ENCRYPTION KEY MANAGEMENT IN MICROSOFT 365
“This article previously appeared on archtis.com and is reposted with permission fromarchTIS Introduction: In an ever-evolving digital landscape, encryption stands as a formidable shield for safeguarding sensitive information. As cloud technologies and Microsoft 365 (M365) applications like Teams and SharePoint Online become ubiquitous in modern workplaces, the need for robust encryption strategies has become paramount. However, the challenges of managing encryption keys in the cloud during the transition to Microsoft 365 can be daunting. In this comprehensive guide, we will delve into the intricacies of encryption key management within the Microsoft 365 suite and explore ways to enhance data security in this dynamic ecosystem. Encryption Trends:In an era marked by stringent global data protection standards and an alarming surge in data breaches, the adoption of encryption has seen exponential growth. Organizations recognize the significance of encryption in safeguarding sensitive data from prying eyes. However, despite robust data security policies, identifying and protecting sensitive data remain daunting challenges. The Ponemon Institute’s 2021 Global Encryption Trends Study sheds light on the persistent struggle faced by organizations to identify sensitive data accurately and execute a foolproof encryption strategy. Understanding Encryption:At its core, encryption is an ingenious process that renders data unreadable to unauthorized individuals. By scrambling data using cryptographic keys, encryption ensures that even if data falls into the wrong hands, it remains incomprehensible without proper decryption. This powerful technique can be applied during data transmission (data in transit) or when data is stored on devices, servers, or cloud storage (data at rest). Understanding the nuances of encryption is essential to building an impregnable fortress around sensitive information. Encryption Key Management and BYOK:The pivotal role of encryption keys cannot be understated, as they form the backbone of data protection in any encryption strategy. Securing encryption keys is critical for enterprises, especially when utilizing cloud service providers like Microsoft Azure or Amazon Web Services (AWS) for hosting keys. Bring Your Own Key (BYOK) emerges as a game-changer in key management, allowing organizations to retain control over their encryption keys even when hosted in the cloud. Additionally, organizations can opt for Hardware Security Modules (HSMs), physical devices that fortify encryption solutions and grant absolute control over encryption keys. Enhancing Encryption in M365 and SharePoint:Within the Microsoft 365 ecosystem, dynamic encryption plays a pivotal role in ensuring compliance and protecting data. Collaboration tools like SharePoint and M365 handle a vast amount of sensitive data, making dynamic encryption an imperative to safeguard confidentiality and maintain data integrity. A leading solution in this arena is NC Protect, which offers robust capabilities to identify and safeguard sensitive data within Microsoft 365. NC Protect’s dynamic classification and access control features ensure that only authorized personnel can access sensitive documents, providing an additional layer of protection. How Encryption Works with NC Protect:NC Protect seamlessly integrates with Microsoft Purview Information Protection (MPIP) and Rights Management Services (RMS) controls to strengthen data security within M365. It effectively encrypts data at rest and empowers organizations to manage access and encryption policies across various M365 applications, including SharePoint Online and SharePoint Server. By incorporating NC Protect into your encryption strategy, you can reinforce data protection across the Microsoft 365 ecosystem. NC Protect: NC Encrypt’s Document and Column Encryption: For organizations seeking greater control over encryption keys, NC Protect’s NC Encrypt module is a game-changing solution. With NC Encrypt, organizations can exercise full control over encryption keys, even employing Bring Your Own Key (BYOK) to retain control when utilizing cloud service providers. This integration ensures that existing encryption investments are maximized, and third-party Hardware Security Modules (HSMs) can be seamlessly incorporated to add an extra layer of security. Conclusion: As the digital landscape evolves, encryption remains an essential pillar of data protection. Embracing robust encryption strategies, especially within the Microsoft 365 suite, is vital to safeguarding sensitive information in an increasingly interconnected world. By leveraging cutting-edge solutions like NC Protect and NC Encrypt, organizations can fortify their encryption key management practices, ensuring the utmost confidentiality and integrity of their data. “This article previously appeared on archtis.com and is reposted with permission fromarchTIS
Enhancing Global Collaboration and Intellectual Property Protection with Data-Centric Security
“This article previously appeared on archtis.com and is reposted with permission fromarchTIS Introduction: In an increasingly interconnected world, multinational coalition collaboration and supply chain management are essential for driving innovation, growth, and success across industries. However, these partnerships come with unique challenges, such as ensuring the security of sensitive data and safeguarding intellectual property (IP) throughout the supply chain. In this blog post, we will explore the importance of data-centric security in securing multinational coalition collaboration and protecting valuable intellectual property. Securing Multinational Coalition Collaboration with Data-Centric Security: The blog post titled “Securing Multinational Coalition Collaboration with Data-Centric Security” delves into the significance of data-centric security measures in fostering secure collaboration among diverse entities. Multinational coalitions often involve numerous stakeholders, each with their own security protocols and data management practices. To facilitate seamless collaboration, it becomes imperative to adopt a data-centric security approach. Data-centric security focuses on protecting the data itself rather than just securing the network perimeter. By implementing encryption, access controls, and data classification, sensitive information remains secure throughout its lifecycle, from creation to sharing and storage. This approach allows multinational coalition members to share data securely while ensuring that unauthorized individuals cannot access or manipulate critical information. The blog post emphasizes that data-centric security not only bolsters collaboration but also assists organizations in meeting compliance requirements, especially when data is shared across international borders. With robust data-centric security measures in place, multinational coalitions can build trust, enhance productivity, and pursue innovation confidently. Intellectual Property (IP) Protection in the Supply Chain: The second blog post, titled “Intellectual Property (IP) Protection in the Supply Chain,” focuses on safeguarding valuable intellectual property throughout complex supply chains. As companies engage with various suppliers, manufacturers, and partners, the risk of IP theft or unauthorized use of proprietary information increases. This blog post sheds light on how data-centric security can mitigate these risks and ensure IP protection at every stage of the supply chain. The blog post emphasizes the significance of classifying IP data based on its sensitivity and implementing access controls accordingly. This ensures that only authorized personnel can access the critical IP information, minimizing the chances of leaks or unauthorized use. Additionally, it discusses the role of digital rights management and watermarks in tracking and tracing the usage of IP data, providing an extra layer of protection against potential threats. IP protection should be embedded into the supply chain’s core, with companies collaborating only with trusted partners who prioritize data security. By establishing clear contractual obligations and security standards, organizations can foster a culture of data protection throughout their supply chain ecosystem. Conclusion: In conclusion, secure multinational coalition collaboration and intellectual property protection in the supply chain are crucial for organizations looking to thrive in the global marketplace. Adopting data-centric security measures enables seamless collaboration among diverse entities while safeguarding sensitive information from potential threats. By prioritizing data-centric security, businesses can create a robust framework for secure collaboration and ensure the protection of their valuable intellectual property throughout the supply chain. As the world becomes more interconnected, embracing data-centric security becomes a strategic imperative for staying competitive and safeguarding business interests. “This article previously appeared on archtis.com and is reposted with permission fromarchTIS
Security insights and trend series
On demand Webinar Series: Webinar 1 -GDPR – Know the rules, win the game“The real risks of the GDPR” ON Demand Webinar:The first of the 3 training sessions on Data Privacy (GDPR – General Data Protection Regulation) held by Jacopo Tenconi , GDPR Specialist at Primeur , an Italian multinational Company that has developed a solution dedicated to GDPR compliance, based on its over 30 years of experience in data integration.The Webinar aims to give concrete suggestions based on years of experience in the field on how to deal with the issue of GDPR Compliance in the company in a pragmatic and efficient way.During the first meeting the fundamentals will be deepened : The real risks behind the GDPRThe challenges of the GDPR that should not be overlookedA smarter GDPR managementAutomation is the key The webinars, lasting approximately 45 minutes, will be free.The webinars are mainly aimed at DPOs, corporate compliance managers, CISOs, CCOs, members of the Boards of Directors, business owners, IT Directors and all the figures who in the company are responsible for data processing and their correct protection both in B2C and B2B companies. ModerationHelmut Hubmann, Softlanding Ltd SpeakerJacopo Tenconi,GDPR Specialist at Primeur More Info about Primeur Webinar 2 -GDPR – Know the rules, win the game“Smarter Discovery needed” ON Demand Webinar: Again on the subject of GDPR, it will deal with the fundamental role of Discovery. What’s Different About Privacy-Oriented Data Discovery?In recent years it has become essential not to neglect the privacy legislation, which also requires some attention to its evolution. The Data Discovery activity allows you to create and maintain accurate records of personal data in multiple structures, allowing you to perform various types of analysis and draw meaningful conclusions in order to generate business value. What is different about privacy-driven Data Discovery?Common challenges to run Discovery across an entire IT systemAI-powered DiscoveryA pragmatic approach to Data Discovery ModerationHelmut Hubmann, Softlanding Ltd SpeakerJacopo Tenconi,GDPR Specialist at Primeur SpeakerSilvio Gerli,Professor at University Milano-Bicocca More Info about Primeur Webinar 3 -GDPR – Know the rules, win the game“From Data view to Data control” ON Demand Webinar: management of the rights of the interested party, how to speed up the fulfillment of requests? How to reduce the risk of losing some data? Data masking, GDPR criteria for pseudonymisation, concrete scenarios Rights ManagementHow to accelerate request fulfillment?How to reduce the risk of missing some data?Data MaskingGDPR criteria for pseudonymizationReal-life scenarios The webinars, lasting approximately 45 minutes, will be free.The webinars are mainly aimed at DPOs, corporate compliance managers, CISOs, CCOs, members of the Boards of Directors, business owners, IT Directors and all the figures who in the company are responsible for data processing and their correct protection both in B2C and B2B companies. ModerationHelmut Hubmann, Softlanding Ltd SpeakerJacopo Tenconi, GDPR Specialist at Primeur SpeakerSilvio Gerli, Professor at University Milano-Bicocca More Info about Primeur If you would like a Demo do not hesitate we are happy to help: Fill out my online form
Softlanding Signs a new international partnership with Primeur
The Irish based company Softlanding has signed a new partnership with the Italien company Primeur specializing in Smart Data Integration. With this new collaboration, Softlanding has further strengthened its strategy of expansion and growth with the aim of becoming the main reference point in europe and internationally in the world of Data Science and Security Primeur, an Italian multinational that for over 30 years has managed data for some of the most important national and international Fortune 500 companies, has signed a partnership for the use and resale of its Enterprise Data Integration solutions with Softlanding Ltd, an IT company based in Dublin. The know-how of Primeur is therefore merged with that of Softlanding Ltd, a company specializing in Data Science and Data Security, i.e. activities based on data analysis, security automation and regulatory compliance. For these reasons Softlanding and Primeur represent a highly strategic partnership for the data market: “The partnership with Softlanding is another great milestone for our multinational company – says Stefano Musso, CEO of Primeur Group – All our offerings and our know-how in data integration, characterized by a modular approach capable of speeding up every process and eliminating the need to replace existing applications, are now available to Softlanding and its customers. This partnership will give us the opportunity to further increase our presence in international markets with a partner in whom we have great confidence,” concludes the CEO of Primeur Group. The CEO of Softlanding Helmut Hubmann says “The partnership with Primeur is unique for Softlanding. Primeur’s solutions precisely meet the requirements of the market. A perfect symbiosis that guarantees success. This gives Softlanding the opportunity to grow even faster in the future and to deliver first-class solutions to our customers.”
Softlanding announces a Partnership with Appgate an industry leader in secure access solutions
The partnership allows Softlanding , to resell and provide services for App Gate.Helmut Hubmann, CEO at Softlanding , said, “Our customers are looking for solutions to help them with data discovery, secure collaboration, Sharepoint and TEAMS security. Our partnership with AppGate allows us to expand our security solutions portfolio to include Software Defined Perimeter,Digital Threat Protection,Risk based Authentication and offensive Services. About AppGateAn industry leader in secure access solutions changing cybersecurity for the better by making it simpler for users and operators and harder for adversaries. Secure Access to Your Network and for Your ConsumersWe work hard to master the offense, understanding how cybercriminals operate, so that we can build the best defense. Our solution
Cybersecurity Tips For 2021
2020 has proved to us all that a new year does not necessarily have to be better than the last. It could go worse, and for most of us, COVID-19 proved to be a lethal obstruction in our lives. While this a fact known to everyone, we would like to highlight some alarming piece(s) of news. Coronavirus, alone, is to be blamed for a 238% rise in cyberattacks on banks. Ransom attacks crossed 148% in the first quarter of 2020. In the first six months of 2020 alone, more than 81 international firms from 81 countries complained of data breaches. A whopping 600% increase in phishing attacks was witnessed before the arrival of March. You are highly mistaken if you feel cyberattacks like phishing attacks or data breaches are only limited to big companies and firms. You could personally fall prey to cyberattacks if you do not secure your personal information and gadgets. Take a look at the following cybersecurity tips that you must take note of and implement in the coming times. Secure passwords The era of using Password or 12345 as your password is long gone and not so hysterical anymore. Today, you have your personal and sensitive information stored in your system and your emails. Tomorrow it could be all wiped off or leaked. Firstly, make sure you do not let anyone use your computer while you are gone. Do not use predictable passwords like your name or your birthdate to make it easy for you to remember. It is also easy for hackers to crack it. Use two-factor authentication options 2FA codes are the best way to secure your online account (along with a strong password). It could be a four- or six-digit code sent on your registered phone number or email address. Whether it is your social media count or email id; make sure you enable 2FA. Antivirus software Cybersecurity breaches can happen unknowingly by clicking on “interesting” links or unknown website portals. Installing antivirus software and firewall on your system is definitely a safe and sane decision in this time and age. Make sure to purchase such software from reputed companies. Install updates Outdated software can pose a big security threat to your device. Software updates are meant to provide better security and ward off any kind of bugs that act as access to steal information. Enable automatic updates on your device to reduce cybersecurity risks. Along with staying updated on the tips mentioned above, make sure you keep your devices secure by only installing applications from trusted developers. Avoid public WiFi at all costs unless it’s an emergency and most importantly, always backup your data. These tips are simple and easy to follow. Also, they significantly reduce the risks of cybersecurity attacks.
Why vpns fail to protect industrial controls
Building management maintenance is important for data center operators. This can be done using VPN access but it has inherent limitations that make the use of VPNs risky for the safety and security of corporate networks. Covid-19 has forced businesses to rethink the working ways and has caused the propagation of a work-from-home or remote-working culture on a massive scale. Cloud-based SaaS videoconferencing and other supporting applications have made this transition a smooth one and allowed the corporate workforce to remain productive. The real problem is now being faced by the exceptionally skilled technical workers who require system access which is possible only on highly-secure corporate networks like industrial building management systems. Managers also have to ensure that only authorized personnel are granted access to these systems. Till 2019, access to the systems was only possible if the employee was present on-site. The travel restrictions and social distancing measures that were put in place in 2020 have strained these employees and created potential risks that are critical to operations. For building management system maintenance, earlier the data center operators allowed access through traditional VPN software. But this software has limitations such as vulnerability to common attack vectors and the complexity and difficulty in managing these VPNs. Also, in most cases, dynamic access is not allowed based on user context and conditions. Owing to these problems, many data center operators are now looking for suitable alternatives to the more traditional VPNs. One of the best answers for such data center operators who manage sensitive industrial systems is the Software-Defined Perimeter (SDP). One of the biggest advantages offered by SDP is the ability to enforce least privilege access to third party organizations. In contrast to a VPN, SDP based access allows employees to work on specific systems which are a part of the support contractor’s agreement, without giving them access to the entire network. For example, if a contractor is responsible for the maintenance of wireless humidity and temperature sensors of a data center, that contractor can be given limited access to the relevant servers without allowing access to the other building management systems. SDP also has a feature that allows the data center operators to determine whether or not a system is sufficiently updated and secured to access the network. These additional security and audit controls provide much better safety access control than traditional VPNs. All in all, The traditional VPNs are no longer suitable for dynamic and multi-dimensional access control for industrial building management systems.
Why Get Serious About Zero Trust Security
Zero Trust is one of the latest buzzwords in cybersecurity. However, it is one of the efficient tools to deal with today’s sophisticated threats. Zero trust is a security model that requires all users to be authorized, authenticated, and continuously validating security posture and configuration, before being given access to data or apps. Simply put, the users and devices, both inside and outside the network, are considered untrustworthy (even they have passwords to access). The trust is vulnerability in a zero trust model. That’s why this concept is known as zero trust. Even a trusted and familiar user needs to get verified to get access. Zero trust can be incorporated through multifactor authentication identity and access management, and endpoint security technology to validate the user’s identity. For example, an OTP is sent to the registered number of a user once he logs in using their password. However, Zero Trust can only be successful if organizations can continuously monitor and validate that a user and his device has the right attributes and privileges. Single validation simply won’t be sufficient, because threats and user attributes are likely to change. Therefore, organizations should ensure that all access requests are continuously screened before allowing connection to any of your organization or virtual accounts. The implement of Zero Trust policies mainly relies on real-time visibility into user attributes such as user identity, endpoint hardware system, path levels, OS versions, and user logins. Why Get Serious about Zero Trust Security Zero Trust is one of the essential measures to control access to applications, data, and networks. It integrates a wide range of preventative techniques such as endpoint security, least privilege controls, identity verification, and micro-segmentation to prevent potential attackers and restrict their access in the event of a data incident. This security layer is important as organizations often increase their number of endpoints within their network and increase their infrastructure to cover cloud-based applications and servers. Zero trust networks let access rights only when it is more than important, verifying all request to link to its systems before approving access. Minimizing security perimeters into tiny zones to create distinct access to various parts of the network minimizes lateral access across the network. Finally, by strengthening the network and limiting user access, Zero Trust security aids the organization prevents breaches and reduce potential damages. This is an important preventive measure as the attack might be launched by the users inside.
What is Pass-The-Hash Attack? How to Prevent It?
In a Pass-the-Hash or PtH attack, a threat actor steals a password and without decoding it, reuses it to manipulate an authentication system into creating a new authenticated session on the same network. To carry out a pass the hash attack, the threat actor first captures the hashes from the targeted networking using certain hash dumping tools. Then they use a pass the hash tool to lace the captured hashes on a Local Security. This often tricks a Window’s authentication system into considering that the malicious actor’s endpoint is that of the genuine user. This way, it will pass the required credentials when the attacker attempts to access the target network. And they don’t need the real password to do that. PTH attacks leverage the authentication protocol, as the passwords have remained static for all session until it is rotated. Threat actors commonly capture hashes by scraping the active memory of a system and other tools. While PTH attacks commonly occur in Windows-based systems, Linux, UNIX, and other platforms are not immune to this attack. In Windows, PTH leverages SSO or Single Sign-On through NT Lan Manager NTLM, Kerberos, and other authentication processes. Whenever a password is created on a Windows system, it is often hashed and stored in the SAM (Security Accounts Manager), LSASS (Local Security Authority Subsystem) process memory, the Credential Manager store, and an ntds. dit database in Active Directory, or elsewhere. Therefore, when you log into a Windows workstation or server, you leave behind your passwords. How to Deal with Pass the Hash Attack? To make a PtH attack successful, an attacker has to gain local administrative access on a system (PC) to capture the hash. Once the perpetrator gets into the system, they can meet their purpose easily, stealing more passwords. Incorporating the following security practices can help eliminate, or at least reduce the impact of a Pass the Hash attack: Having the least Privilege Security System: It can reduce the possibility, and minimize the effect of a PTH attack, by minimizing a threat actor’s capability to get privileged access and permissions. Removing needless admin rights will be a long term solution to minimize the risk of PTH and many other security threats. Implying Password Management Solutions: Make sure to rotate your passwords frequently. You can automate password rotation after each privileged session. It will help you block PTH attacks. Separating Privileged and Non-Privileged Accounts: In this practice, different types of non-privileged accounts and privileged accounts are separated. It can minimize the attacker’s reach to the administrator accounts and thereby, minimize the risk for compromise, as well as the risk for lateral activity.
What is a Global Catalog Server?
A feature of Active Directory (AD) domain controllers, the global catalog allows a domain controller to provide detailed information on all the objects in the forest, independent of whether the object in consideration is a member of the domain controller’s domain. If the global catalog feature is enabled with a domain controller, that domain controller can be termed a global catalog server. A global catalog server performs several functions that are required in a multi-domain forest environment. Two of the most important functions of a global catalog server are described below: Authentication – A domain controller processes the authentication request and provides information related to the authorization for all the groups for which the user account is a member. This authentication information is included in the user access token generated by the system. Object Search – The directory structure of a forest is made transparent by the global catalog for users who are performing a search operation. Active directory partitions Understanding how the Active Directory (AD) database is structured will help us in understanding how a global catalog works. The AD database is stored in a single file named NTDS.dit by the domain controllers. The database itself is separated into partitions which facilitate efficient replication and simplify the administration of the database. Each domain controller has at least three partitions: Domain Partition which stores information on the domain’s objects and their attributes Configuration Partition which stores information on the forest topology, domain controllers, and site links Schema Partition which stores definitions of every object class of the forest and the rules which determine the creation and use of those objects Additionally, Application Partitions may also be maintained in the domain controllers which store information pertaining to AD-integrated apps and any object type except for the security principles. Deployment of global catalog servers Upon successful creation of a new domain, the first domain controller becomes a global catalog server. Enabling the Global Catalog checkbox in the NTDS Settings of the server allows the configuration of additional domain controllers as global catalogs. There are two ways to do this: Access the Active Directory Sites and Services management console Set-ADObject PowerShell cmdlet by inserting the following code: Set-ADObject -Identity (Get-ADDomainController -Server ).NTDSSettingsObjectDN -Replace @{options=’1′} Every domain which is a part of the forest should contain at least one global catalog server. This will remove the need to have an authenticating domain controller that communicates along the length and breadth of the network in order to retrieve global catalog information. Where it is not possible or feasible to deploy a global catalog server for a domain, Universal Group Membership caching can be enabled to reduce network traffic related to authentication. It will also allow logon authentication when communication with a global catalog server is not possible from within the remote site.