Review common challenges with BYOD, network perimeter expansion, and the cloud.
- [Instructor] Traditionally we looked at the firewall as the perimeter to the network. Everything that was inside the firewall was something we had control of, everything that was outside of the firewall was outside of our control, and as a result, because it was outside of our control we kept all the data, all the applications, everything we cared about inside the firewall. Now that we're moving to cloud applications to cloud services to provide key components to the enterprise IT infrastructure, we can no longer count on the firewall to be that boundary. If you look at Office 365, for example, all of our email, all of our data that's stored in SharePoint and other applications is all in the cloud and, of course, it's all outside of the firewall.
And because people are accessing that, not only from company managed devices, but from devices that they own or that they're using, we need to be able to manage data and manage how people access that regardless of where they're working from or how they're working. And so now, we need to look at, in addition to the location on or off the network, we need to look at what data they're accessing, who they are, of course, do they even need access, and where they're accessing that data from, take all those inputs together and then make risk-based decisions about what people can do.
There are a few different risks that we'll talk about that apply as we think about how data exists in the cloud now and is outside the network. Passwords being compromised is something that's been around for a long time. It's certainly gotten highlighted a lot more in recent time, especially you see lists of stolen credentials that are on the internet, bad actors are able to purchase these, and make targeted attacks to try and compromise someone's account and then get on to a network. Before, at least, when you had the firewall as a boundary, the attacker first had to get through that firewall and on to the network.
But now with cloud applications, of course, being accessible from the public internet, simply making those accessible with a user name and password puts it at a much higher level of risk. People choosing to work from whatever device they want to, whether it's their phone, a tablet, a personal laptop, a company issued laptop, all these different permutations add a significant number of risks that we need the control for because we know that no matter how hard we try, chances are that company data will land on all these devices and, of course, we don't manage them. So when someone asks you the question of well, where is my data? It's really hard to answer that question because we don't even know what devices it's on.
So now we need to figure out how can we protect the data regardless of where it is. Before, when the business needed a new IT service they would come to IT, they would present the requirements and it could take weeks, months, or even years for IT to be able to fulfill that request from planning, to risk mitigation, to the actual implementation, whereas, today with the cloud, someone in the business needs something, they can pull out their corporate credit card and go purchase a cloud service that fulfills the requirements and be on their way in a matter of minutes. This is great from a productivity standpoint but from the perspective of the business, when you look at this from a risk perspective, this is really bad because now people can go purchase a service, start putting sensitive information in there and IT can do nothing to manage the risks that are associated with that.
So how do we control what cloud applications people are using, but also enable them to onboard new cloud applications when they need to in a secure and compliant manner. And speaking of compliance, regulatory compliance is always the elephant in the room. You have obligations to governments, you have obligations to your customers, to your business partners, to your shareholders, and you need to meet those requirements. As data is moved to the cloud, how we meet those compliance requirements has to evolve. For some people, they look at compliance as a blocker to the cloud so that things can stay the way they always have been.
Unfortunately that's not a model that's going to scale, so instead, we need to look at our requirements, look at the cloud services that we're going to use, that we're already using, and talk about well, how do we take our existing controls and extend them or how do we create new controls that we can establish to meet those compliance requirements. These are just a few examples of some of the different problems that the cloud brings, and as the boundary of the network has evolved and the cloud has become the new reality, we have to evolve so that we can meet those requirements.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security