Network-Describe security, compliance, privacy, and trust in Microsoft 365

Networks provide users with access to the data they need, but they are also a major point of vulnerability. Dividing a network into segments with access controls at each hop can prevent attackers from moving laterally through the network once they gain access. Networks in a Zero Trust environment should also use end-to-end encryption to protect data while in transit.

The traditional network security model calls for constructing a perimeter surrounding the enterprise premises; this model has servers, workstations, and users inside the perimeter and firewalls protecting them by filtering out unwanted traffic. Remote users could connect to enterprise resources only by establishing a secured connection to a remote access server located in a screened subnet on the perimeter network. A Microsoft 365 installation places substantial and potentially vulnerable resources in the cloud outside the network perimeter, requiring a revised network security model.

Remote users might still connect to on-premises servers for some functions, but others will connect directly to cloud services. Also, the new emphasis on mobile devices means that users will be accessing enterprise resources from a wider variety of locations, including public locations, such as hotels and coffee shops, over which the company has no control.

The Microsoft 365 deployment process begins with an assessment and possibly redesigning the network to ensure that Internet bandwidth and proximity to the nearest Microsoft cloud endpoint are optimized. Also, adapting the security model to a network infrastructure that includes cloud services requires a shift in emphasis from perimeter security to endpoint security, in which the focus is placed more on securing the locations of the data and the locations of the users accessing the data than on the network medium connecting them.

Note Microsoft 365 Deployment

For a more detailed examination of the Microsoft 365 deployment process, see “Describe endpoint modernization, management concepts, and deployment options in Microsoft 365” in Chapter 2, “Describe Microsoft 365 apps and services.”

Endpoint network security means that the protective features built into the Microsoft 365 cloud services take on a more prominent role in the enterprise security strategy. Microsoft 365 administrators do not have control over the network traffic reaching the cloud services, nor can they erect a perimeter around every remote or mobile device that accesses the enterprise services. Therefore, instead of trying to block malicious traffic with firewalls, security comes from mechanisms such as multifactor authentication, Data Loss Prevention, and Cloud App Security.

This does not mean the networks cease to be vulnerable or can be left unprotected. Administrators must be wary of the threats that have always afflicted networks, including unauthorized packet captures, unprotected Wi-Fi networks, and rogue access points. For example, if an enterprise allows both managed and unmanaged devices to access company resources—regardless of the policies they use to control that access—it is still a good idea to keep the managed devices on a separate wireless network from the unmanaged ones. Also, appropriate security and encryption protocols must still protect internal Wi-Fi networks, and their administrative passwords and preshared keys must be modified regularly.

Infrastructure

Infrastructure is an inclusive term encompassing all of a network’s hardware and software, both physical and virtual, on premises and in the cloud, as well as the facilities and services that house and protect them. The infrastructure of a typical enterprise network presents many potential attack vectors, and administrators should make every attempt to block them. IT personnel can keep software products updated and use infrastructure monitoring technologies that detect unusual and problematic behavior, such as Security Information Event Management (SEIM) and Security Orchestration, Automation, and Response (SOAR).

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.