Introduction

What was once a tranquil calm here in the United States just a few weeks ago has now turned into almost public hysteria.  We have seen volatility in the financial markets at unprecedented levels, and the American economy is systematically closing itself down from the outside world by making employees work from home for the next few weeks.

While the concept of working remotely is nothing new, the rate at which it is happening is forcing Corporate America to hastily prepare laptops and other wireless devices to allow for this move to happen.  With this, the probability of disregarding security policies and procedures is extremely high, thus greatly increasing the attack surface for the Cyberattacker to penetrate into.

So, while the intent may be an effort to stop the spread of the Coronavirus, the flip side to all of this is that businesses are now at a much greater risk of becoming a victim of a Cyberattack.  But there is a solution to alleviate much of this risk, and that is using a Cloud based infrastructure, such as that of Azure, so that employees can access company resources in a safer and more secure fashion.

The Security Advantages of Using the Cloud (Azure)

To start off with, rather than incurring extra licensing fees for the deployment of Microsoft applications (such as that of Word, Excel, and PowerPoint) onto actual physical laptops and other types of wireless devices, it would be a far more strategic investment to simply purchase an Office 365 (aka O365) subscription via the Cloud.

For example, the pricing is fixed and very affordable (for example, a single user license for an SMB costs only about $10.00/month), and from here, your remote employees can very easily access all of the applications that they need in order to conduct their daily job functions.  Of course, the more employees you have, the licensing fees will go up, but it will stay predicable and within budget.

With an O365 subscription, all of the applications that your remote employees will ever need are available quickly and easily, with just a few clicks of the mouse.  The illustration below shows what is all that is available:

(SOURCE:  1).

In this regard, all that your IT Security team needs to be concerned about is to make sure that all of the security features (as mandated by your Security Policy) are installed onto the brand new laptops and/or wireless devices that you are about to issue to your remote workers.  The extra step of having to download the separate Microsoft applications is no longer needed, as well as applying the latest software updates and patches.  This is all taken care of by your Cloud provider.

On top of this, the O365 subscription package also directly comes with 14 built in security features as well as associated ones, in order to make sure that all of your mission critical information and data remains as secure as possible, and of course, out of the hands of the Cyberattacker.  Here is a sampling of what is offered:

1. Multifactor Authentication (MFA):

In a technical sense, this simply means using at least three layers or more authentication levels in order to truly confirm the legitimacy of the remote employee that is attempting to gain access to the shared resources.  For example, after the remote has submitted their username and password combination, you can also set up their individual profiles so that they will either receive a phone call or text message.  He or she will then be a given access code, in which they will have to enter into the keypad on their phone, or into their 0365 account before they are allowed access to anything.  It should be noted that this is a free feature on an 0365 account, and of your business has also procured either the Azure AD premium plan or On-premises Identity Federation with O365, you can even set up higher levels of MFA, such as making use of Biometric Technology (primarily that of Fingerprint Recognition and/or Iris Recognition), and Smartcards.

2. Azure Active Directory (AD) Conditional Access:

If your business is large enough, more than likely, you will be making use of what is known as the “Active Directory”.  This is a hierarchical type of technological that was developed exclusively by Microsoft, which can information about the various objects that are stored from within your IT/Network infrastructure.  Typically, these objects are various computers, servers, and other wireless devices that gains access to it.  Active Directory can be run as both as On Premises and on a Cloud based platform, such as that of Azure.  In this instance, of the main security concerns is that only the authorized remote employees should be able to gain access to the shared resources.  With the AD Conditional Access tool, you can make sure that only those devices that are both compliant and trusted can actually gain access. This is a policy-based approach, and the conditions for gaining access include the following variables:

  • Type of device;
  • The attributes that have been assigned to the remote worker;
  • The Operating System (OS) that is being used;
  • The type of client application that is being used to attempt logical access entry;
  • The geographic location of the network login.

3. The Cloud App Security (CAS):

This is a specific application which allows your business to collect log based information and data, making use of various types of API connectors, and even reverse proxy (this is where the Web application that is used by the remote employee sends a specific shared resource request to the reverse proxy, and then is forwarded to a server to see if the request can be fulfilled – it can be, the result is then sent back to the reverse proxy and from there, to the Web application).  The advantages of using the CAS include the following:

  • Tracking down those software applications that have not been approved by the IT Security team (this is also known as “Shadow Management”);
  • You can quickly and easily protect those datasets that are deemed to “At Rest” (meaning they are not being used at the present time);
  • Detect any abnormal, suspicious, or anomalous network behavior;
  • Making sure that the Cloud based apps you create are compliant with the various federal data privacy regulations, such as those of the GDPR and the CCPA.

4. The Microsoft Management Agent (MMA):

This is a specialized type of service also developed exclusively by Microsoft that allows for the IT department of your business to report back to the optimal levels and the health of various workstations, servers, and other wireless devices that have been specifically assigned to the MMA, especially those devices that have been assigned to your remote employees. The reports contain such information as:

  • Performance metrics;
  • Event logs;
  • Trace information.

You can even use the MMA in order to gauge the overall health of your IT/Network infrastructure on a real time basis.  It should also be noted that the MMA operates in three specific modes, which are as follows:

  • The Monitor Mode: This collects all of the metrics and network-based events that you want to capture;
  • The Trace Mode: This feature can gather what is known as “IntelliTrace” data that is used by Visual Studio;
  • Custom Mode:  This allows the Network Administrator to make specific changes in order to allow for customized monitoring to take place of the IT/Network infrastructure.

5. Microsoft Defender Advanced Threat Protection (ATP):

This is another service available from Microsoft, which can help your business to detect, further investigate, respond to, and even help to mitigate any type or kind of Advanced Threat that is posed to the network connections and the shared resources that your remote employee is currently making use of.  It consists of the following features:

  • Endpoint Behavioral Sensors: This allows you to monitor in real time the overall security posture of your network endpoints.
  • Cloud based Analytics: This functionality makes use of Machine Learning (ML), Artificial Intelligence (AI), and Big Data to give you both detailed insights and recommendations as to what you should to protect your business in your current Cyber Threat Landscape.
  • Threat Intelligence: This service allows your IT Security team to correctly and properly identify those tools that are used by the Cyberattacker as well as they procedures they use in order to launch new threat variants towards your lines of defenses.

The illustration below summarizes all of the features in the ATP:

(SOURCE:  2).

6. Mobile Application Management (MAM):

This is a general feature which allows your IT Security team to “. . . publish, push, configure, secure, monitor, and update” the mobile apps that your remote employees are currently using on their company issued devices.

(SOURCE:  3).

In this regard, the tool that has been specifically developed by Microsoft for this purpose is  known as “Intune”.  It can be used by both 0365 and Active Directory and can be leveraged across both Android and iOS-based platforms.  By using this, you can be rest assured that only legitimate mobile apps are deployed across your wireless devices and are compliant with your Security Policy.  The following diagram further illustrates what is available to you on Intune:

(SOURCE:  4).

7. Windows Information Protection (WIP):

This is a tool which allows your remote employees to keep separate personal and work-related information/data on their company issued devices.  The WIP can also be used to protect these particular datasets as well.  The WIP also allows you to do the following:

  • Find out what kinds of corporate data resides on endpoint devices;
  • Create data classification schemes based upon their current states of content and context;
  • Prevent accidental or malicious based data leakage;
  • Create audit reports of how your remote employees are accessing and using sensitive corporate data.

Conclusions

Overall, this article has examined some of the key security features that are either come with or are closely associated with an 0365-subscription package.  In order to get the maximum layers of security possible, it is highly recommended that use all of these Cloud based services together (of course, this is largely dependent upon the size of your business and your unique security requirements).

It is also important to keep in mind that if you don’t have your entire IT/Network infrastructure in the Cloud, now is the time to do so.  As a result, you will be able to scale resources very efficiently in times of crises, like we are seeing now with the Coronavirus.

Sources