Microsoft 365 / Azure – Exploring Identity – Identity is the new security perimeter

Hi All,

Greetings for the day!

In this article we will discuss what is Identity when we discuss about Microsoft 365 and Azure Security. Identity is the new security perimeter in this new digital collaboration

What is Identity

• Microsoft defines Identity as “An identity is the set of things that define or characterize someone or something. For example, a person’s identity includes the information they use to authenticate themselves, such, as their username and password and their level of authorization.“
• For example user / person uses details like username, password, email to authenticate themselves
• An identity can be associated with user, device or application

Identity becomes the new security perimeter

• Nowadays collaboration in organizations, with partners changed a lot
• We need to collaborate or access resources from any location, any device
• Companies / organizations are allowing now working from home, this option is more suitable for most of the organizations
• Because of these changes, security becomes very important for the organizations. Old way security options are obsolete. Security is no longer only limited to On-Premises environment
• Organizations having security challenges. For example for
  • Accessing applications – like SaaS applications which is hosted outside organization network
  • Personal Devices from where users / employees access organization data
  • IOT devices installed through organization network or at customer locations
• Hence the identity become new security perimeter to meet above challenges, to secure organization assets / resources
• Identity extends security to various devices like mobile / tablets, apps and so on

Pillars of an identity infrastructure

• To manage these identities and to control how to use to access organization resources there are
  • Collection of processes
  • Technologies
  • Policies
• So when creating identity infrastructure organizations should consider following four fundamental pillars
  • Administration
    • Administration is about creation and management or governance about identities for users, devices and services
    • Administrator manages and defines details like when identities will be created, updated and deleted
  • Authentication
    • Process to prove that identity as who they say they are
  • Authorization
    • Determines the level of access an authenticated person or service has which they want to access an application or service
  • Auditing
    • This is related to tracking who does what, when, where and how
    • These includes reporting, alerts, and governance of identities
• To have very robust and comprehensive identity and access control solution organizations need to address all the above four pillars of Identity

In next article we will discuss about Identity Provider

Thanks for reading !!! Please feel free to discuss / suggestions / share thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂