Beauty in simplicity
The purpose of this article is to give you an IT planning blueprint based on two widely known entities: The National Institute of Standards and Technology (NIST) and Microsoft.
We’d also like to save you the trouble of Googling around and sifting through a dry assortment of 25-page white papers.
NIST, now part of The Commerce Department, is over 100 hundred years old and plays a vital role in supporting a wide range of industries with technology, measurements, and standards.
Learn More: About NIST
And Microsoft is front and center in the world-wide pivot to Software as a Service (SaaS).
Learn More: The Evolution of SaaS
They’re not only one of the strongest horses to bet on for the long-haul, Microsoft 365 is loaded with innovative applications that only get better every year.
Wouldn’t it be convenient to build your IT stack around a set of ubiquitous business tools, specifically designed to support NIST and its official Cybersecurity Framework (CSF)?
The next few sections feature four NIST functions mapped to four security pillars within Microsoft 365: Identity and Access Management, Threat Protection, Information Protection, and Security Management.
We’re just scratching the surface here and will only highlight a few innovations versus presenting the entire service catalog.
Hopefully, you’ll be inspired to consider aligning your technology around regulatory guidelines and solutions with staying power.
1 – Identify
Microsoft Azure Active Directory helps you keep close tabs on each one of your digital assets.
With management and provisioning capabilities that track and verify user identities, workstations, mobile devices, company data, and cloud applications, organizations benefit from a robust set of controls.
Even better, your team has Single-Sign-On (SSO) access to everything they need to do their jobs, securely, from any location, at any time.
Azure Active Directory creates protected access to all of your applications, wherever they happen to be - on a server in the office, or in several dozen clouds.
This is one of my favorite applications and it’s going to be the norm in five years.
2 – Protect
Identity management (AKA “the new firewall”) and access control are informed by machine learning technology that pulls data from billions of authentications every day.
This information is then scored by cybersecurity experts who provide real-time risk ratings for each user and device attempting to access the network.
Azure Active Directory is configurable with conditions to set parameters around your people, their devices, the apps they use, and the associated risk.
Are you located in Atlanta? Would you be suspicious if someone from Belarus was attempting a log-in?
How would you feel about someone from your team jumping on the network with a device that’s missing the latest virus protection software?
Azure Active Directory can nip all of this risky activity in the bud.
The application is also adjustable to trigger system responses based on risk level, multifactor authentication rules, device registration requirements, and repeated password submission fails.
3 - Detect
New and emerging threats are the norm in this era of nonstop digital warfare.
The dark side of the technology community is unleashing a daily torrent of anomalous activity targeting user devices, email, and identity credentials.
Microsoft 365 has you covered with an evolving multi-layered security solution that includes Windows Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for emails, attachments, and cloud file storage, and Azure ATP for identity credential attacks.
Higher-risk user behavior can be tested in cyber-attack simulations to identify and take corrective measures.
Continuous network monitoring, scanning, logging, and reporting keep a constant pulse on suspicious activities while providing actionable forensic data.
You can also proactively manage granular compliance details with Intune device monitoring.
The Intune dashboard provides visibility into global compliance for every device, including individual settings, individual policies, and individual devices.
4 – Respond
Azure Active Directory Access and Usage reports will lighten your response planning overhead with insights that reveal the effectiveness of your Azure Active Directory implementation.
If there are any gaps, you can take immediate steps to neutralize the impact of potential threats, events, or security incidents.
There’s something to be said about a solution that’s programmed to notify you whether or not you have it configured correctly.
How’s that for intelligent design?
As part of Microsoft’s commitment to protecting client data and the uptime of your services, they include a rich array of incident response tools to strengthen your risk mitigation strategy.
Resources include security incident guides, Office 365 cyber event whitepapers, and built-in reports to educate everyone on your team.
You also have the ability to initiate emergency intervention on user machines and specific files in the middle of an attack.
While 100% protection is impossible, it’s certainly empowering to know you have remedies at your disposal to contain and/or reduce the damage caused by threat actors - both inside and outside of your organization.
Safety in longevity
Microsoft and NIST are a formidable combination when it comes to increasing performance, lowering risk, and having a unified sheet of music to justify investments in business optimizing technology.
They form a collective north star. Why not benefit by following an explicit set of directions to travel a well-worn path?
If you have a technology planning committee (and any skeptics who are reluctant to approve anything), it’s incredibly powerful to reference a framework that does so much for your operations and also withstands legal scrutiny.
For a much deeper dive into the product nuances (and the source material that inspired this discussion), I encourage you to explore the following link.
Learn More: Microsoft & NIST CSF
If you have any additional questions, the ProviDyn team has decades of experience, and we look forward to guiding you.