Several months into the COVID-19 pandemic, many of us are still working remotely, and our organizations are still adjusting. Top of mind for every IT leader in this current landscape is meeting users’ needs for seamless access to resources while safeguarding the business from cyber threats. The highest priority for identity decision-makers, according to a recent study commissioned by Microsoft, is enabling highly productive user experiences.
I recently participated in a webcast on this topic with Rob O’Regan, global content director of IDG, and Bob Bragdon, senior vice president and managing director at CSO. We discussed the security perimeter of remote work and how a security strategy with identity at its foundation both reduces risk and improves productivity. You can watch the full webcast here. I’ve summarized my takeaways from the discussion below.
Identity is the foundation for your Zero Trust security strategy
Even before so many people started working from home earlier this year, the traditional corporate network perimeter had disappeared. People were already getting their work done using a variety of devices and software as a solution (SaaS) applications. Boundaries hindering digital collaboration were falling away. During this shift, identity became the control plane for security, because it provides effective access control to all digital resources for all users, including users who may be partners, customers, or even devices or bots. Identity solutions also give IT managers visibility into their entire digital estate.
In our interconnected world, relying on the old paradigm of corporate firewalls and VPNs isn’t an effective approach to enabling and securing remote work. That’s why many organizations accelerated their digital transformation plans once COVID hit. For organizations like these, Zero Trust—with identity as the foundation—represents a stronger security strategy, as well as a worldview more in line with current times. It replaces the assumption that everything behind the corporate firewall is safe and trustworthy with three simple principles: verify explicitly, use least-privileged access, and assume breach. A Zero Trust approach validates all touchpoints in a system—identities, devices, and services—before considering them trustworthy.
Seamless access to applications improves employee productivity
A good first step away from traditional perimeter-based defenses and toward an identity-based security framework is connecting all your apps to a single cloud identity solution like Azure Active Directory (Azure AD). This allows your employees to sign in to all their work apps with one set of credentials using single sign-on (SSO). Through centralized experiences like the My Apps portal, they can easily discover and access all the applications they need, including Office 365 apps; SaaS apps, including Adobe, Service Now, Workday; on-premises apps; and even custom-built lines of business apps.
Getting secure access to apps doesn’t have to be a cumbersome experience that sacrifices workforce productivity. Take passwords, one of the biggest roadblocks to secure and productive access. For years, the security community has told users to create a unique and complex password for each account—and to change their passwords frequently. But, to make their lives easier, people often reuse passwords or choose ones that are easy to remember, which makes them easy for attackers to guess. Passwordless technology is more user friendly and secure than traditional account access models.
Unifying access management with a single cloud identity solution reduces costs
Companies dealing with pandemic-induced budget constraints are seeking efficiencies. A survey we ran earlier this year found that customers have, on average, up to nine identity solutions, all from separate vendors. As you can imagine, running multiple disparate solutions is not only complicated but also expensive.
Earlier this year, we commissioned a study with Forrester to analyze the economic benefits of securing all users, devices, and apps using a single identity solution. The results: customers who secure all their apps with Azure AD can achieve an ROI of 123 percent by retiring on-premises infrastructure, preventing data breaches, and reducing helpdesk costs.
Users also benefit since they no longer have to navigate different identity systems or sign-in separately to every application. In fact, Forrester estimated that using a single identity solution saves each employee 10 minutes a week on average, which amounts to almost nine hours a year per employee.
A cloud-based identity solution offers unique security benefits
When you use a cloud-based identity solution, cloud-based intelligence helps protect your users against account compromise. Every day, Microsoft machine learning algorithms work behind the scenes to identify risky activities and compromised users by combing through over 170 terabytes of data, including signals from billions of monthly authentications across Azure AD and Microsoft accounts.
Our Azure AD Identity Protection solution, with real-time continuous detection, can alert you to suspicious sign-in behavior and automatically respond to prevent the abuse of compromised identities. For example, it detects “impossible travel,” which happens when the same user account attempts to sign-in from different physical locations in a time period too short to accommodate physical travel from one location to the other. Depending on the policy you set, the system can invoke a password reset or require multifactor authentication, and revoke all existing access tokens. But you can only strengthen your security posture with these detections and automated remediations—especially as the threat landscape evolves—if your identities are in the cloud.
Watch the full webcast with IDG
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.