A severe cybersecurity incident is the most dangerous risk most companies face. It is the greatest threat to a company’s ability to deliver for its customers, and so it’s value. This is second of a series of posts about cybersecurity risk, and how you can reduce it to give customers and investors confidence.
Hackers don’t break in, they login. Most security incidents in log monitoring tools relate to threat actors trying to steal digital identities (such as a Microsoft 365 or Google Workspace user account) so that they can simply login. To protect your company’s digital identities, and provide a great user experience to your staff, there are several defensive layers that need to be configured. The foundational first layer is robust identity management and Single Sign-On (SSO), well integrated into the employee lifecycle.
The benefits are numerous:
A single place to enforce certain conditions before granting access, enabling significant automation of the IT aspects of the employee lifecycle.
Staff get a single 'work’ login, that works seamlessly everywhere.
A single stream of logs for a security team to monitor, so that identity theft can be identified faster and shut down.
The logical steps are easy, but the devil is in the details, and you will need to be able to iterate continuously to tweak and improve.
Review the user accounts in your core system (usually Microsoft 365 or Google Workspace). Disable inactive accounts immediately.
Review Microsoft/Google licensing to make sure you have the necessary features available. This is the time to decide if you want to go down the Microsoft or Google route – both have their pros and cons, and it is not uncommon to have both with one as a primary and the other as a secondary for more limited use.
Setup conditional access controls to define policies about which applications can be accessed by who, from where, using what devices and authentication methods.
Setup SSO for your most critical core applications (think Finance system, HR System, CRM, Password manager) to enforce those conditional access controls across your critical systems.
Setup an HR system and integrate with your core identity system so that the HR system drives provisioning and de-provisioning of users and updates the user profile with attributes from the HR system. Users can then be automatically moved into security groups (and thus assigned access and have controls applied) based on those profile attributes. This links the user lifecycle to the employee lifecycle and results in much better access control, often enabling managers and HR to cut system access without needing IT support.
SSO price plans in software as a service (SaaS) applications can be costly for some organisations. A cost-effective alternative is using a corporate password manager accessed via SSO. This method securely stores user credentials and leverages SSO benefits. It reduces costs, improves security with random strong passwords, and streamlines the user experience while maintaining productivity.
Most people know the importance of enforcing multifactor authentication and yet many still don’t enforce it. Different multifactor authentication methods are also not equally effective. Setting up proper identity management and SSO is the foundation stone for all the other cybersecurity hardening measures you put in place and the only way you can be sure that the right level of multifactor authentication and access control is being applied to your most critical systems.
If you are navigating some of these challenges at the moment we can help. Our mission is to help you reduce your cyber risk, and so our help can be in whatever form is most helpful to you, from conducting an assessment of your current setup, to advising on system architecture and config, introducing trusted partners, training up staff or helping with op model development or hiring. Please reach out below 👇