ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
18 December 2019

Digital transformation: How Microsoft is helping CISOs maintain security – Sian John Summit Keynote 2019

  • Cyber security
  • Azure Sentinel
Mathew Richards

How can CISOs adapt to the security risks caused by digital transformation? Microsoft have been working on an answer…

CISOs wear many hats, but perhaps the main challenge they face is knowing how they can support the organisation on its digital transformation journey – enabling ever higher levels of productivity, while maintaining the highest possible security posture.

It’s not a productivity vs. security trade-off equation anymore. It’s about mitigating risk and achieving both; by balancing the security tools you need, integrated with the productivity tools you want.

At our most recent Identity and Security Summit, Sian John, Microsoft’s Chief Security Advisor for EMEA and APAC, outlined the affect digital transformation is having on our traditional security processes. She also highlighted the key new Microsoft tools and security innovations that will help organisations boost cyber defence across the entire kill-chain.

Let’s take a closer look at what she had to say…

 

Digital transformation = security transformation

“86% of CEOs believe technology will transform their business more than any other global trend.” – PwC’s 22nd Annual Global CEO Survey

The world we live in is becoming increasingly complex and this complexity filters down into all organisations. Examples of how evolving technologies and changing consumer behaviours drive the need for digital transformation include:

  • The rising expectations of digital consumers
  • The pace of innovation and cloud app adoption
  • Born-in-the-cloud compactors and disruptors
  • The exponential growth of IoT and connected devices
  • Ever increasing demands for workplace mobility
  • Strengthening data privacy laws and regulations

It’s important to think about the knock-on effect that a rapidly transforming enterprise can have on the IT team and its ability to properly protect all assets. It’s getting harder and harder by the day it seems.

As Sian told us: “If you want to determine the threat landscape, what you need to do is look at the current technology landscape and how that’s evolving – when we unlock a new capability then you can expect exploits and risks to come with that.”

The challenge security teams need to tackle is how to evolve their security services to keep pace with both the organisation and the evolving threat landscape to avoid stifling productivity. And how can they speed-up the development of new security controls to mitigate risks caused by digital transformation.

The graphic below captures it all nicely. For CISOs, the first two arrows are unavoidable, but you’ll want to find ways to move the third arrow over to the left as much as possible, so you can close that security gap and reduce the threat impact from adopting new technology.

Looking at a typical digital transformation scenario in a modern enterprise-level organisation can help you put that idea into context.

Digital transformation drives a change


New software-as-a-service (SaaS) applications in the Cloud provide opportunities for “Business X” to better engage with customers, improve collaboration, empower employees, optimise operations and bring new products to market.

“Business X” needs to digitally transform to maintain competitive advantage.

The organisation responds


To respond, “Business X” starts to rapidly adopt SaaS cloud applications to increase collaboration and agility – SaaS provides rapid value without many of the challenges of traditional software deployment and maintenance.

The amount of applications in use on “Business X’” infrastructure has doubled over the last 18 months.

How do security teams respond?


The perimeter has moved!

“Business X” now needs to protect data and identities that are outside of its traditional corporate network. The threat landscape has also vastly increased from the rapid increase in accessibility and end-points.

How does “Business X” control user access to its sensitive information through all of these external applications? The security teams need new more advanced ways to manage security!

There is a knock-on effect from digital transformation that CISOs and security professionals need to be aware of and keep up with.

 

The secure productive enterprise

Microsoft understand this issue and they’ve been working hard on agile and intelligent solutions for the ‘secure productive enterprise’, based on three key principles:

Enforcing risk-based access to protect your data

The premise of this principle is simple. Identity is the new control plane, now that the traditional security perimeter is gone. You have to set security measures at the point of user access. Playing it safe and locking down all users and devices to the highest security level has too great an impact on productivity – and gives CISOs a massive headache.

In reality, security teams need to be much more granular when it comes to securing access. They need to start scoring access requests based on individual user risks, such as:

  • What is their role? (are they an admin / senior level?)
  • Is the user in a location where you expect them to be?
  • What are they trying to access?
  • On what device? (is that device managed and secure?)

Microsoft have developed conditional access as the solution to scoring user risk level. It’s a clever tool that looks at how, where, when, what and why a user is requesting access – and then sets a level of risk accordingly.

If the login scores medium to high risk (you can control these levels within your Azure Portal) then the access request triggers a range of “controls” that are predetermined by your organisation. It can mean access is blocked entirely, the user may be prompted to reset their password, or a second level of authentication (such as MFA) might be triggered to prove the legitimacy of the user.

Watch conditional access and multi-factor authentication webinar

View 'Safeguard your data and applications with conditional access controls and multi-factor authentication' and discover:

  • Why conditional access and MFA technologies are essential
  • What actions you can take right now to mitigate the risk of a breach
Watch on-demand now

Automating threat detection and remediation amidst big data

Perhaps the area where digital transformation has had the biggest impact on cyber security controls is inside your SOCs and SIEMs.

There’s a big data problem that’s been generated out of digital transformation. If organisations have a traditional SOC in place, CISOs are now coming to Microsoft’s saying that it’s becoming harder and harder to root out the false positives and cut through the noise of alerts.

With the rise of cloud apps and multiple cloud tenants, mobile devices and external threat intelligence data, SOCs are simply struggling to deal with the sheer volume of data and logs. How can you identify the real threats? You can’t simply choose to monitor all logs.

For example, choosing to monitor Azure logs alone, in a large organisation, would mean petabytes of data – a good SOC might last 2-3 hours at best before it falls over.

Many SOCs and SIEMs have not evolved to help solve the big data problem yet. There are two common practices within SOCs and SIEMs that make this worse.

  • Data hoarding: Keeping logs ‘just in case’ for forensics and investigation processes, without a plan on why, what to keep and for how long.
  • Data duplication: Copying logs and data out of third-party apps and systems onto your server in order to protect copies all in one place (again ‘just in case’). There are obviously good reasons why organisations need to do this, and it’s not necessarily a bad thing – but ensure you do it with a plan.

All this extra data can be extremely costly both in terms of data consumption and lost productivity. With the big data issue, you get an increase in the amount of ‘noise’ you have to sift through in order to find ‘real’ threats, and there are latency and throughput issues with processing such vast amounts of data.

An additional challenge lies in identifying how you can best use your highly skilled security professionals – eliminating repetitive work that can be automated by a machine, freeing your team up for real investigative and response work.

As digital transformation fundamentally changes an organisation’s operations, the traditional SOC must also adapt to keep up.

Getting around the big data problem in security

Microsoft have invested heavily in intelligent threat detection and response solutions over the last two years.

They have used their vast array of telemetry data to build machine learning and artificial intelligence (AI) into their own security systems. This allows them to use probability, correlation and a range of other techniques to root out and act quickly on the real threats – ignoring the noise.

Microsoft’s latest security tool allows ‘connections’ into all your apps and systems, so you can get insights and call up data only when you need it. You don’t need to bring all the logs into your SIEM – the data is held within the original app (not duplicated / hoarded) and you can just call on it as and when.

This tool is called Azure Sentinel – a next generation SIEM solution that combines orchestration and automation to support your security goals. Think of it as a SIEM and a SOAR in one!

“With this machine learning and AI in place, Sentinel provides an effective method of rooting through logs to help you surface and act on only the most important threats.”

Sentinel sits within your Azure portal. It focuses on enabling you to consume security related data from almost any source, removing the need to manage complex and costly infrastructure components – whilst providing a highly scalable platform as organisations grow and digitally transform.

Sentinel uses machine learning and AI to surface important insights based on the data your organisation is consuming – through a wide catalogue of available connectors.

Native connectors exist for all key Microsoft sources, together with a range of native third party connectors, which include technologies from AWS, Symantec, Barracuda, Cisco and others.

With this machine learning and AI in place, Sentinel provides an effective method of rooting through logs to help you surface and act on only the most important threats.

Webinar: Azure Sentinel Demo - See Microsoft’s security tool in action

See how Sentinel can help you identify and stop threats before they have the opportunity to cause damage. You'll learn:

  • What Sentinel does, how it works – and how you can harness the power of AI
  • How its unique features can help you revolutionise your security operations
Watch now

Automate security orchestration and threat response

Comprehensive hunting and investigative capabilities are also provided in Azure Sentinel to help you automate and expedite your response to potential attacks.

This helps CISOs also deal with the cyber security skills gap. Automating the response to common threats saves time for your security pros and it allows them more quality time to get on with investigating and responding to more complex threats.

If you can train a machine to do a lot of these repetitive processes, then you absolutely should be doing so, both to save your security pros the stress of constantly trawling through logs and to provide a little more job satisfaction.

The challenge here, however, will be around balance, as the CISO asks themselves, “How do I optimise my SOC and reduce alert fatigue without running the risk of missing important threats?”

 

Conclusion

Security needs to evolve to deal with increasing digital transformation. It needs to find a way to proactively engage with all areas of the business whilst becoming more agile through utilising identity as the new control plane, intelligent risk-based access controls, machine learning, automation and AI.

Sian summarised, “As organisations go through more and more digital transformation it gets faster – the problem [with security teams playing catch-up] is only going to get worse. So [security teams] need to look at how they can be agile enough to keep up with a world that is moving much quicker now.”

For a more in depth look at the pressures digital transformation is putting onto modern security approaches you can watch Sian’s entire keynote video on-demand now.

You may also like...

Blog

How to identify and block legacy authentication – and begin the move to a passwordless future

Blog

Patch and protect against the Windows cryptographic vulnerability with Microsoft Defender ATP

Blog

Microsoft Ignite 2019 – Identity and security highlights

Recent Blog Articles

View All
Author
Mathew Richards
Head of Mobility & Security
Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.