There is no “one size fits all” solution.
How to start
- How do I secure user accounts from outside attacks?
- How do I secure endpoints such as laptops and smartphones and provide them with a proper security baseline in a manner that is not that time consuming?
- How do I prevent sensitive information from leaking to outside sources, or even inside your own organization? Is it possible to secure our data so that we comply with regulations and certifications?
The Human Layer
It comes to no surprise that humans are the weakest link in security. We can cause a security breach accidently thanks to not knowing how to handle sensitive information or not picking a secure password (what do you mean you can’t remember a 32-character random generated password?!). Let’s look at a couple of possibilities the Microsoft Cloud gives us to secure the Human Layer.
- Enable Multi Factor Authentication (MFA)
- Deploy Conditional Access, allow users to only login to the Microsoft Cloud when one or more conditions are met.
- Training sessions to users to ensure that security is a shared responsibility. Inform them of ways you are keeping them safe. Teach them how to spot common security discrepancies such as phishing.
- Provide the tools required for users to do their job efficiently and safely. When user needs are not met, Shadow IT can form, causing your organization to lose sight of your security.
The Endpoint Layer
The endpoint layer refers to devices connected to your organization. These can be computers and smart devices. What can you do to ensure these endpoints are secure and easy to manage?
- Is your company using the “traditional” company-owned (Mobile Device Management) or are you ready to facilitate personal devices (Mobile Application Management). Don’t you like to idea of choosing your preferred device, since you are using it every day, without compromising security?
- Enroll your devices into Intune for ease of management and applying a security and configuration baseline.
- Set a compliance policy to ensure that devices meet the demands set by your organization. Think of operating system versions, up-to-date use of anti-virus software, encryption, etc. Combine this with Conditional Access so that only compliant devices can access resources.
- Deploy software and configurations remotely, without user interaction. This ensures
software will not be installed by your users, reducing the risk of
viruses/malware. - Protect your apps by using Mobile Application Management (MAM). This gives you control of which apps are managed by your organization and what data can be shared to other apps or people.
The Information Layer
- Data Loss Prevention (DLP) is a feature that focusses on the prevention of data loss. Operates by looking for identifiable information like credit card numbers or social security numbers (and many more!). DLP protects your data at rest and will prevent your users from sharing sensitive information with unknown sources. Clients like Outlook and Teams will display a warning and/or block the user from sending data. These attempts are stored in a log database at a central location for your security administrator to investigate.
- Microsoft Information Protection gives you the possibility to classify your information using labels, encryption, and visual markings. Using labels for example, you can create separate labels for your different departments, to ensure that only the right people can access the data. If you’re subject to data retention for compliance, you can govern your data to be automatically retained for or removed after a specific amount of time.
These are just some of the products and layers when it comes to securing your Microsoft Cloud. When using our Security as a Service (SECURE.cloud) services, we will assist you in protecting what is important to you. We do this by performing an initial security scan and working with you to implement several layers of security, step by step. Let’s walk this road together. I would love to help you. Join us in the Universal Secure Cloud.
