The simplified journey to multi-cloud cybersecurity
Summary
- Cybersecurity never finishes — it really is a journey rather than a destination.
- As new cyber approaches and technologies emerge, managing the risks to your data and systems may feel like navigating an impossible maze.
- Microsoft provides a full array of interoperable security tools for use in any and all environments.
Chances are, your cybersecurity tools comprise a cobbled-together mix of applications and solutions. Their functions may overlap, meaning you may be paying for more than you need. Often, they don’t work together without special configuration. If this scenario sounds familiar, you could be taking on unnecessary costs and hassles and exposing your company to needless risks.
You’re not alone: Three-quarters of respondents to PwC’s 2023 Global Digital Trust Insights survey said that too much complexity in their organization poses “concerning” cyber risks. On the other hand, companies that have found ways to streamline operations have reaped the benefits of simpler cyber in terms of better cyber risk management and cyber strategy aligned to the business strategy.
Simpler cyber with PwC and Microsoft can create a more secure and cost-efficient business overall.
Principles for your journey to simpler cyber
Where to start in your quest for elegance? Realizing that modernization is a long-term commitment is key. Cybersecurity never finishes — it really is a journey rather than a destination. You’ll most certainly have pauses to review (such as after a novel cyber breach) and reset accordingly.
- Identity and access management: The ability to verify and authenticate users when they ask for access to your applications, systems or information — a fairly direct and, for many, quick trip.
- Multi-cloud security: To help keep your data well protected in your clouds — an elusive goal that’s now easier to reach.
- Zero-trust security: Continually verifying users as they move within your systems via a number of different intersecting and converging paths.
Organizations that had made significant progress in their cybersecurity were:
- 5x more likely to have streamlined operations throughout the enterprise
- 10x more likely to practice good data governance
- 11x more likely to fully understand the cyber and privacy risks their third-party relationships pose
Identity management is where you want to start. Nearly every cybersecurity failure we see is due, at least in part, to faulty identity and access management controls. A single compromised password can lead to the shutdown of IT and operations in a critical infrastructure.
Identity management may be more challenging if your organization uses multiple clouds, has been a part of mergers, acquisitions or divestitures or has multiple business functions or locations — even if you’re using Microsoft Active Directory (AD), as most companies do. If your identities are sprawled across several locations, you might consider consolidating them in Microsoft’s Azure cloud directory, Azure AD.
The good news is that you may have already taken this step without realizing it. If you have a Microsoft E3 or E5 license, use Office 365 or Azure cloud, you already have Azure Active Directory (AAD), which helps establish and manage user identities.
Your identity management in place, it’s time to embark on the route to either zero-trust or multi-cloud security. Whichever road you decide to travel at this point won’t likely matter: your choice may depend upon your business situation and goals.
If you’re using more than one cloud environment, securing your data within them may be your next move. Multi-cloud security has been an elusive “holy grail” for many companies, as their cyber teams work to navigate the parameters of each different environment. Using one solution that works across clouds can be the simplest, easiest, least costly strategy, and is now more accessible than ever.
Cloud service providers (CSPs) often don’t provide this security on their own. Typically, they protect the cloud infrastructure, the security on the cloud, but leave it up to users to control their risks of data breach within those clouds — the security in the cloud. That’s starting to change as CSPs, led by Microsoft Azure, focus their efforts on securing and protecting the data within their environments. In fact, Microsoft’s security solutions work in all the clouds.
For help securing your data and applications no matter which cloud they inhabit, consider using a multi-cloud security solution such as Microsoft’s. PwC can help to get you started.
Contrary to popular belief, zero-trust security isn’t a single stop or path on your cyber journey. The White House recently defined zero trust as having five key elements: identity, devices, networks, applications and workloads and data, and no single solution can provide everything you need to implement it.
Zero trust isn’t a solution, but a principle rooted in a "never trust, always verify" approach that uses a suite of tools to continually help authenticate and verify each user, device, action and transaction.
Because it involves a suite of solutions layered atop your identity manager — antivirus protection, mobile device and mobile application management, endpoint protection and others — zero trust is more effective when those solutions work together by design.
Too often, we find that clients’ security solutions don’t connect or communicate, making it more likely that attackers will slip through the cracks. Once inside the network, attackers can enjoy unlimited access to the organization’s most critical assets.
Smooth sailing: Moving in sync for a seamless journey
Microsoft has made a mission of providing a full array of interoperable security tools for use in any and all environments. For holders of Microsoft E3 and E5 licenses, many of these solutions are already available to you at no added cost.
Incorporate Microsoft into your security toolbox
Microsoft Azure AD provides identity management that’s secure, risk-based and adaptive, with strong authentication controls. Easy to use, Microsoft Azure AD SSO can help you manage your identities and application access from one location, and offer automated identity governance so you know only authorized users are getting in.
To strengthen the security of your clouds, Defender controls access to your critical cloud-based applications and resources, monitors and helps protect your multi-cloud workloads and streamlines threat intelligence reporting.
Microsoft Intune focuses on mobile device management (MDM) and mobile application management (MAM). With Intune you can:
- Secure, deploy and manage your users, apps and devices without disrupting business
- Support a diverse bring-your-own-devices (BYOD) policy
- Onboard, manage and report on encryption, antivirus, firewall and other security technologies to help protect work data inside your trusted apps and devices and when they go elsewhere
Microsoft Sentinel is a cloud-native security information and event management (SIEM) tool for helping manage threats enterprise-wide. Sentinel can aggregate security data from virtually any source. It uses artificial intelligence and machine learning to help distinguish security events from mere “noise,” reducing false-positive alerts (and fatigue). Its orchestration and automation features enable rapid response to threats while being able to seamlessly integrate with most project ticketing tools.
For discovering, identifying, and protecting data. Microsoft’s Information Protection services and software enable you to discover and monitor your sensitive information in motion and at rest, wherever it may reside, and to configure data protection rules and enforcement actions flexibly for your devices, applications, cloud environments, and Microsoft services and software.
Find your organization’s path
The order in which you add these tools depends on your business strategy. As mentioned above, identity is the ideal place to start. As you establish identity management, you’ll answer many of the questions you’ll need to tackle throughout your cyber journey.
As cybercriminals continually switch tactics and new cyber approaches and technologies emerge, managing the risks to your data and systems may feel like navigating an impossible maze. Instead of getting lost, why not try forging a simpler, more straightforward path to security? It will be one of the most direct paths to inspiring trust in your organization.
Be cyber-ready for tomorrow
See how PwC and Microsoft can help strengthen threat-detection capabilities.
Next and previous component will go here
