In The Technology Boardroom this week, we delve into the importance of understand identities when tackling cyber security and building a proactive cyber security defence. Catch up on the conversation from our episode “Neutralising cyber security threats with Microsoft Entra”, where we tackle a crucial topic: identities in the digital age and their implications for cyber security.
Meet the host
Our host for this episode is Advania’s Security and Compliance Director, Pravesh Kara, who brings a wealth of experience in cyber security and a knack for breaking down complex topics into digestible insights.
Let’s dive into this episode of The Technology Boardroom.
The importance of identity management
In today’s digital landscape, identities are not just user credentials; they represent a significant attack surface. Our guest Steve Goodman kicks off the discussion by highlighting the complexity and importance of managing identities effectively, noting that successful breaches and the rise of threat groups specialising in identity attacks underscore the need for robust identity management.
The conversation follows: “Identities present a massive attack surface and it’s a complex space that’s often not managed well. This is evidenced by the quantity of successful breaches and even the evolution of threat groups that specialise just in this area called initial access brokers.”
The role of automation and AI
As we navigate through the topic, a major theme that emerges is the role of automation and AI in enhancing security measures. Steve shares his vision of a future where AI-driven automation helps detect threats more efficiently. He articulates how automation can miss less and allow analysts to make quicker decisions without diving into endless logs.
The pair discussed how reducing omissions seems like an effective goal because automation often struggles without AI to provide clarity in complex situations. Building automations to cover various scenarios is challenging as broad automation tends to be too general.
Training users in real-time
Pravesh introduces an intriguing concept called nudge technology, which aims to provide real-time training to users by prompting them when they make a mistake. This approach can keep security at the forefront of users’ minds without overwhelming them with constant training sessions.
"What I’ve seen developing is introducing nudge technology, so that when a user takes a misstep, the user gets prompted at that point in time to say, 'hey, are you sure you want to take this action?'" – Parvesh Kara
Our hosts elaborate on how this technology can be seamless and integrated into everyday operations, ensuring users are guided without feeling impeded.
Zero trust: a modern security paradigm
Another key topic explored is zero trust, a security model that assumes no one is trusted by default – whether inside or outside the network – and verifies everyone who tries to connect to the system. Our hosts break down the core principles of zero trust and how Microsoft Entra can help build this architecture.
Here’s their explanation: “We are looking to verify who a person is based on all the things that we know about them. The zero trust part of that is they start from not trusting anything… we’re assuming that the starting point for every single user who’s attempting to access the organisation is potentially an attacker.”
The emphasis here is that zero trust isn’t just about technology but also about continuous validation and using telemetry data to ensure ongoing verification.
Balancing security and usability
One of the biggest challenges organisations face is finding the right balance between security and usability. Steve touches on how Entra ID can make security seamless for employees while maintaining robust protection mechanisms.
He says: “A good setup of Entra ID could be seen from a user’s perspective as they get their laptop or device, they do have a multi-factor authentication prompt. And after the device is registered then they may very seldom see those additional prompts.”
Get the full conversation on The Technology Boardroom
In the full episode, our hosts offer invaluable insights into identity management, automation, zero trust, and balancing security with usability. Prav and Steve provide practical advice and ideas that can help any organisation improve its security posture.
If you’re looking to deepen your understanding of these critical topics and hear from experts who are at the forefront of cyber security, tune in to this episode. Your journey towards better security practices starts here.
