Quick wins for remote working
Moving to a Zero Trust security model isn’t an overnight exercise, however if you’re looking to improve your security for your remote workforce there are some quick wins which you can implement to dramatically improve your security without significant time and expense.
These quick-wins are based around identity — which is the best foundation for a Zero Trust model as all access requests require an identity to be authenticated and will form the bedrock of your security posture.
Multi-factor authentication
Implementing strong authentication with Azure AD and multi-factor authentication (MFA) is the best starting point to quickly improve user verification and your security.
MFA allows users to add a second form of identity verification to their accounts in addition to their password — such as their phone, security key or biometric identifier. Therefore, if their password becomes compromised, the requirement for a secondary form of verification will ensure their account remains secure and access will be denied to the attacker using the stolen credentials.
Around 90% of cyber-attacks rely on compromised passwords and businesses of all sizes are targets. Weak passwords are easy for hackers to crack with phishing scams, spray attacks and credential-stuffing — so it’s vital that every organisation takes this threat extremely seriously.
MFA reduces the risk of an account being compromised by 99.9%, which is why it is critical that your organisation implements it as soon as possible.
Conditional Access
With remote workers outside the company network and potentially using personal devices, how do you determine whether or not an access request can be trusted?
The answer is Azure AD Conditional Access. When any access request is made, conditional access evaluates a range of signals associated with the request before deciding whether to allow, restrict or block access. The decision is made by an enforcement engine which assesses whether the signals meet the requirements of the granular access policies which you set for your organisation — hence the term ‘conditional’.
Some of the signals include:
- User identity
- Access rights
- Device health
- Application safety
- Network safety
- Data sensitivity
- Real-time risk
The decision doesn’t have to be as simple as only ‘block access’ or ‘grant access’. Depending on the policies you set, access may only be granted subject to multi-factor authentication or a device being marked as compliant. You can decide exactly what conditions have to be met for a user to be able to access specific company resources.
By implementing Conditional Access and setting granular access policies, you can benefit from dynamic and conditionally-granted access decisions that are based on an intelligent assessment and an understanding of the risk associated with every access request across your organisation — preventing hackers from moving laterally across the network using stolen credentials.
Single sign-on
Single sign-on (SSO) is a quick-win that massively improves both user productivity and security.
Your remote workers likely need to access multiple apps throughout the day. Rather than having to manage multiple passwords and log in repeatedly, you can set up SSO to ensure staff only have to authenticate once using their main corporate credentials to access all their apps —extending your robust security policies across both company and third party apps.
Azure AD Application Proxy
If your organisation has any on-premise web applications, it’s likely that you’ll need your distributed workforce to be able to easily access the apps remotely.
Azure AD Application Proxy is a feature which enables users to authenticate once with a single sign-on to Azure AD, allowing easy and secure access to your on-premise applications through an external URL — just like when they access Microsoft 365 and the other SaaS applications which you’ve registered for SSO.
Users don’t need to use a VPN, reverse proxy or open inbound connections through your firewall. App Proxy provides a secure connection which can utilise Conditional Access and MFA. Because App Proxy runs in the cloud, it’s simple to use and doesn’t require any infrastructure alterations or changes to your on-premise environment.