Identity and access management
With the growing popularity of cloud applications, social networks and web portals, which we use in our day to day accessing with different credentials (user) but often, reusing the same password (avoiding having to remember so many). This way of acting of the users in their personal life carries a huge risk. Why? To begin with, the number of (known) leaks of data from users of large social networks and consumer services in the last 12 months are extremely high (“Facebook”, “Movistar”, “IESE”, “Adidas” , “Job Talent”, “Ticketmaster” among many others), so the security threat For companies it is enormous since cybercriminals, once they have a personal username and password, easily find out where that person works and then try with the same password to access the sensitive information of the companies where they work, succeeding in many cases. At the same time, cybercriminals also use massive campaigns to send fake emails asking our users (to their corporate or personal email) to enter any site in order to steal a password. And every time they do it better.
To avoid the risk that all this entails, it is necessary to protect the identity of our corporate users and for this EMS includes Azure Active Directory Premium (AAD Premium), which helps guarantee access to applications and data only to people who really are who they claim to be.
In addition, it offers us the ability to apply smarter restrictions through three key features:
” Conditional access “: Before, companies could only ask for things like: “That users can only access from within the company!”, But now … they can ask us: “That users can access from outside the company, but establishing conditions as needed “(only from authorized corporate or personal devices, only from known locations, forcing the use of multi-factor and / or preventing the extraction of information, among other requirements). Doing a simile, you can think of Azure AD conditional access as the security doorman of a building Well, he welcomes good neighbors while challenging others to confirm his identity and deny entry to completely strangers, or … perhaps he will let them pass, telling us that he is coming up and accompanying him.
” Identity Protection “: Criminals try almost 100 million fraudulent logins a day and we should know if any of them impact us. For this, the “Identity Protection” reports offer us intelligence to detect and inform IT of suspicious logins such as those that would imply a trip to a strange place to date or impossible due to the time between a login and another (detecting the intrusion by the probability that they may actually be different people) or locating user passwords for sale online. Also, next to ” Conditional Access“, offers us the power to allow users to connect as long as there is no risk in their session (for example, if they did it from a computer with viruses or malware) or only letting them connect if they change their password when the system know that it has been stolen. Making a simile, this feature would be like a lookout who observes and provides relevant information about what is happening in the environment, so that you can act accordingly.
” Managing privileged identities “: Compromising an account is always a possibility and the best way to reduce risk is to assume that there has been or will be a breach. But, if a compromised user account is a problem, if the user has administrative privileges the situation becomes catastrophic., so it is critical to minimize the possibility that a compromised account will end up with uncontrolled administrative permissions. This tool precisely offers us to ensure that we have the minimum number of administrator users, being able to offer administrative permissions from time to time, when required, only temporarily and even automatically (under certain circumstances). Making a simile, it would be like when a smart card is given to enter the hotel’s Spa, but once our stay is over, the card stops working.
|· Two-step authentication.
||· Conditional access: Real-time, risk-based control
|· Validation without password (using mobile).
||· Identity protection (alerts of anomalous behavior, compromised credentials and vulnerabilities).
|· Single sign-on for all apps (even non-Microsoft apps).
||· Privileged identity management (Enable temporary administrator permissions on demand for specific tasks).