You’re not on the list, you’re not coming in!
In one of my previous blogs ‘The Enemy Within’, I referenced the use of a security technology called Conditional Access to guard against insider threats. This next piece puts more flesh on the bones and explains what this looks like for the typical organisation and User.
Conditional Access (CA) is a security feature that allows organisations to control access to their resources based on certain conditions, such as User location, device type, and security posture. CA helps organisations ensure that only authorised Users can access sensitive data, while minimising the risk of data breaches caused by compromised credentials.
The benefits of using CA are numerous. By controlling access based on specific conditions, organisations can reduce the risk of data breaches caused by compromised credentials or unauthorised access. Additionally, CA can help organisations meet compliance requirements by ensuring that only authorised Users can access sensitive data.
Conditional Access works by evaluating specific conditions before granting access to a resource.
These conditions can include:
User location
Organisations can use CA to restrict access to resources based on the User’s location. For example, an organisation may require that Users be on a company network to access certain resources.
Device type
Organisations can use CA to restrict access to resources based on the type of device being used. For example, an organisation may require that only corporate-owned devices can access certain resources.
Security posture
Organisations can use CA to restrict access to resources based on the security posture of the device being used. For example, an organisation may require that devices have up-to-date antivirus software installed before accessing certain resources.
Time of day
Organisations can use CA to restrict access to resources based on the time of day. For example, an organisation may only allow access to certain resources during business hours.
User role
Organisations can use CA to restrict access to resources based on the User’s role within the organisation. For example, only Administrators may be allowed to access certain resources.
Conditional Access – Useful Video
Microsoft’s Azure Conditional Access is one such system which applies rigorous security controls to User access. The below video explains the system nicely!
In conclusion, Conditional Access is an essential security feature that allows organisations to control access to their resources based on certain conditions. By evaluating specific conditions before granting access to a resource, organisations can reduce the risk of data breaches caused by compromised credentials or unauthorised access, while meeting compliance requirements. As such, organisations should consider implementing Conditional Access as part of their overall security strategy.
Thanks
Richard