Security for Today’s Remote Workforce, and How to Solve for Possible Security Scenarios
Security is something that applies to many things, including humans and software. People want job security, financial security, social security, security of their personal belongings – home(s), car(s), family members, pets, gadgets the list goes on.
What about software and technology assets? It’s one of the most important part of any software or any digital assets, but something that’s taken for granted – until recently. Software is the key to the 21st century gold-mine, the data. Hackers are looking for easy ways to get to the gold-mine, so it’s up to the software developers and the organizations to safeguard the software and the data they produce to save their business, their customer’s personal data and their reputation. Keeping the software and data secure enables businesses to run smoothly and provide the products and services to their customers in an un-interrupted way, so everybody will benefit in the end.
Sticky Note Password, Anyone?
There was a time when the number of software applications individuals or organizations had to deal with were a handful, where they could create a separate user-id and password for each application, and either remember them, or write-down and keep them somewhere safe (not on sticky-notes stuck around their computer monitor or desk ☹).
Those were the days, where every software development team could implement their own custom security solution to authenticate users and authorize access to different parts of the software features based on their user group/role. Organizations could restrict access to only their corporate network users and all their software applications were installed on their corporate computers and secured behind firewalls. But then things changed
Evolution of Internet: The rapid evolution of internet, websites, web applications and mobile devices (laptops, tablets, smart phones etc.,) forced organizations to open-up their internal corporate systems and data to be accessible from outside their corporate networks through these mobile devices, which necessitated building many more software applications at a faster rate that could run on all those mobile devices. With this came the necessity to de-couple custom application logic from all re-usable software components that can be bought from 3rd party software vendors and integrate with their custom-built software that would save a lot of development and testing time and the associated cost.
Identity and Access Management: This opened up opportunities for many software companies to build Identity and Access Management (IAM) software solutions using industry-standard security protocols such as OAuth2 to authorize access to different resources and enable Single Sign-On (SSO) to reduce the number of times the users need to login, and enable Multi-Factor Authentication (MFA) to increase the security and integrate with Open ID Connect to authenticate the access to resources. This is where the identity management software can be hosted on separate server(s) and enable seamless integration with any software applications very quickly and cost effectively, so the organizations can focus on building custom software solutions to meet their business, clients and customer needs. This enabled both software vendors and organizations to build and consume identity management solutions based on specific needs of the applications, so it’s a win-win for both parties.
Moving to the Cloud: Then, as software applications, data, and infrastructure started moving to the cloud, they need an identity management solution that can not only secure their on-premise software, data and systems, but also the mobile devices and all the resources in the cloud. This is where things get tricky in terms of how easily, quickly, and efficiently those resources can be secured (no matter where they are hosted and what kind of resources they are). This is where “Security as-a-Service" comes into picture.
Microsoft has built many solutions to meet those varying needs and packaged them into “Microsoft Identity Platform” hosted in their Azure cloud platform. It stands-out among the crowd to meet the needs of every organization big and small. But organizations need to clearly identify and define their specific security requirements and evaluate the solutions available in the market that meet their requirements and cost considerations, so it will save time, cost and secure their resources as needed, instead of becoming another integration nightmare.
Below are some examples of different security scenarios and Microsoft’s products to meet those requirements. There may be other similar products built by other companies which you would need to consider to determine the products that meet your specific requirements.
|Security Scenario||Microsoft's Solution|
|Enable access to corporate devices and internal resources to on-prem and remote workforce||Azure Active Directory (Azure AD)|
|Provide secure access to corporate website(s), business applications to employees, contractors and other business partners.||Azure AD and Azure AD Business-to-Business (B2B)|
|Provide secure access to public-facing website(s) that need user self-registration, sign-in/sign-out process.||Azure AD Business-to-Customer (B2C)|
|Secure Desktops, Laptops, Mobile devices, IoT devices and other hardware devices.||Microsoft Endpoint Manager and Microsoft Defender for Endpoint|
|Secure Cloud resources (applications, data and other cloud resources)||Azure AD with Role Based Access Control (RBAC)|
|Secure API endpoints||API Keys, Azure AD, B2B, B2C or other methods like Certificates, IP restrictions etc., as needed|
|Mobile Device Management||Microsoft Intune|
|Enable 2-factor or multi-factor authentication (MFA)||Enable MFA in Azure AD|
And the list goes on.
As the corporate world moves toward more remote and hybrid workforce, there will be many resources (like laptops, productivity and collaboration software, other corporate resources, data etc.,) that the remote workers need access to be productive, but those resources need to be secured at the same time to eliminate any security incidents. This is where the corporate IT support and security teams (Network Admins, System Admins, User Admins etc.,) play a significant role in striking the right balance between access vs. security using the right tools and right access controls using Single Sign-On (SSO), Multi-Factor Authentication (MFA), Role Based Access Control (RBAC), Conditional Access and Access Policies etc., so the workforce can stay secure and productive.