Cloud Security: Authentication and Authorization

In this article, we set up a scenario to make it easier to understand how the different security aspects come together ...


In this article, we set up a scenario to make it easier to understand how the different security aspects come together and how you can take easy actions to improve your security today.  

In the modern world, the most important thing is protecting user identity. Azure Active Directory has many built-in functions that are designed to protect users against outside threats, and with a "Zero Trust" mindset, you can use this to protect your users from anywhere. 

 

Security – how are things connected?

In your home, if your window blinds (Networking Ports) are open and anyone can look in, you have little privacy, even though the doors (Active directory) and windows (Virtual network) are locked, which makes you feel secure.

If your window blinds (Networking Ports) are closed, but the door (Active Directory) is unlocked, despite your sense of privacy, which no passer-by can casually breach, you are not secure. If someone enters your unlocked door (Active Directory), your privacy, as well as your security, have been compromised.

When using the house/home analogy, the first line of defense is to know who has access to the lock and can get in? (Identity and Access Control)

After giving access, you need to control what they access in your home (Resources), how they access it, and when they access it (Access & Resource Control, also called RBAC). Then thinking of how to secure the table, chair, money (Resources) in the house, and your family members (Users) from security threats.

 

dima-pechurin-JUbjYFvCv00-unsplash

 

How do you take the first step? 

As the first action of defense is usually to secure the door (Active Directory), you need to make firm decisions regarding Authentication and Authorization.

Authentication is verifying that the person at the door with the key to open the door is really who they are (identity verification using username and password to check if this person is a member). If this person's key (username and password) checks out i.e the username and password is correct, then he/she is granted access to enter the house.
 
After allowing this user to enter the house (Authentication checks out), the next thing is to set Authorization on what they can do in the house (Environment), what room is the person allowed to enter, or which electronics, chair and table (Resources) is the person permitted to use. Successful authorization requires the implementation of a mechanism to validate individual users' needs to access resources based on a combination of role, security policy, and risk policy considerations.
 
How do you secure your users and resources in the environment?

 

Recommendation – Multi-Factor Authentication (MFA)

Given the frequency of passwords being guessed, phished, stolen with malware, or reused, it's critical to back the password with some form of strong credential.

Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It provides additional security by requiring a second form of Authentication and delivers strong Authentication via a range of easy to use authentication methods. It works by requiring two or more of the following authentication methods:

• Something you know (typically a password)

• Something you have (a trusted device that is not easily duplicated, like a phone)

• Something you are (bio-metrics)

 

Learn more about modern identity by watching our webinar on the topic. If you have any questions regarding this topic, don't hesitate to contact us. Also, we have a special offer where we assess and harden your security, check out the offering here

 

Similar posts

Get notified on news

Be the first to know about new IT insights to build or refine with the tools and knowledge you need.