Every company has some sort of sensitive data. Whether it’s customer lists, financial data, personal information, or a myriad of other categories; we’ve all got stuff that needs to be protected. In this article, we’ll give you a glimpse of the methods and tools we use to protect our most sensitive datasets.
As you can imagine, an IT provider like us is entrusted with a lot of sensitive data. Not only do we have administrative access to our customers’ infrastructure, it’s also our responsibility to ensure that their data is backed up properly. To ensure that data is secure, we’ve implemented and carefully tested state of the art procedures and tools to protect confidential information. We firmly believe in “eating our own dogfood.” To that end, our security stack looks a lot like the security stack we provide to you through Stellar IT. Here are some of the key tools we use to do our work and protect your data:
Azure Active Directory
Azure Active Directory is the heart of our identity management at Kirbside. Anything that we can integrate with it has been integrated for single-sign-on. This gives us the ability to keep thing simple (only one secure set of credentials to manage) as well as some enhanced logging and protection. We use AAD as a part of our Microsoft 365 subscription, meaning that we’re able to take advantage of advanced security features like:
- Multi-Factor Authentication
This is a non-negotiable for us. One-hundred percent of our users must use multi-factor authentication to access any of our business systems.
- Conditional Access Policies and Intune
Through the use of conditional access policies and mobile device management, we’re able to set certain requirements that must be met before a user can logon. For example, for our password management system (arguably our most sensitive system), the technician’s device must be fully compliant with our MDM policies. This means that the device must be encrypted, have up-to-date antivirus, and be in good health (no detection of malicious code on the PC). If these conditions are not met, the login will not be successful.
- Microsoft Security Graph
The Microsoft Security Graph is a highly intelligent, AI-based security system that we leverage to better secure our systems. We have specific policies to detect high-risk logons, which will intercept a logon if it is deemed high risk. An example of this would be “impossible travel” (such as a login attempt from Miami 5 minutes after a login attempt from Denver).
Azure Information Protection (AIP)
Azure Information Protection is another great tool afforded to us through Microsoft 365. With Azure Information Protection, we’ve set different classifications based on the sensitivity of a particular piece of data. This allows us to control access to specific files and pieces of data based on who should access it. Moreover, if that data were to leave our environment on a flash drive, an unapproved user would still be unable to access the data contained within.
Computer and Mobile Device Management
Mobile Device Management is a key component of a modern security plan. MDM allows us to enforce certain requirements on any devices accessing our data. This ensures that the data is always stored and accessed securely. Anyone on our team who wishes to access our secure data must use a device that is enrolled in our MDM solution. This applies to computers as well.
Role Based Access Control
Role based access control is a critical piece to any security puzzle. At Kirbside, we have strict policies in place that dictate who needs access to what. This ensures that team members that don’t need access to a certain piece of information simply do not have it.
Auditing and Regular Log Review
Auditing is another key component to good security. By knowing what’s happening in your infrastructure, you can easily point out anomalous activity and put a stop to it. Using Azure AD, and advanced logging built into our systems, we keep a watchful eye on who is accessing our data, when, and from where. We’ve also configured our systems to immediately alert our management personnel for high risks actions, allowing us to act immediately if something isn’t right.
As you can see, we’ve created a pretty holistic system for managing sensitive data at Kirbside. Protecting the data we’re entrusted with is top priority to us. Do note that this article does not encompass all the techniques we use to safeguard your sensitive data, it’s just meant to get a general overview.
Interested in better protecting your company’s data?