Data Breaches and You. Yes, you. This ain't a dress rehearsal.
Data Breach. DATA BREACH. We've seen it everywhere. Literally everywhere. Companies like IBM and the Ponemon Institute produce yearly reports on the subject. You can access IBM’s Cost of a Data Breach report here.
Ever wonder why companies the size of IBM would spend the GDP of a small country on creating a yearly report? It's because of "data breaches!"
Don't believe me? Let's look at some recent news then:
That's just some of what has been made publicly available since the beginning of August 2024. It’s important to note too, that one of the above updates was from a 2022 data breach; the impact can have a very long tail. Recovering from the financial, legal, and reputational implications and damage from a data breach can take many years.
(I asked our Nvidia overlords, ChatGPT specifically)
"A data breach occurs when unauthorized individuals access, disclose, or steal sensitive, confidential, or protected information. A breach can happen for various reasons, such as cyberattacks, insider threats, accidental exposure, or physical theft of devices. Data breaches can involve different data types, including personal information (e.g., social security numbers, credit card details), corporate secrets, intellectual property, or other sensitive information.
The consequences of a data breach can be severe, leading to financial losses, legal liabilities, reputational damage, and loss of customer trust. Organizations often must report breaches to regulatory bodies and affected individuals, especially if the breach involves personally identifiable information (PII). Security measures like encryption, access controls, and regular security audits are essential to prevent and mitigate the impact of data breaches."
TLDR: People steal your data. Simple.
I wrote about the anatomy of a cyber attack at the beginning of the year, and to be Frank and Ernest, cyber-attacks are not slowing down. As we saw with Midnight Blizzard’s attack on Microsoft, vulnerable applications can be exploited to quickly escalate privileges and gain access to sensitive corporate data. Unless you consistently and proactively work to improve your application security posture, your risk exposure is only growing. This is your wake-up call. You need to pay attention.
Understanding what is happening in your Entra ID cloud environment is the only way to minimize your risk. Now, yes, this post focuses on Microsoft technology specifically, but these principles are the same across other public and private cloud provider services.
Let’s dig into each one further:
Everything starts and ends with an identity. In the context of Entra ID (formerly Azure AD), an "Identity" refers to a digital representation of a user, application, or device that can be authenticated and authorized to access resources within an organization's IT environment. Be it a virtual machine, an application, or any other solution the platform provides.
Here's how it breaks down:
An Entra ID identity is the foundation for securing access to resources, enabling single sign-on (SSO), and enforcing policies for authentication, authorization, and compliance across an organization's digital ecosystem.
Once your identity is verified, you can access specific services inside your environment. Two users might have different permissions for various reasons, including their department, role, seniority, project involvement, geography, compliance requirements, and security clearance, to name a few.
These differences in permissions help maintain security, ensure proper access control, and align with organizational policies. Permissions are central to Privilege Identity Management (PIM) principles in Entra ID, as PIM focuses on controlling, managing, and monitoring those who have elevated or privileged permissions within an organization. PIM best practices recommend that elevated permissions are granted only when necessary, typically on a just-in-time basis and for a limited duration to reduce the risk of unauthorized access or privilege misuse.
These are the applications that you need to interact with. It could be your collaboration platform like Microsoft Teams, a third-party ERP system, or even a bespoke application built by your organization. An Entra ID application is a registered entity that represents a software application or service, enabling it to integrate and interact with other resources within the Entra environment or external systems. The application has a unique identity and can be configured with permissions, roles, and access policies to perform specific tasks or access data securely.
Applications in Entra ID can be classified into two main types:
In the old days, these parts were protected by a physical boundary, predominantly your office. We call that a perimeter. Back then, we had people and companies that sold and managed firewalls. You had to physically show up to the building, connect to the building's network, and access information that way. Life was good.
Modern times predicate that we access information from anywhere on the planet, even from space (cue weird Starlink music). Many of us work from anywhere, anytime, from any device. That means that information is no longer just protected by firewalls and perimeter security. The guardrails have changed. How we build applications has changed, and in so doing, our security requirements to protect our information have also had to change.
It's no longer about the firewall. It's about how you, as an organization, provide access to the applications that run your business to your users. Because of this proverbial "changing of the guard," you need new ways to protect and, more importantly, understand how applications are provisioned and processed in your environment. That's what all of this is really about.
To bring it full circle, everyone from your users to administrators to executives should take security and data breach prevention seriously—as seriously as you take drinking water daily. It's not something that you can worry about tomorrow or the next day. It's a now task.
Threat actors and adversaries don't wait for you to determine what that managed identity has access to. They probably know more about that managed identity than you do. We all need to get to grips with what is going on in our environments!
We’ve been focused on solving this problem over the last year. Let us tell you where to start:
That'll give you your roadmap to closing the application security holes in your Entra ID platform (Security Posture Management 101). That's why we want to talk to you and why we planned this webinar.
Join me and co-host Nicolas Blank for another killer session hosted by ENow. On August 21st, we will discuss the Top 10 Entra ID Application Security Risks to Look For. Register to join live or get access to the recording.