The Traditional Perimeter is Dead. Now What? Hugh Simpson-Wells, CEO, Oxford Computer Group

Traditional security, such as firewall, is based on the idea that there is an inside and an outside, and that a secure perimeter will keep things safe.

But the cloud doesn’t have an inside and an outside. A perimeter is useless!

Organizations are having to rethink and undergo a security transformation.

In the cloud-hybrid world, users expect access from any device, from anywhere.

• You can protect corporate data in the cloud or cloud-hybrid world in many ways.

• The best foundation is a reliable identity management infrastructure.

• Solid identity governance will assess risk and compliance.

• “Perimeter thinking” is not appropriate for cloud. What replaces it is a set of processes including access management, DLP, mobile device management, and threat management.

The New Perimeter

Corporate

Data

Threat

management

Access

management

Cloud app

security Data loss

prevention

Mobile

device

management

Identity Management and Governance

When people expect access from anywhere, on any device, identity is all you have left to control!

• Dashboards and reports for stakeholders (IT Ops, Security, GRC) so they can drill down and fix issues.

• Signals can be used to generate a risk score (location, device state, atypical behavior) rather than a static decision (job title, group membership).

• Analytics in real time (immediate risk score), rather than merely forensic (a log to review after the fact).

• Remediation in real time (install a fix, step up MFA, block access), rather than after the fact (take that person out of that group).

Characteristics of Identity Technologies

Organizations can increase their rate of change while staying in control

Policy examples:

• “HR data is only accessible to HR staff on corporate managed devices over a trusted network”

• “Users can access their own email from any device in any location”

To apply such a policy we need to know these “signals”:

• Who you are, verified by an authentication process

• What device you are on and how trustworthy it is

• Where you are and how you are connected

The technologies exist not only to meet these needs, and hence control access, but also take account of past behavior and provide a risk score.

Identity: Who, What and Where

• Active Directory

• Azure Active Directory

• AD Federation Services

• Pass-Through Authentication

• Microsoft Identity Manager

• Privileged Identity Management

• Privileged Access Management

• Identity Protection

• Conditional access

• Exchange DLP

• Office and OneDrive DLP

• BitLocker

• Azure Security Center

• Azure Application Proxy

• Windows Hello for Business

Here are Just a Few Microsoft Security-Related Technologies, Products and Features!

• Device Guard

• Credential Guard

• Kerberos Armoring

• Microsoft Passport

• Microsoft Certificate Manager

• Windows Defender Advanced Threat Protection

• Advanced Threat Analytics

• Cloud Application Security

• System Center Configuration Manager

• Intune and Lookout (Mobile device management)

• Information Protection (DLP: Classification and Encryption)

• Operations Management Suite

• View this recording of my recent Security Transformation webinar

• Attend a 3-day Security Transformation training course

• Discover more about Oxford Computer Group, an award-winning identity consultancy

How will you transform your security? Not sure? Here’s some help:

Thanks for reading! Hugh Simpson-Wells, CEO, Oxford Computer Group oxfordcomputergroup.com