By Hiram Machado
This post originally appeared on LinkedIn. It is published here with the permission of the author.
Over the past few years, there has been some momentum around this concept of digital transformation. According to Wikipedia, “Digital transformation is the change associated with the application of digital technology in all aspects of human society.” As more organizations of all shapes, sizes and geographies from different industries start to embrace the cloud and mobility along with infusing machine learning and artificial intelligence into their products and services, these changes open possibilities and value to customers that were previously unimaginable.
The Importance of Identity Management
At the center of this digital transformation, there is identity management. Identity management is the science of identifying an individual who has access to your system or systems. Managing identity properly will allow you to deliver your services or products and control access for these individuals by understanding who they are, what can they do in your system and how to make sure the proper rights and restrictions are in place.
The idea is this: Rather than creating and maintaining identities (credentials or usernames), managing passwords and implementing all the mechanisms to protect these usernames and passwords, organizations avoid the effort and maintenance required and depend instead on other major identity providers. These providers include Facebook, Hotmail, Google, LinkedIn and others. The credentials from these providers can be leveraged to either grant or deny access to the organization’s own systems — avoiding the effort of developing and maintaining user credentials.
Credentials are Susceptible to Security Breaches
The reason identity management is so important is that many cyberattacks leverage weak or stolen passwords. We are now connecting so many devices to our network infrastructure that wherever a connection is established there is potential for a data leak, which could include usernames and passwords.
Aside from different devices connected to your network, people are connecting from different places and different networks and they may access an organization's data using a third-party application that was not developed by the organization itself. All of this opens the possibility of identity theft.
Protecting identity (or credentials), has become one of the most important aspects of cybersecurity today. Using technologies that will allow the organization to leverage the major identity providers described above is one step toward securing users’ identities.
Convenience for the User
The dilemma is to find the right balance of convenience to the user of the services or products while protecting the environment at the same time. Microsoft Azure Active Directory (Azure AD) is one option to help organizations stay secure and also provide a convenient way for clients, associates and employees to have a seamless experience to digitally interact with the organization.
Azure AD already has connections to thousands of the most popular SaaS applications, allowing the users of Office 365 to log in with the same identity to all of them. Organizations can choose to require multi-factor authentication (MFA) under certain conditions. For example, if the user is connecting from a new location, the system can send him a code via text message, or via an automated call and he will only be allowed to log in if he enters the provided code.
In addition to the technical implementation of provisioning, managing and purging identities, Azure AD is also comprehensive and integrated with all the Microsoft ecosystem, both in the cloud and on-premise. Additionally, Azure AD is connected to the intelligence system at Microsoft called the Microsoft Intelligent Security Graph, which analyzes about 450 billion authentications every month looking for anomalies and potential threats and proactively addresses those threats to prevent Azure customers from becoming a victim of cyberattack.
When you think about identity-driven security capabilities, they fall under three categories:
- Protect the Front Door
Implement capabilities such as conditional access, MFA and other intelligent ways to validate that the user is indeed who he is claiming to be.
- Patrol the Environment
Look for user behavior patterns while they are in the network. If they are doing something different from what they usually do, that might be a red flag.
- Act in Case of Incident
Have the appropriate tools to block any further penetration and stop the ability of the perpetrator to do any damage to the system even when he/she has successfully penetrated.
Identity is the new perimeter of network security. Moving forward, it is going to be more important than ever for both organizations and individuals to ask the question, "Am I doing everything I can to systematically protect my personal and my clients' or associates' identities in my systems?”
About the AuthorHiram Machado, adaQuest CEO, has over 20 years' experience across a variety of roles in the IT and localization industries, and is a regular speaker on GDPR (general data protection regulation), privacy and cybersecurity topics.
Established in 2001, adaQuest provides project management, strategic planning, cybersecurity and compliance services to organizations around the world. Headquartered in Bellevue, WA, adaQuest is a Microsoft Certified Partner for Cybersecurity and Compliance and has helped many organizations across the U.S. prepare for GDPR and prevent cybersecurity issues.
Connect with Hiram