Security: a multi-layered issue requiring a multifaceted strategy.
Security is an accepted part of any business strategy, but few truly understand just how multifaceted and multi-layered organisational security can be. Because a business has multiple layers of access,it has multiple points entry that require security solutions – merely addressing one layer is not enough to secure the organisation against all threats, although many businesses seem to think that such an approach is good enough.
Perhaps the ideal metaphor is that security is much like an onion: it is composed of a multitude of layers and if it is handled in the wrong manner, it can make you cry.
Thus if an enterprise wishes to avoid such tears, it needs to ensure that the four distinct security layers are all addressed. These layers are composed of: Identity; Data; Access; and Devices. True security involves not only addressing each of these layers, but also ensuring that each level is kept up to date, is properly managed and intertwines with the other levels to create a holistic security picture.
Such intertwining can best be achieved through utilising Microsoft’s Active Directory Domain Services. Active Directory is a cornerstone in both securing your environment and in making it possible to effectively manage this environment. Although Active Directory is almost ubiquitous in businesses today, it is quite often not utilised as effectively as it could be, ultimately turning it from an advantage into an Achilles’ heel.
As security specialists, Inobits will, as a first step in a holistic security solution, ensure that a client’s Active Directory is properly maintained, managed and organised, in order for the four layers of security to be effectively implemented. It will then also assist in the implementation, management and maintenance of each of the following four security layers.
Layer one: IDENTITY
In a nutshell, identity is all about the digital representations of people used for security purposes, and the management of this identity information. Inobits addresses the critical issue of Identity Lifecycle Management, which deals with the creation of, changes to and deletion of a corporate identity.This also encompasses the synchronising of identity information across multiple sources within the organisation, the facilitation of secure self-service and the delegated administration of identities, reporting and the management of privacy issues related to such an identity.
There are four technologies Inobits offers in this space:
• Forefront Identity Manager (FIM)
• Identity and Access Management
• Microsoft BHOLD
With these tools, we can produce an identity management solution that is customised to the particular needs of individual customers, but which nonetheless easily integrates into their existing identity repositories.
Layer two: DATA
The key to data security lies in controlling access to the actual data, in order to ensure that authorised personnel are able to access it when they need it, while unauthorised access cannot occur.
Active Directory can be used to control permissions and authorisations around the use of resources, and in addition to this, Azure Rights Management Services allows files to be locked down as needed. It can also specify who may have access to it in such a way as to ensure that even if an unauthorised person physically has the file, they are unable to view it.
The third solution in the data security armoury is Access Governance. This allows users access to a variety of tools that can – depending on individual requirements – be applied to monitor, audit and control exactly who in an organisation has access to sensitive data.
Layer three: ACCESS
This aspect of security focuses on controlling how people make use of corporate infrastructure and how they validate their identities before being allowed access to this.
The most critical tool that supports access security is Active Directory Federation Services (ADFS), which enables users from partner organisations to authenticate themselves on your system, using their native credentials to gain access to selected resources in your infrastructure. Such a tool is ideal for business-to-business deals or joint ventures.
The second tool is Azure Multi-Factor Authentication (MFA), which allows an organisation to strengthen its authentication methods beyond the traditional username and password combination. This could, for example, include users requiring a personal identity number (PIN) in order to gain access to a particular system.
In addition, Inobits also supports various access gateways for the secure publishing of connections to internal applications and servers and is able to implement various firewall solutions at the edge of the network, for true perimeter protection.
Layer four: DEVICES
The proliferation of personal mobile devices within organisations means that securing these endpoint devices has become one of the single most crucial aspects of organisational security. In addition, it is equally critical to ensure that these devices are managed in such a way as to eliminate potential security threats.
Once again, Active Directory is the ideal tool to control access to such devices.
Its Group Policy Objects (GPO) feature is designed to enable the effective management of company policies, while its Systems Centre Configuration Manager (SCCM) feature allows a security provider like Inobits to remotely control the configuration of computers within an organisation’s infrastructure. This includes Windows clients, Windows servers and even Apple and Linux computers.
SCCM can thus be used to automatically configure devices according to standard configurations, while ensuring that all required updates are deployed. It can even provide inventory information regarding what hardware and software configurations are deployed on a device. This means warning can be given when unauthorised software is run, thereby preventing the introduction of security risks through such practice.
Furthermore, the Desired Configuration Management (DCM) feature allows you to specify the required configuration of any computer in the business, with regard to hardware, software, settings and – if a deviation is detected – can either alert a line manager or automatically revert the machine back to the configuration desired by company policy. Finally, there is Systems Centre Endpoint Protection (SCEP), which is Microsoft’s anti-malware protection solution. It provides enterprise-grade protection against viruses and other malware and is managed via Configuration Manager. Windows In Tune, meanwhile is an additional, cloud-based tool for those organisations that need to manage the configuration and security of devices that primarily connect via the Internet, such as mobile devices for roaming users.
Inobits has a complete understanding of each of the four layers of security and the relevant technologies required to ensure their effective implementation.
In addition, Inobits specialises in unlocking and managing those security features that are built into Windows 7and 8 and Server 2012 and are included in the purchase thereof, but are often not switched on, meaning the buyer does not obtain full value for their money.
Examples of such features include BitLocker, Disk Encryption, and AppLocker, which enables the company to comprehensively lock down computers in such a way as to prevent unauthorised usage taking place, thereby preventing the potential introduction of security risks.
Furthermore, Inobits understands what is perhaps the single most critical aspect of any security implementation, namely that any security solution consists not only of the technology required, but equally of the people and processes involved in its operation.
Thus we will not only assist clients in choosing and implementing the most appropriate technology for their security needs, but also help them in the development and implementation of the necessary processes, procedures and policies, to ensure their infrastructure is used and managed in a way that continually facilitates security.
In addition, Inobits can assist a client’s IT staff to develop the skills required for such management of the security stack, as well as the skills needed for the implementation of the policies and processes that ensure that users utilise the IT infrastructure securely at all times.
As complete security specialists, Inobits can provide a complete assessment of your existing security environment, as well as develop a roadmap to take you from this point to your desired state of security. Moreover, we understand that development and implementation are only two sides of a security triangle – the other one being the need to keep the environment secure on an ongoing basis.
To this end, Inobits offers a managed services capability whereby we will perform the security management function for the client, either in part or as a whole, on behalf of the customer. This managed services offering encompasses onsite people through periodic health checks and maintenance – on a weekly or monthly basis – as well as remote management and monitoring services. These services are designed to enable proactive detection of potential issues, in order to resolve these before they become real challenges.