Identity-based attacks are on the rise, as cybercriminals leverage security gaps exposed by pandemic pressures. With many companies compelled to shift their entire workforce offsite in a matter of weeks — and then create ways for staff to work effectively at a distance — speed, often at the expense of reduced security, became the primary operational focus. This opened the door to identity-based breaches as attackers capitalized on the digital divide between onsite defenses and offsite deployment.
Cloud-based identity and access management (IAM) tools offer a way to authenticate individuals trying to access solutions remotely, and help organizations ensure they’re opening resources to the right people at the right time.
By one estimate, 79 percent of companies have experienced an identity-related breach in the last two years. What’s more, 70 percent of those surveyed by the Identity Defined Security Alliance say they’re only “somewhat confident” in their ability to defend against an identity-based attack.
The COVID-19 pandemic has called this crisis into sharper focus: Since February 2020, COVID-related phishing attacks have increased by 667 percent. Overall, phishing remains the primary identity attack vector, with two thirds of breaches tied to broad campaigns or spearphishing, while 32 percent of enterprises say stolen credentials have caused corporate compromise.
DISCOVER: Dive deeper into identity protection tools.
The Key to Cloud-Based Identity Management
Making the transition to secure work-from-home and back-to-office initiatives is possible, however, with a robust IAM solution. And while there’s no hard and fast framework for finding out exactly who’s who on corporate networks, there is a way to streamline this process: the cloud.
By leveraging the scalable, on-demand resources of trusted cloud providers, companies can access a host of IAM tools that allow them to detect, dissect and defend potential identity threats. The caveat? According to Computer Weekly, “good IAM hygiene” is critical to ensure these tools are living up to their protective potential.
While cloud-based IAM solutions offer the benefit of fast, frictionless identity frameworks, they’re only effective if businesses apply security best practices, such as the principle of least privilege, and leverage the long-tail benefits of zero-trust techniques.
The Azure Approach to Identity Management
As noted by Kent Compton, a principal solution architect on CDW’s Integrated Technology Solutions Hybrid Infrastructure team, “customers are showing more and more interest in reducing their on-premises footprint. The whole idea of on-prem servers is now less interesting, since they must provide an infrastructure back to these resources. Internet-based Software as a Service apps eliminate that requirement.”
To help companies empower their IAM transition, Microsoft Azure offers key solutions, including:
- Azure Active Directory: Azure Active Directory provides the same robust security as Microsoft’s on-premises Active Directory solution, but as Compton explains, “Azure has no geographic or resource limitations. As an IT Administrator, with Azure AD you only have to worry about the user accounts and what resources they should have access to. It eliminates the typical concerns about how many domain controllers are needed, which locations need to have them and purging AD’s incremental log files.”
- Azure AD Multi-Factor Authentication: “When IAM shifts to the cloud,” says Compton, “we recommend coupling it with multifactor authentication.” Azure AD Multi-Factor Authentication is a first-party Microsoft service that leverages Azure AD Connect and Azure AD Application Proxy to provide authentication and access back into web-based applications and empower secure user access.
Even better? Azure AD Multi-Factor Authentication also leverages machine learning to enable conditional access, allowing IT admins to set rules for when users receive MFA prompts. According to Compton, “this helps eliminate ‘prompt fatigue’ that would otherwise occur every time a user logs in or uses an application.”
- Hybrid authentication: Azure AD also offers the potential for passwordless, hybrid authentication using the FIDO2 framework. For Compton, this represents the next generation of IAM: “Using a token-based system that prompts you on your phone or your Windows Hello–enabled computer eliminates the need for remembering your password. Just lay down your finger or show your face.”
- Automatic account provisioning: Compton points to the Azure AD provisioning service to streamline IAM. “The service takes HR-entered user information and provides an automated means for creating accounts automatically in AD or Azure AD. That information can also be used dynamically to create and add users to the appropriate groups.”
With cloud-based Azure solutions, enterprises get more than just digital locks — they gain real-time visibility into who’s knocking on the door, what they want and why they’re asking.
Brought to you by: