[Editor’s Note: Know This, Do This is a blog series from System Soft Technologies. What is this series for? It’s a cycle of articles that take you on a journey, exploring ways innovative technology can help leaders drive transformation and growth.]
Know This: Leaders continue to work through the evolution of how business can survive and prosper in a COVID-19 world. Making matters worse, the World Health Organization estimates cybercrime has increased five-fold during the pandemic. And, compliance requirements (e.g., GDPR, HIPAA, PCI, PHI, et al) keep evolving and intensifying.
Yet, there’s good news. It’s conceivable that leveraging the cloud and doing so in a secure way may be just the weapon needed for these daunting times.
In this edition, we outline five areas of focus to make certain your cloud-driven business strategy can be achieved in a secure and compliant manner.
Do This: Make sure you’re taking the right steps to secure your cloud environment and ensure regulatory compliance, if applicable. Be vigilant and proactive in implementing the following five recommendations. Doing so increases the chances of business success and reduces the possibility of being a cloud security victim.
Don’t Wait for a Wake-Up Call
It’s been more than a year since Capital One suffered a data breach, exposing personal information on 106 million customers. But the lessons from this episode are as timely as ever.
The $80 million penalty assessed by the Office of the Comptroller of the Currency earlier this month against the bank for its security lapse highlights how serious regulatory risk data-integrity issues can be. Especially those that involve cloud computing.
The breach didn’t just cost Capital One tens of millions. This breach damaged the bank’s brand and its reputation. It disrupted operations. And, because of the personal information breach, the legal ramifications have been significant.
In today’s hyper-connected world, these cyberattacks are a looming threat for many organizations and their leaders. There’s a way, though, to protect your hypersensitive data in the cloud, saving your brand, revenue and customer experience.
System Soft Technologies’ (SSTech) Microsoft Practice recommends the following five actions. It enables you to get the most out of the transformational opportunities through Microsoft’s secure cloud platform, Azure.
1. Enforce a Cloud Governance Plan
We can’t emphasize enough the importance of a plan for not only getting to the cloud, but one for what you do once you get there.
Did you know that 99% of exploited vulnerabilities are known by security and IT professionals for at least one year in advance? Let that sink in for a moment. These are not zero-day exploits being taken advantage of.
The first step to implementing a Governance Plan is to establish a Cloud Steering Team. These are the key business and technical stakeholders who will be responsible for making the decisions of what, where, when and how your organization will leverage the cloud.
Next, the team can focus on cloud governance policies and practices in such areas as:
- Who can create new resources?
- What types of resources can they create?
- At start up, are those resources in the most secure configuration?
- For how long can those resources run?
- How will costs be tracked and controlled?
- Are all new cloud resources established in alignment with security standards and guidelines?
- Are cloud resources consistent with architectural standards and integration requirements?
A final note on the Cloud Governance Plan. If you’re already in the cloud, you still need one.
2. Protect Identities with Multi-Factor Authentication
Accounts enabled with Multi-factor Authentication (MFA) are 99.9% less likely to be compromised, according to Microsoft.
Also, do yourself a favor. Don’t leverage text messages as an authentication method. Leverage an application, such as Microsoft Authenticator. It’s cross-platform supports applications outside of the Microsoft ecosystem, and it’s free. Most importantly, it’s much more secure than texts. If you don’t like the Microsoft application, there are plenty of others to choose from.
Additionally, look at the reports detailing user logins. Are they logging in from Florida and then from Russia 30 minutes later? Does it take them 20 attempts to get a correct password? Are your users suddenly showing changes in behavior patterns like unexpectedly downloading large amounts of sensitive data? These types of activities can indicate you’ve been compromised.
3. Check the Secure Score
Microsoft allows you to measure your organization’s security posture against selected best practices.
You can review your current score and compare it with similarly sized organizations. The Secure Score generates a list of recommendations to improve your security posture, such as enabling MFA for users with Global Admin rights. You can then view suggested improvement actions and implement a plan for remediation.
4. Secure those Endpoints
It’s critical to have visibility into all endpoints accessing your corporate network. Ideally, you only want healthy and compliant devices to access corporate resources.
Configuring a device security posture denies access to vulnerable and/or compromised devices. Because of the forced shift to remote work, more than 50% of organizations report a greater variety of endpoints.
Microsoft Endpoint Manager unifies the premise capabilities of System Center Configuration Manager, the cloud management tools of Intune, and the deployment ease of Autopilot.
5. Implement Windows Virtual Desktop
The shift to remote work can be especially concerning for your users who access sensitive and confidential data. Virtual Private Networks (VPN) alone may not be enough to secure your data. A recent ZDNET article reports that VPN passwords are becoming a growing target.
Implementing Windows Virtual Desktop allows you to rapidly give users access to a secure desktop environment. From there, they can access sensitive information.
So, know this. Cloud security is “not” a contradiction in terms.
Microsoft gives you the foundation of a secure-by-design environment, spanning across 100 extremely secure facilities worldwide. Built-in security controls, identity management, monitoring, auditing and reporting capabilities are created on top of this foundation.
Endpoint Management, Threat Management, and a host of other solutions deliver even more security capabilities.
So, do this.
Start with your Cloud Governance plan. Get your Cloud Steering Team in place. Determine your standards and policies. Then, monitor implementation and compliance.
If you’re already in the cloud, that’s great. But Cloud Governance is not just for people looking to go to the cloud. It’s a must for those who are already there.
Establish that you’re protecting user identities by implementing Multi-factor Authentication. Protect your access points into the corporate network. Consider Windows Virtual Desktop for users with access to confidential information.
Finally, know that it’s always a good idea to take along a knowledgeable travel buddy on your cloud journey. Team up with a cloud expert like System Soft Technologies, which can help your organization every step of the way to fully realize a secure cloud.
Interested in learning more? SSTech is a Gold Certified Microsoft Partner. We can help your organization with the cloud and cloud security.
About the Author: Eric Leonard
Eric Leonard serves as Microsoft Practice Leader at System Soft Technologies. Eric, a Microsoft maven, knows cloud offerings inside and out when it comes to business drivers and what builds business value for organizations investing in Microsoft solutions. And, because he’s adept at communicating and presenting, he loves to talk about it.