From a Microsoft Azure Active Directory perspective, there are two approaches to MFA:
1. A laser accurate approach specific to the application in the Azure blade using conditional access
2. A global approach managed through the “Multi-factor authentication” page via Office 365
While every year brings new challenges for CIOs, CTOs, IT teams, and businesses overall in the expanding digital landscape, there are also countless opportunities to learn how to overcome those challenges with new technology and approaches. With the numerous Boston technology conferences available, businesses can learn more about the industry and opportunities from experts, peers, and specialists.
In a recent HFS/Accenture Study of 460 enterprise operational executives from across the globe, 96 percent of respondents said predictive decisions based on real-time data are the biggest drivers impacting business. This sample is a clear indication of the impact of operational intelligence in a data-driven world.
Businesses today are built around information technologies that drive strategy and operations. Consequently, IT has had to evolve from reactive to proactive by leveraging operational information via real-time data monitoring and management systems.
As data with enterprises and in the cloud grows exponentially, organizations continue to look for ways to harness it and glean diverse insights to help meet business goals. While there are numerous tools for managing and monitoring data, few can provide a universal approach across all data sources, both on-premise and in the cloud.
As organizations have moved more and more critical applications, workloads and services to the cloud, I am often asked by clients to help them review their overall cloud strategy and architecture from a best practices and security point of view.
As we're several years into this cloud migration for most organizations, a lot of things have changed regarding how they leverage the cloud, the type of applications and services they need to be able to provide and how they control and monitor access to resources. No two organizations are exactly the same, but more often than not, the underlying fundamentals are consistent across organizations.
The definition of “shelfware” from TechTarget:
“Slang for software that a company buys because of a perceived need or demand but never uses; hence, it sits on the shelf.”
This definition should be expanded to include software that was purchased for a legitimate need, implemented to serve that need, and then allowed to stagnate until it’s no longer used or useful. There are many reasons why this stagnation happens:
Password complexity has been touted for some time to prevent identity theft. Especially in an Active Directory environment. Typical password complexity rules in Active Directory are:
Navigating today’s threat landscape and ensuring security in the public cloud is more important than ever. When it comes to AWS security best practices, businesses must start with an understanding of the AWS Shared Responsibility Model. Unfortunately, many companies don’t fully understand that shared model and who is responsible for what, despite the AWS clear statement:
Editor’s note: This article is an excerpt from the Essential Guide to IT Security Strategy.
Businesses in the digital age can no longer rely on disconnected security tools, alongside robust protocols and policies, to avoid increasing IT security threats. The development of a proactive and multidimensional strategy for securing data and your organization’s IT infrastructure is built on well-developed security policies, and overall strategy. However, the first step toward developing that security strategy is to conduct a thorough and in-depth threat assessment.
