Conditional Access: Here’s What You Need to Know
You only need to pick up the newspaper or watch Tamara on the 7 pm news to see how much coverage recent cyber attacks in Australia have received.
It is easy to pass judgement that hackers are more cunning. Or is something else at play?
Here’s the thing, you’ve walked past desks with post-its taped to the monitor. How often is that post-it note a colleague’s password? It’s astonishing that this still happens in offices across Melbourne.
That would be like leaving the final team list in the opposition MCG’s change rooms on Grand Final day. You’re giving away your tactics and making it a cakewalk. Imagine Chris Scott casually leaving the final list for John Longmire to find last September. Although, the way the swans played it wouldn’t have made a difference.
Truthfully, many Australians have been too lax about cybersecurity for too long. For example, 61% of office workers reuse the same password across multiple websites, apps and platforms.
And 81% of security breaches can be traced to stolen or weak passwords You know that you expose yourself to hacking by not changing your password regularly and having a different password for each login. But, surprisingly. 43% of people still share their passwords. So you can see how these cyber security basics lead to data breaches.
Media reports suggest that a former employee’s login was stolen due to a weak password in the Medibank Private hacking. And once the cybercrook has an employee’s login, they can access your system and any data it holds.
Many businesses rely on cloud-based tools, like Microsoft 365 and Google Workspace, to support remote and hybrid working. But this leaves your business vulnerable. That’s why access and identity management is a priority for many Melbourne businesses.
Once a cybercriminal obtains an employee’s login, they can remotely access their account and any data it contains.
Here’s how to reduce cyber threats with conditional access and introduce
multi-factor authentication (MFA).
What is conditional access?
Conditional access (aka. contextual access) is the method of controlling user access. Perhaps the easiest way to understand it is a series of “if/then” statements. So, “if” this thing is present, “then” do this.
For example, conditional access allows your business to create a rule like, “If the user login is from outside Australia, you must enter a one-time passcode.”
Conditional access allows you to add conditions to user access to your IT systems. In addition, multi-factor authentication (MFA) can improve access security without inconveniencing your employees.
Here are the most common contextual factors:
- The IP address of the device
- Employee’s geographic location
- Type of device used to access
- The role or group the user belongs to in your business
You can set up conditional access in Azure Active Directory. Or if you use another identity and access management tool, it can be established there too. But sometimes, it’s helpful to seek the assistance of your IT partner.
How does conditional access for identity management help you?
You can be more flexible with challenging user legitimacy. For example, with improved security, your system won’t approve access to anyone with a username and password. Instead, the employee needs to meet specific requirements. Contextual access can block any login attempts from countries where you know no employees are currently located. And it can present an additional verification question when employees use an unrecognised device.
Increase efficiency for your IT teams
With if/then statements, you automate the access management process, so your system takes control. It will automate the monitoring of contextual factors and implement appropriate actions. So this reduces the administrative burden on your IT teams and increases productivity. Here’s the thing, automated processes are considered more reliable than manual processes. With automation, you remove human error and verify each condition for every login.
Restrict activities for certain users
Not only does conditional access keep unauthorised users out of your system. You can use it to restrict the activities that verified users can do. For example, you can limit access to data or settings based on a user’s role. And you can also use conditions in combination. Such as lowering permissions to view-only. This can effortlessly be triggered if a user holds a specific position and logs in from an unknown device.
Improved User Experience (UX) for Login
67% of businesses don’t use multi-factor authentication. Incredibly, even with recent hackings. Yet, MFA has proven to be an effective method to stop data breaches.
Now, I know what you’re thinking… it’s so inconvenient for your teams. And you’ve heard them complain about how it slows them down, leading to a loss of productivity. Or it’s all too hard.
However, you can improve user experience with MFA can improve the user experience. For example, you can require employees to use MFA if users work remotely. Implementing additional challenge questions on a role or context-based basis is easy. And this will help your employee’s user experience and maintain team morale.
Enforces the rule of least privilege
One of the most well-known ways to secure your systems is to permit the lowest level of access to your systems. This means the employee has the appropriate level of access to do their work. Once you have roles established in your identity management system, you can determine access to the user’s role. By using conditional access, you can simplify restricting access to data or functions based on the role’s needs. And it streamlines identity management as all the functions are in the same system for access and MFA rules.
Want to learn more about Conditional Access?
Do you need clarification about how to set up conditional access for your business? Contact us today for a free discovery call.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.