Cloud security is a constant concern for organizations of every size. Stopping malicious actors from accessing your company’s systems and data is a top priority, but is made difficult by the number of different exploit techniques coupled with the sophistication of the attacks. One area of particular concern is legitimately compromised user credentials. For example, if a password I use frequently (maybe even a strong one) is exposed in a breach of an e-commerce company. The malicious actor located in Moscow who obtains this userID (likely an email of mine) and password then does a quick lookup on LinkedIn and finds that I work at Daymark. From here, the exploit is obvious. They now have a legitimate username and password combination and while we do employ multi-factor, there are constant threats to that.Read More
As COVID forced organizations around the world to send their workforce home, creating the work from home (WFH) phenomenon, IT and security teams rapidly focused on Zero Trust approaches to security to mitigate challenges of enabling secure remote work. Modern workplace employees are getting their work done any way they can these days – using personal devices, sharing data through new services, maxing out home WiFi, and collaborating outside the confines of traditional corporate network security. It has created an IT balancing act between security and WFH productivity.Read More
Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “Ask the Engineer Q&A Roundtable” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions.Read More
It’s a crazy time out there. Businesses have been mandated by state governments to enable employees to work from home. Literally overnight, there have been massive shifts to connect people remotely. Suddenly even your grandparents know what Zoom is!
Microsoft Teams is playing an integral part in facilitating remote communication and collaboration. Most companies with Office 365 subscriptions already have licenses for this product, but just now are really rushed to enable Teams for the massive increase of remote workers.Read More
On February 11 2020, Microsoft released a patch for Exchange Servers that would fix a vulnerability pertaining to unauthorized access to the backend of the Exchange Control Panel. There is now confirmation from a source at the United States Department of Defense that multiple nation-state backed actors and other ransomware gangs are actively and maliciously exploiting this vulnerability on unpatched systems. The vulnerability results from the Exchange Server failing to properly create unique cryptographic keys at the time of installation. The hackers’ sophisticated exploits circumvent encryption, granting them full access of the server.
It is imperative that the latest patches from February 11th be applied as even a single Exchange instance puts you at risk.Read More
Microsoft has a well-known yearly user conference in Orlando called Ignite. But did you know there is a smaller, free version of this conference? Microsoft Ignite The Tour is set to hit 30 cities around the world in 2020, including two U.S. cities: Washington DC, Feb 6-7th and Chicago, April 15-16th.
I had the benefit of attending the first 2020 event in Toronto earlier this month. In this blog, I’ll review the unique format of this event and share my personal highlights. Hopefully, I’m able to convince a few admins and business users to attend.
Microsoft Teams is the cloud-based collaboration solution in the Office 365 suite that integrates business messaging, calling, video meetings and file sharing. It is Microsoft’s replacement for Skype for Business.Read More
Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies login from Dallas and immediately sends an IT security alert.Read More
Why Office 365?
The speed of business is requiring IT to create, secure, and scale resilient services, prompting enterprises to move away from on-premises data centers to the cloud. Microsoft Office 365 (O365) is an attractive option for organizations that need to innovate at what feels like “escape velocity” speeds.Read More
The benefits of migrating applications to Microsoft’s Azure cloud make a very compelling business case – agility, scalability, a pay for what you use cost model, etc. But as you move workloads to Azure, don’t assume they are automatically protected, because while Azure does ensure a secure infrastructure, you are responsible for ensuring protection of your data – not Microsoft.
It’s all detailed in Microsoft’s Shared Responsibility Security Model. Understanding where the Shared Responsibility model starts and stops is critical to ensuring your data is secure and compliant. Here are some key considerations:Read More