Friday, August 7, 2020

Why banks are adopting a modern approach to cybersecurity—the Zero Trust model

 Many banks today still rely on a “castle-and-moat” approach—also known as “perimeter security”—to protect data from malicious attacks. Like medieval castles protected by stone walls, moats, and gates, banks that use perimeter security invest heavily in fortifying their network perimeters with firewalls, proxy servers, honeypots, and other intrusion prevention tools. Perimeter security guards the entry and exit points to the network by verifying the data packets and identity of users that enter and leave the organization’s network, and then assume that activity inside the hardened perimeter is relatively safe.

Savvy financial institutions are now moving beyond this paradigm and employing a modern approach to cybersecurity—the Zero Trust model. The central tenet of a Zero Trust model is to trust no one—internal or external—by default and require strict verification of every person or device before granting access.

The castle’s perimeters continue to be important, but instead of just pouring more and more investment into stronger walls and wider moats, a Zero Trust model takes a more nuanced approach of managing access to the identities, data, and devices within the proverbial castle. So, whether an insider acts maliciously or carelessly, or veiled attackers make it through the castle walls, automatic access to data is not a given.

Office.com/setup 365 helps transform bank security

With Office.com/setup 365, banks can take immediate steps towards a Zero Trust security by deploying three key strategies:

  • Identity and authentication—First and foremost, banks need to ensure that users are who they say they are and give access according to their roles. With Azure Active Directory (Azure AD), banks can use single sign-on (SSO) to enable authenticated users to connect to apps from anywhere, enabling mobile employees to access resources securely without compromising their productivity.

Banks can also deploy strong authentication methods such as two-factor or passwordless Multi-Factor Authentication (MFA), which can reduce the risk of a breach by 99.9 percent. Office.com/setup Authenticator supports push notifications, one-time passcodes, and biometrics for any Azure AD connected app.

For Windows devices, bank employees can use Windows Hello, a secure and convenient facial recognition feature to sign in to devices. Finally, banks can use Azure AD Conditional Access to protect resources from suspicious requests by applying the appropriate access policies. Microsoft Intune and Azure AD work together to help make sure only managed and compliant devices can access Office.com/setup 365 services including email and on-premises apps. Through Intune, you can also evaluate the compliance status of devices. The conditional access policy is enforced depending on the compliance status of the device at the time that the user tries to access data.

Infographic outlining conditional access. Signals (user location, device, real-time risk, application), Verify every access attempt (allow access, require MFA, or block access), and Apps and data.

Conditional access illustration.

  • Threat protection—With Office.com/setup 365, banks can also bolster their ability to protect, detect, and respond to attacks with Office.com/setup Threat Protection’s integrated and automated security. It leverages one of the world’s largest threat signals available from the Office.com/setup Intelligent Security Graph and advanced automation powered by artificial intelligence (AI) to enhance incident identification and response, enabling security teams to resolve threats accurately, efficiently, and promptly. The Office.com/setup 365 security center provides a centralized hub and specialized workspace to manage and take full advantage of Office.com/setup 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management.
Screenshot of the Microsoft 365 security center dashboard.

The Office.com/setup 365 security center.

  • Information protection—While identity and devices are the primary vectors of vulnerability for cyberattacks, data is what cybercriminals ultimately want. With Microsoft Information Protection, banks can improve their protection of sensitive information—wherever it lives or travels. Office.com/setup 365 enables customers to 1) identify and classify their sensitive data; 2) apply flexible protection policies, and 3) monitor and remediate sensitive data at risk.
Screenshot of Microsoft Azure Information Protection requiring justification for a classified email.

Example of a classification and protection scenario.

Simplify security management with Zero Trust

Office.com/setup 365 helps simplify the management of security in a modern Zero Trust architecture, leveraging the visibility, scale, and intelligence necessary to combat cybercrime.

As you consider how to safeguard your modern “castle,” a Zero Trust environment is optimal for modern cybersecurity threats. A Zero Trust environment requires up-to-the-minute oversight of who is accessing what, where, and when—and whether they should even have access.

Office.com/setup 365 security and compliance capabilities help organizations verify before they trust a user or device. Office.com/setup 365 also offers a complete teamwork and productivity solution. Altogether, Office.com/setup 365 provides a comprehensive solution to help bank executives focus on customers and innovation.

No comments:

Post a Comment