cloud continues to move forward, Active Directory has not adapted as quickly as needed to provided robust, unified, identity management.  Here are three (3) reasons to consider replacing (or augmenting) Active Directory.

1) Active Directory is not “Cloud Ready”

According to a survey by security firm BetterCloud, almost 50% of SMBs will be all cloud by 2020, up from 15% today. Even SMBs are using more than one cloud service.

Keeping Active Directory means setting up sync services and other tools across multiple cloud platforms — a complex and expensive solution.

2) Users are Mobile and Working Remotely

Global Workplace Statistics reports that between 20% and 25% of employees already work remotely on a semi-regular or regular basis. And, 50% of employees hold jobs that are compatible with remote work. Since 2005, remote work has grown 103% and continues to grow.

Keeping Active Directory means requiring employees to log into the corporate domain when working remotely, typically by VPN. This is slow and cumbersome for users, and expensive to setup and maintain.

3) The Windows-Only World is Gone

Macs are normal part of the ecosystem; Computerworld reports that 90% of Fortune 500 companies officially support Apple desktops, laptops, and tablets. Chrome devices are starting to move from education to the business market. And, most employees work at least some of their day on smartphones or tablets; iOS and Android are now business operation systems.

Keeping Active Directory means bridging identity management and policies between network operating systems or adding third party products to properly manage users and devices.

The good news is that you do not need to live with the cloud-related limitations of Active Directory. You can run directory services, manage identities, and control access to devices (even when off-network) with cloud-based directory services. These services simply administration and provide a single system of record for user identities.


Want to learn more or give it a try? Contact us and we will show you how.


 

Single Sign On Misses the Mark for SMBs

Directory as a Service
As you move your small or midsize enterprise into the cloud, you will face new challenges around identity management.  Historically, identity management was an operational issue that managed user logins to desktops and local area networks. As you move to the cloud, the network is no longer local. Your network includes the suite of applications and services run and hosted by others. Identity management is now a security issue that should control access to your cloud applications, data, and services as well as your computers and mobile devices.

Single Sign On for SMBs

Even with the proliferation of usernames and passwords, most SMBS are not investing in Single Sign On (SSO).  With many applications using federated or 0Auth login services from platforms like Google Apps or Office 365, SMBs expect users to adapt and manage their identities. The result is a mix of usernames, passwords, and connections without a clear system of record and no centralized management. And while Single Sign On can help eliminate this mess, most SMBs struggle to justify the value.  In addition, SSO solutions lack the ability to manage access to devices, WiFi services, and other resources.

With SSO in place, you still need to manage and maintain a directory service. Directory services, such as Microsoft’s Active Directory and the many LDAP solutions are, in theory, capable of managing more than on-premise systems. Actually integrating directory services, however, is complex, costly, and requires regular maintenance.

Directory-as-a-Service and Identity Management

Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure. Features of a cloud-based directory service include:

  • Mac, Windows, and Linux devices are all treated as first-class citizens
  • Tight integration with Office 365 and Google Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
  • Single Sign On integration with other cloud applications and services
  • Improved WiFi security that connects the authentication request to the directory service
  • Multi-factor authentication at the system level
  • Hosted LDAP capabilities can eliminate the need to have an on-prem LDAP server

In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform.


Learn more about Directory-as-a-Service and JumpCloud (our preferred DaaS solution) at our 3T@3 Webcast on October 18th, or contact us for a free, no obligation Cloud Advisor Session.