“ATP, EDR, ADD, AIP, MEM, SCCM – huh?!”
After many years in the technology industry, I am astounded at how complicated technology conversations have become. From those initial meetings with potential providers discussing several products or services through to the first time, a consultant stands in front of you talking riddles with endless acronyms. After what feels like endless discussions, you are no closer to understanding how what you are hearing will help you solve business problems.
IT IS ALL TOO CONFUSING
After spending many hours in sessions like this, I have taken the time to unpack the complexities and turn them into a straightforward narrative to help individuals get the insights and information they need to make game-changing decisions.
EXAMPLE – TAKE ACRONYM SOUP OUT OF IDENTITY
So, you have landed a new role at an exciting organization. During the interview process you noted how seriously the business takes security; however, you have very little understanding of what this means to you and how you can play your part. It does not matter what role you have landed. It could range from an intern role to an executive-level position; no matter the role, security fundamentals are the same and your focus on security is critical. But what does it all mean?
Let’s start at the beginning. YOU, or… more importantly, the IDENTITY that IS you.
- Something you own
- Something you are
- Something you know
WHAT IS “IDENTITY”?
As I said, an Identity is you, or to be precise, a username, email address, and password mechanism provided by systems within your organization (On-Prem AD) or via a public cloud provider like Microsoft Azure (AAD). The organization creates your Identity before you start in your new role. You will, of course, be familiar with the concept of a username and password combination, which is required to log in to your PC or Mac.
To perform your role, you have tasks and activities to complete, which will require you to work, behave and collaborate (Teams, Zoom etc.) in a certain way. Therefore, from the moment you commence your role, you pose a potential risk (ATP, EDR, Breach, Cyber Attach, Phishing etc.) to the organization depending on the role assigned to you or the business area you work in.
My colleagues, ‘Buk’ and Edmond talked about Identity + Security recently on ‘The Late Night Brew’ which I recommend checking out to learn more.
WHAT DO I MEAN BY RISK?
One of the highest-ranking targets for attackers is your Identity. Let’s face it; if an individual can gain access to your username or password, they can imitate you and leverage your role – things you have access to – to perform activities which put the business at risk. Essentially this is the same as somebody gaining access to your bank account login or passcode. We all take precautions with our banking and investment information and use mechanisms to protect access. Procedures like an access code sent to your device or phone (something you own) to enter along with your password (MFA/CA) to confirm it is you. Unfortunately, the same risks exist without the same protections on your corporate Identity, just with potentially higher stakes (AIP, MIP, DLP).
SO, HOW DO I REDUCE THIS RISK?
The first thing to know is, your organization has likely put controls in place to protect your Identity (AIP). By doing so, the devices you use in a business capacity are managed by the organization (MEM, InTune, SCCM, Defender). The same goes for corporate AND personal devices (which access organisational applications and data). With managed devices, rules (CA) are used to check your Identity when you attempt to log in.
There are several elements involved behind the scenes, but let’s not concern ourselves with those for now. Just know your Identity is being checked (AIP) and your location confirmed (CA) as being known to the organization. If there is any doubt whatsoever, you will be asked to provide a code sent to one of your managed devices, which only you can unlock to access. For example, think FaceID or fingerprints to unlock your phone (something you are).
WHAT IF I FORGET MY PASSWORD?
The days of long and complex passwords written down on a sticky note or taped to the bottom of your laptop are gone. With the steps we have discussed, if you forget your password, you can reset it (SSPR) without assistance from IT support. Instead, you will be asked to provide your email address and then, using either a code sent to your device, or an authenticator application, enter the code and, if required, provide the answer to a question only you would know (something you know). These steps are commonly referred to as “challenges”.
For more on Password security, check out this blog by Edmund Davis ‘Pass the Passwords to the Left-Hand Side’.
SUMMING IT ALL UP – SIMPLIFYING IDENTITY
With security a core focus for all organizations and the cyber-intensive world we live in, playing your part should be simple. But, unfortunately, understanding all the underlying technologies, products, services, or acronyms, of which there are 17 at play to enable your Identity, does not help you. Understanding the risks associated with your role and behavior, however, is paramount. It still surprises me how many individuals understand the need for personal security; however, technology and acronyms make it too complex to understand and therefore, difficult to adopt when it comes to organisational security.
By explaining Identity in this way, I hope it would help shine a light on how your online profile is built and secured to make your day-to-day operational life more in line with the way you think about personal security.