Security is top of mind for most organizations today. In many IT departments, the security conversation has been going on since two computers were connected onto the same network. The spectrum of approaches goes between “let nothing out or nothing in and we will be fine” or “let somewhere just shy of everything out and everything in.”
After all, businesses are in the business of keeping their secrets, right? Whether it’s that magical proprietary algorithm that produces the unique service they sell, or the store of applied knowledge that helps the organization take over the world (or at least take over more market share). These are the things we need to keep secure, under the threat of our professional lives and reputations, forever. The kind of information that keeps organizations on their toes watching for any threat imaginable.
Microsoft and other cloud vendors are aware that the physical security around their offerings needs to be tight because they are responsible for that aspect of their offerings. There comes a point where the physical security responsibility ends and the responsibility of the virtual security begins. This is where your IT team still needs to keep its focus and diligence. Users are still going to want easy-to-remember logins so they can focus their energy on making widgets, selling them, or accounting for them, or on any other professional job not requiring a hardcore focus on security.
Vendor Solutions Address Vulnerabilities
Back in February 2019, Microsoft made it easier to purchase security licensing packages with its Microsoft 365 Identity & Threat Protection and Microsoft 365 Information Protection & Compliance. These offer a one-stop shop (or SKU) to get all the security products and features to help your organization tackle compliance regulations or lock down things tightly to deter breaches. From an implementation perspective, it’s still the job of the security team or team member to make sure the policies lock out the wrong people from accessing the information storehouse while letting the right people in.
And that is the crux of the matter. We can let go of the diligence of keeping up the hardware and OS profiles on our servers. We can suspend the patch management and feature updates from our enterprise-level software solutions. However, security remains the final point of diligence where the IT team remains the defender of intellectual property.
Some of the Microsoft package feature sets keep information from leaving our virtual presence. Other feature sets help us track where things are going and any failed attempts to retrieve something. And there are key performance indicator graphs that let you know where your security posture sits at a glance and could be used to do a deep dive on different security aspects of both the Azure virtual landscape and Office 365.
The tools are out there, and there are many ways to buy them. It’s now up to IT to make security decisions about their cloud presence and be the gatekeepers to resources and information stored there.