Q&A
Q&A with Nestori Syynimaa: Don't Neglect On-Prem Security
Cloud security in a growing work-from-home landscape should not be IT's only focus.
As the workforce continues to migrate away from the office, IT's focus is turning more and more on securing data outside the traditional physical walls of an organization. However, turning a blind eye to protecting your on-prem data can still lead to a costly disaster.
Ahead of his talk at this year's TechMentor conference, taking place Aug. 8-12 in Microsoft's Redmond, Wash., headquarters, Dr. Nestori Syynimaa is here to answer why you should always be vigilant of on-prem security, and how Azure AD and Microsoft 365 can help. And, don't forget to register and attend his deep dive into this topic during his Aug. 9 TechMentor talk, titled "Protecting Azure AD and M365 from On-prem Attacks."
Redmond: What is the No. 1 threat facing organizations and how can Azure AD and Microsoft 365 help to alleviate it?
Syynimaa: In the cloud era, identity is a new firewall. This means organizations must move their focus from the traditional network and premises protection to protecting identities. Azure AD, which Microsoft 365 relies on as an identity provider, helps organizations to protect their identities -- as long as it is configured properly and all available security features are used.
Has IT's focus on on-prem attacks lessened as remote work and the cloud continue to grow in the enterprise?
Unfortunately, yes. Organizations putting increased focus on the cloud means that less attention is given to protecting on-prem. In a hybrid identity setting, the cloud is open for on-prem originated attacks. All hybrid identity components are crucial parts in protecting identities.
"In a hybrid identity setting, the cloud is open for on-prem originated attacks."
Dr. Nestori Syynimaa, Senior Principal Security Researcher at Secureworks
How do Azure Active Directory and Microsoft 365's built-in security features work in conjunction to protect users?
The most crucial security feature is Azure AD Conditional Access. This allows organizations to limit access to their workloads granularly based on things like user identity, device and location. However, Conditional Access requires Azure AD Premium license, included in Microsoft 365 E5. Organizations without Conditional Access can rely on Security Defaults, which enforce multifactor authentication (MFA) for all users.
What is the biggest mistake you see IT shops making when implementing security for Microsoft 365 users?
They rely on default settings and are unaware of the consequences of trust. By trust, I mean all integrations to on-prem systems or external parties, including cross-tenant relationships.
What mistakes do users still make to put cloud data at risk, even if their environment is fully secured?
If the organization's security settings are not configured properly, users may share the data to outsiders by mistake. For instance, inviting an external party to Microsoft Teams may give them read-only access to organization's directory, including user and group information.