Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing the new remote workforce


Published on

As organisations around the world face a pandemic, businesses are quickly focusing on how to overcome serious challenges. One of these is how to enable a significant portion, if not all, of our workforce to work securely from home.

Keeping people safe is at the forefront of this process. Organisations also want to keep their business and sensitive data secure at the same time. We are here to help you get a better understanding of all the security risks and learn the steps to prevent unnecessary risk.

While every organisation is different and every journey will be unique, there are a couple of approaches that allow businesses to operate in a risk-appropriate manner by enabling better access to security decisions. On this webinar recording we share some of our insights, experience and customer stories, addressing some of your queries and concerns.

See the recording at

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Securing the new remote workforce

  1. 1. Securing the new remote workforce
  2. 2. Introducing your speaker… Gavin van Nierkerk Practice Lead Modern Workplace Lead Cybersecurity Team
  3. 3. LESS THAN 3%
  4. 4. GREATER THAN 98%
  5. 5. 3%Your security designs are all focused on this being the assumption 98%98% - Your security designs need to shift focus
  6. 6. Media
  8. 8. On-premise/ private cloud
  9. 9. Approach
  10. 10. Zero Trust/Lean Trust isn’t… <what?> “Strong identity + device health + least privilege user access and verified with telemetry” LITERAL You can’t build a practical strategy around absolutes AN ADJECTIVE You aren’t going to ‘be’ Zero Trust FOR SALE There’s no such thing as ‘Zero Trust’ tech INSTANT You can’t boil the ocean A REVOLUTION Build on what you’ve got
  11. 11. Making Zero Trust a reality Do you know what <Zero Trust> is? Have you established a v-team with your stakeholders? Do you know where you are at today with your <Zero Trust> journey? Do you have buy-in from C-level? An approach to security which assumes pervasive risk How do we behave in an environment of pervasive risk? TRADITIONAL OPTIMAL ADVANCED MATURITY MODELStrong Authentication! Enrolled & Managed Devices Risk based management – Identity, Device, Session
  12. 12. Every company is at a different stage of their journey to the cloud. Maybe identity and device management are your top priorities, or you are digging into multi-factor authentication (MFA) or desktop virtualisation. Every IT leader needs to define the priorities to enable productivity from anywhere across their organisation’s workforce. We get that, and we want to help. The Journey
  13. 13. Assumptions vs. Reality Users are employees Corporate managed devices On-premises apps Corp network and firewall Local packet tracking and logs Employees, contractors, partners & customers Bring your own device Explosion of cloud apps Expanding perimeter Overwhelming source of available signal
  14. 14. Customer Questions Customer 1: How can Employees enrol their devices into device management to gain access to company resources? Risk Mitigation: Trusted devices (only). Potentially Intune Scenario 2: How can Security Teams enforce device health checks per application or service? Risk Mitigation: Trusted devices + health (Intune + Defender ATP) + secure app access (Cloud Application Security). Scenario 3: How can Employees and business guests have a secure way to access corporate resources when not using a managed device? Risk Mitigation: Non-trusted devices (Conditional Access Application Control e.g. secure email). One of the biggest benefits of Zero Trust is a change in mindset. An approach to security which treats every access attempt as if it’s originating from an untrusted network.
  15. 15. Plan
  16. 16. Major Phases Verify identity Verify device Verify access Verify services All user accounts set up for strong identity enforcement Strong identity enforced for O365 Least privilege user rights Eliminate passwords – biometric based model Device health required for SharePoint, Exchange, Teams on iOS, Android, Mac, and Windows Usage data for Application and Services Device Management required to tiered network access Internet Only for users Establish solutions for unmanaged devices Least privilege access model Device health required for wired/wireless corporate network Grow coverage in Device health requirement Service health concept Device management not required Single factor authentication to resources Capability to enforce strong identity exists Pre-Zero Trust U S E R & A C C E S S T E L E M E T RY
  17. 17. 1. Connect all apps for Single Sign On 2. Strong Authentication using Multi-Factor Auth and Risk Detection 3. Enforce Policy Based Access for breach containment Identity teams – here is your to-do list:
  18. 18. 1. Register devices with your Identity Provider 2. Implement MDM based security baselines and compliance reporting 3. Use endpoint threat detection to monitor device risk Device teams – here is your to-do list:
  19. 19. Network & Infra Security Teams – here is your to-do list: 1. Enable a Cloud Workload Protection solution across your estate 2. Reduce attack surface by enabling just-in-time 3. Use cloud-native controls to create micro-perimeters with real-time threat protection
  20. 20. 1. Agree on a label taxonomy and classify all documents and emails with the default label 2. Apply real-time protection to high risk scenarios: sensitive data and unmanaged access in apps 3. Perform Shadow IT discovery and a cloud control program Apps & Data Security Teams – here is your to-do list:
  21. 21. Next Steps
  22. 22. We have run a number assessments for customers to understand how their security models and architecture may need to change in our remote working world. We are concerned at the decreased control businesses have over their overall security posture. …and we want to help.
  23. 23. Next Steps… Take the self assessment: Assessment.html Feel free to share the results if you want and we can provide insights and guidance.
  24. 24. Next Steps… Visit our page Contact us
  25. 25. Questions?
  26. 26. Sample Architecture
  27. 27. Corporate Network Geo-location Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD Conditional Access
  28. 28. Thank you! For more information please follow contact us here: Australia Gavin van Nierkerk Practice Lead New Zealand Victor Philp Solutions Manager