When moving to Microsoft Online services such as Dynamics Online, Office 365 and Intune the first thing you will need to do is setup your Azure Active Directory. You can just replicate your existing on premise AD to Azure but there is an opportunity to rethink your Identity Management (IdM) Strategy.
When we talk about securing data or securing devices (mobile or otherwise) what are we really trying to achieve? Do we really care if somebody has a copy of our data if we still have a copy? I suppose it depends on the nature of that data. If I run an eCommerce site and the data is my product catalog you probably don’t care. If the data happens to be credit card information from online transactions, you probably care – especially if the data gets into the wrong hands. We probably care more about who (remember that word: “who“) has access to the data, rather than that the data has been copied. In fact, creating and managing copies is part of a complete disaster recovery or business continuity plan.
Similarly, we might care that a mobile phone, tablet, laptop or desktop has been lost or stolen but for most organizations, the replacement cost of the device is rather inconsequential. In reality, the risk associated with a lost device is the access to data that the device might provide – either data on the device or data that the device might have online access to.
There are many ways to secure data mostly associated with some form of encryption. Encryption is useful in preventing access to data but what’s the point of data if nobody has access to it?
At some point, somebody will have a legitimate reason to access the data whether it is for processing an online transaction or modifying a document. Of course we care about who (there’s that word again) has the access. Preventing unauthorized access is important but is it more important than enabling authorized access? That’s a topic for another day.
The point is that it’s about people. The only reason we have devices, applications and data is to allow people to do something productive.
We care about who has access to our data on which devices and in which locations. In reality we really only care about the devices and location because if we don’t trust the device or location the data may become accessible to somebody who should not have the access. If we could guarantee the security of the device and the location, we would still care about who has access. If we could guarantee who has access, we probably wouldn’t care too much about the location or the device.
Let’s circle back to Microsoft online services. Both Office 365 and Enterprise Mobility Suite provide some powerful features to help you secure data, devices and applications. I encourage you to investigate the use cases for these in your organization but remember that at the foundation of your security strategy lies the user. This is a great opportunity to revisit your IdM strategy go beynd just deciding on Cloud Identity, Directory Synchronization or Federated Identity. If you do, I predict you will be able to get more out of your investment in Microsoft Online services.
In the classic Dr. Seuss book Horton Hears a Who, Horton the elephant is the only one able to notice the Whos. Be like Horton. Focus on the WHO!