When I outlined the five identity priorities for 2020, the world was a very different place. Since then, the COVID-1 9 pandemic has forever varied how organizations operate their businesses. It’s also altered the style “were working”, learn, and collaborate. What hasn’t changed is the critical role identity plays in helping organizations to be secure and productive.
Yesterday, we shared the progress we’ve stimulated with our integrated security, conformity, identity, and handling answers. Identity alone has grown at an unprecedented pace–from 300 million monthly active consumers( MAU) in March 2020 to 425 million today. Organizations around the world have accelerated the adoption of security and collaboration apps. But behind these numbers are tales of clients looks just like you, operating tirelessly to help your organizations stay ahead.
As I prepare for our traditional client co-innovation week and reflect on our customers’ challenges and business goals, I want to share our five identity priorities for this year. Many of the recommendations I outlined last year still apply. In fact, they’re even more relevant as organisations approving the new normal of flexible working while bad actors continue to master sophisticated cyber onslaught techniques. Our 2021 recommendations will assist you strengthen your identity and security foundations for the long term, so you can be ready for whatever comes next.
1. Trust in Zero Trust
Zero Trust is back this year, but this time it’s at the top of the list. The “assume breach” mentality of Zero Trust has become a business imperative. Organizations need to harden their defenses to give employees the flexibility to work from anywhere, applying applications that live outside of traditional corporate network protections. When the pandemic reach last year, we worked side by side with many of you. We noticed that organizations already on their Zero Trust journey had an easier time transitioning to remote job and strengthening their ability to fend off sophisticated attacks.
The good news is that 94 percentage of the security leaders we polled last July told us they had already embarked on a Zero Trust journey. Wherever you are on your journey, we recommend constructing identity the foundation of your approach. You can protect against credentials compromise with vital tool like multifactor authentication( MFA) and is conducive to innovations like risk assessment in Identity Protection, continuous access evaluation, Intune app-protection policies, as well as Microsoft Azure Active Directory( Azure AD) Application Proxy and Microsoft Tunnel.
Looking ahead, as more services act like people by operating applications( via API calls or automation) and accessing or changing data, fasten them using the same principles: make sure they only get access to the data they need, when they need it, and protect their credentials from misuse.
2. Have secured all apps
This was our top recommendation last year, and it couldn’t be more critical today. The growing in app usage with Azure AD shows that organizations are connecting more apps to single sign-on. While this provides seamless and secure access to more apps, the best experience will come from connecting all apps to Azure AD so people can complete all work-related duties from home and stay safer during the course of its pandemic. Connecting all apps to Azure AD also simplifies the identity lifecycle, tightens controls, and minimise the use of weak passwords. The result is stronger security at a lower cost: Forrester calculates that such a move can save an average enterprise nearly USD two million over three years.
Azure AD app gallery includes thousands of pre-integrated apps that simplify deployment of single sign-on and user provisioning. If you want to extend MFA and Conditional Access to legacy on-premises apps, including header-based apps, use Azure AD Application Proxy or an integrated answer from one of our secure hybrid access collaborators. With our migration tools, you can modernize authentication of all apps and retire your ADFS implementation. This will help prevent assaults that are particularly difficult to detect in on-premises identity systems.
It’s also important to limit the number of admins who can manage apps across your organization, to protect privileged reports with MFA and Conditional Access, and to require just-in-time( JIT) altitude into admin roles with Privileged Identity Management.
Where to start: Learn how to use Azure AD to connect your workforce to all the apps they need.
3. Go passwordless
We’ll keep recur the mantra “Go passwordless” as long as passwords remain difficult for people to remember and easy for hackers to guess or steal. Since last year we’ve seen great progress: in May, we shared that over 150 million consumers across Azure AD and Microsoft consumer reports were utilizing passwordless authentication. By November, passwordless usage in Azure AD alone had grown by more than 50 percent year-over-year across Windows Hello for Business, Microsoft Authenticator, and FIDO2 security keys from partners like AuthenTrend, Feitian, or Yubico.
Passwordless authentication can minimise or eliminate many identity assault vectors, including those exploited in the most sophisticated cyberattacks. At a minimum, running passwordless should be non-negotiable for admin-level reports. Moreover, furnishing employees with a fast, easy sign-in experience saves period and reduces annoyance. Forrester estimates that consolidating to a single identity solution and one set of credentials saves each employee 10 minutes per week on average, or more than 40 hours a year. Imagine additional savings from not having to reset passwords or mitigate phishing attacks.
Where to start: Read the Forrester Report,” The Total Economic Impact Of Securing Apps With Microsoft Azure Active Directory .”
Because onslaughts on applications are growing, it’s important to go a pace beyond integrating apps with Azure AD to deploying apps that are secure by design. Build secure authentication into the apps you write yourself applying the Microsoft Authentication Library( MSAL ). Ideally, apps should go passwordless too, so ensure they’re using strong credentials like certificates. If your apps treated with other Microsoft services, take advantage of the identity APIs in Microsoft Graph. Whenever possible, pick third-party apps from verified publishers. Since publisher verification badges make it easier be decided whether an app comes from an authentic source, foster your ISV spouses to become substantiated publishers if they haven’t already.
Since most apps ask to access company data, administrators may choose to review consent requests before awarding permissions. While neglecting to review requests is a security risk, doing it for every single app used by every single employee takes too much time and costs too much. Fortunately, new features like app consent policies and admin consent workflow help avoid the extreme options of reviewing all requests or delegating full responsibility to employees. Regularly review your apps portfolio and take action on overprivileged, suspicious, or inactive apps.
Where to start: Update your applications to use Microsoft Authentication Library and Microsoft Graph API, adopted app consent policies and publisher verification practices, and follow identity platform best practises.
5. Break collaboration bounds
We know that spouses, customers, and frontline laborers is essential in order to your business. They, too, need simple and secure access to apps and resources, so they can collaborate and be productive, while administrators need visibility and controls to protect sensitive data.
Simplify collaboration for external customers with intuitive self-service sign-up flows and the convenience of using their existing email or social account. For frontline employees, Azure AD offers simple access, through sign-in with a one-time SMS passcode, which eliminates the need to remember new credentials. For frontline administrators, the My Staff portal induces it easy to set up SMS sign-in, to reset passwords, and to grant access to resources and shared devices without relying on help desk or IT.
Visibility and control are easier to achieve when managing all identities applying a common toolset. You can apply the same Conditional Access policies for fine-grained access control to services, resources, and apps. By setting up access review campaigns, or using automated access examines for all guest customers in Microsoft Teams and Microsoft 365 groups, you can ensure that external guests don’t overstay their welcome and simply retrieves resources they need.
Get started on the future now: Explore verifiable credentials
During the pandemic, you’ve had to support not only remote work but also remote recruiting. People usually show up to an interview with documentation in hand that substantiates their identity and qualifications. It’s more complicated to vet candidates remotely, specially when hiring needs to happen quickly–for example, in the case of essential workers.
Microsoft and industry-leading ID verification collaborators are pushing the frontier of identity by transforming existing ID verification practices with open standards for verifiable credentials and decentralized identifiers. Verifiable credentials are the digital equivalent of documents like driver’s licenses, passports, and diplomas. In this paradigm, individuals can verify a credential with an ID verification partner once, then add it to Microsoft Authenticator( and other compatible wallets) and use it everywhere in a trustworthy behaviour. For instance, a gig employee can verify their driver’s license and painting digitally, and then use it to get hired by a ride-sharing service and a food delivery company.
Such an approach can improve verification while protecting privacy across the identity lifecycle: onboarding, activating credentials, securing be made available to apps and services, and recovering lost or forgotten credentials. We’re piloting this technology with clients like the National Health Service in the UK and MilGears, a program of the United States Department of Defense that helps service members and veterans enroll in higher education and jumpstart their civilian careers.
Where to start: Watch our Microsoft Ignite session on Decentralized Identity and join the Decentralized Identity Foundation.
Whether your top priority is modernizing your infrastructure and apps or implementing a Zero Trust security strategy, we are committed to helping you every step of the lane. Please send us your feedback so we know what identity innovations you need to keep moving forward on your digital change journey.
Read more: microsoft.com