Adopting Zero-Trust with Microsoft Azure – 1 Day Workshop

Adopting Zero-Trust with Microsoft Azure – 1 Day Workshop

Adopting Zero-Trust with Azure - Synopsis

 

Zero Trust has managed to both inspire and confuse the cyber security industry at the same time. A significant reason for the confusion is that Zero Trust isn’t a specific technology, but a security strategy.

Zero Trust will build on many of your existing security investments, so you may already have made progress on this journey.  Cloudneo can help shape that with you in a short, results-led workshop that unlocks and enables Zero Trust for your organisation, highlighting:

  • Describe the Zero Trust Journey and Maturity Model
  • Learn how to advance Zero Trust with your identity and user access strategy, incorporating password-less technology
  • Understanding and applying user and device compliance with Conditional Access
  • Secure Identities, devices, sessions and data on an un-trusted network with Azure and Intune
  • Map and plan your organisation’s approach for adoption and roll-out
  • Profiling your vendor technologies and roadmaps
  • Analyzing your core, perimeter and VPN networks to identify Zero-Trust capabilities

 

Schedule a workshop today

Cloud Identity and Security Assessment

Cloud Identity and Security Assessment

Cloud Identity and Security Assessment

A further addition to our core service lines, this multi-day assessment is targeted at helping customers evaluate current Cloud Identity and Security deployment patterns.  Cloudneo will carry out an analysis of your ‘current state’ and then evaluate this against best practices shared by vendors and our SMEs.  Whether your Cloud Estate is deployed on an OKTA, Microsoft Azure or Google platform, we can analyse and provide build, operations and automation benefits in short order.

This assessment is a One-week engagement with a pre-defined scope based on best practice, however we can adapt this to provide guidance on building a PoC, Pilot or full production implementation.   Typically, we will cover:

 

  • Expert analysis and report on current and desired state.
  • Cloud identity evaluation and alignment to vendor recommended practices
  • Recommendations on key areas to focus within cloud identity and security
  • Guidance provided to leadership teams, architects and system engineers.

Find out more

Start your journey today.  Get in touch to discuss our Cloud Identity and Security assessment

Capitalizing on SSO investments

Capitalizing on SSO investments

As more organizations embark on their cloud/digital transformation journey; identity, security, infrastructure, developer technologies are rated as priority workloads to design, plan & deploy.  One of key success metrics being assessed happens to be user experience.  This implies users are accessing some applications, resources, data Or at least we presume so.

Are our IT teams focussed OR should we say, STILL focussed enough on integrating applications to cloud identity platforms? Going by experience, Nah!!

Some of the key reasons for reduced focus being  operational complexity, lack of ownership, an increased  need for collaboration and stakeholder management.  Most of the cloud identity/security projects work on integrating one or few applications to prove the concept, deploy and move on. One usually misses out on passing that baton.

Though not statistically proven, I am fairly confident this would closely resemble reality.

 

 

About 50% of the organizations with one or more cloud identity platforms would probably have less than 10 applications integrated. I wouldn’t be surprised if a few amongst them are test/staging instances.

 

Let’s review the reasons behind my emphasis on integrating applications to Cloud identity platforms-

  • Single Sign on for users. This being one of the obvious benefits to ensure users can sign to all applications regardless of where they are hosted using one set of credentials.  Enable something as simple as SSO & users return the favour by enrolling & leveraging a second factor of authentication. Great trade off, one would imagine!!
  • Reduction in number of identity/authentication platforms being managed. Most organizations favour one or more of either an Active directory, LDAP Services, Federations services & other identity providers. Consolidation being the current theme, application integration to a single cloud identity platform would pave way for cost savings. These would present themselves in the form of reduced infrastructure & support spend.
  • Improvised/Automated User provisioning to various applications. Every application, be it internal OR vendor supplied would demand some kind of user information. Most of them tend to utilize a  number of custom scripts or scheduled tasks to fulfil this requirement.  If an organization has 100 applications, we are probably executing those many operations on a regular basis.  This is certainly an overkill and often leads to instances where we unknowingly build dependencies on individuals.Catering to provisioning requirements using SCIM or native methods would alleviate these challenges.
  • Increased uptime and ease of feature rollout.  As business owners procure applications, they would like users to be onboarded to these platforms in the most efficient way possible and start deriving business benefits.  On the other hand, IT teams would like this to be secure and comply to all regulations. Strategically, settling on a single cloud identity platform would aid in striking a balance between business units & IT.  Most cloud identity vendors provide a pre-defined list of applications for quicker integration.
  • Access from anywhere & securely. Once business applications are integrated, one can benefit by maximizing their investments on their cloud identity/security platforms.  Securing access to these applications, protecting underlying data, device security and identity based security become prevalent only if there are applications. Any discussions about remote access, cloud security features could be irrelevant without users consuming them via integrated applications.

    Moving on to the next set of obvious questions – How do we get there & what could be the potential challenges along the way ? Let’s begin with some stumbling blocks

    • As IT organizations mature, so does complexity & the  term *Cloud* brings about the responsibility of dealing with vendor(s).  Sometimes not just the cloud identity provider, but application vendors/developers too.
    • Understanding & navigating through the application landscape with organizations in itself is a formidable task. Most conversations, unsurprisingly end with open questions – Do we have tools OR should I rely on some kind of magic wand ? In most situations, *magic wand* tends to be replaced by a set of tools, operational interviews & long forgotten inventory.
    • Organizations tend to face another significant decision, choice of who owns this experience and work.  Is it operations OR BAU as some say OR is it a Project/Program ? This could be pretty interesting depending on the dynamics between these teams. Based on experience, project OR a partner/vendor followed by training/handover to operations would prove beneficial.
    • Training of the appropriate team members on the cloud identity platform of choice &  application integration specifics is often ignored. There is an underlying expectation on the team members to work on procedures as documented & learn on the job. This leaves the team self-learning to understand some of the basic concepts about protocols & standards like SAML, OAUTH etc. Sometimes, learning about the application, configuration of authentication requirements.
    • Lack of automation for the end to end process from request through to deployment, testing & production. There are certain elements which could be automated, there would remain a certain element of human interaction.

     Let’s now laydown an optimistic approach to leverage all the benefits listed above and more, resolve some of the blockers along the way- 

    • Discover and evaluate the application landscape.  Shadow IT discovery management is highly recommended during this phase. These can be accomplished by using existing tools, custom scripts to query current federation providers and feeding the information to the next phase.
    • Plan & Prepare – Often overused terms in project management, this implicates a lot of importance in our current scenario. Once there is application specific data , a common recommendation is to prioritize and prepare based on criteria like usage, complexity, compatibility, test patterns, provisioning, budget, resourcing, integration timelines & other significant dependencies.
    • Then comes the most awaited phase, Deploy!  Let’s encourage integrating new applications for single sign on from the very outset as an organization-wide strategy.  Collating a list of initial set of applications of varied shapes & sizes is desired. This could serve as an important tool to test patterns when we have engineers, vendors pushing towards our common goal. At Cloudneo, We have encountered organizations selecting least impactful applications initially and seen some extremely brave teams who decided to migrate the high usage ones first. Take your pick based on the organization’s risk appetite.
    • Operationalize & keep deploying, implementing , integrating! Feedback to various cloud vendors is an essential step in this journey. Not only do they benefit by reducing the integration burden for other customers, your time to market reduces for newer business applications. Application owners tend to absorb the risks and own company-wide communications. 

    As one can observe from the thoughts above, apart from having a technical acumen, being quite passionate about documenting, automating some of the operational workload achieves significance. A Program/Project Manager, who is equally passionate about process & technology would prove beneficial ? Perhaps, an interactive session with CloudNeo architects ?

     We don’t see an end to Integrating applications to cloud identity providers.it’s rather an ongoing process.                                                                     Let’s plan, prepare & deploy !

    Ananth Suraj

    Ananth is the co-founder & innovation lead at Cloudneo with extensive experience in Identity, Security, Devops and Infrastructure solutions for more than 15 years. He has worked for Microsoft in various roles, the latest being a Program Manager in the Azure Active directory Product Group. He has architected & implemented digital transformation projects across most industrial vertical across multiple geographies. He believes in consulting with purpose,absolute clarity,automation & maps business requirements to technical excellence.