This article is part 2 of a series of articles that will focus on the Business Value of Microsoft Azure. Microsoft Azure provides a variety of cloud based technologies that can enable organizations in a variety of ways. Rather than focusing on the technical aspects of Microsoft Azure (there’s plenty of that content out there) this series will focus on business situations and how Microsoft Azure services can benefit.
There are many risks that businesses and governmental entities face when it comes to data loss. Most have taken steps to do things like encrypt hard drives, enforce password change policies and limit the use of consumer oriented applications like Facebook. However, one the biggest gaps that exist has emerged as a result of the prevalence of Software as a Service (SaaS) solutions. These cloud based systems require little to no IT involvement to get up and running. A consequence of this ease of deployment is that countless new opportunities for compromise emerge.
Let’s take something like a file sharing service. Whether it’s Dropbox, box, or some other solution, an individual in an organization can quickly set it up with a username and password and begin sharing files inside or outside the organization. In most cases this isn’t carried out by a nefarious user with malicious intent. Rather, it’s set up to address a specific business need. Perhaps it’s a new product catalog and price list that’s too large to send to distributors via email. While this sounds good on the surface, let’s fast forward six months…
Six months after the service has been in use there are now a couple dozen fellow employees using the service, all with an individual username and password. The CIO finally becomes aware of this because he gets a link shared with him from one of his employees that takes him to a file in a box account. He immediately spots a problem – what happens if one of these employees leave?
Now, there are a variety of solutions to this problem. First, the CIO could disable access to box and prevent users from using the service. OneDrive for Business, part of Office 365 could be implemented as a secure, enterprise alternative. However, what if the CIO didn’t want to take away this service, but have more control over it. Is there a solution?
Enter Microsoft Azure Active Directory. Microsoft Azure Active Directory provides a variety of services to the enterprise that can help our CIO. First and foremost is the Access Panel portal for Single Sign On (SSO) based access to SaaS applications. This allows the CIO to configure access to box so that the user actually uses their standard Active Directory credential to authenticate against box. This also means that when that employee leaves or is terminated and their Active Directory account is disabled…so too is their access to box!
In addition to the Access Panel, another key feature is something called Azure Active Directory Cloud App Discovery. This service allows a small agent to be deployed to an end user workstation which allows for access to various cloud services to be monitored. This is a huge benefit to IT organizations because they:
There are many other reasons for organizations to look at Azure Active Directory, but this is the first one that pops into mind whenever I think about security risks and simple ways to reduce exposure while still providing end-users with access to the productivity applications they desire.