Passwords have been around forever, there has always been a major source of security concern around using them thou. Eighty-one percent of security incidents happen due to weak or stollen passwords. Many employees continue to neglect the basics of good cyber hygiene as they do not understand the risks.

For example, 61% of employees will use the same password for multiple websites and systems used in a business. And 43% of employees have admitted to sharing their passwords with others. These are factors of why compromised credentials represent the main cause of data breaches.

Access and identity management is becoming a growing priority for many businesses. Especially now so many systems and data is stored in the cloud. We demand easy access to systems with the work from anywhere culture that in years gone by were secured by multiple different solutions such as a VPN back to the office before then accessing a system with a different username and password. This route added at times a double layer and now we just use a username and password to access so cloud solutions.

A cyber criminal can very easily work out an email address which is usually used as the username for a cloud system. They can gain this from looking at the company website for the format or by gaining it from LinkedIn.

We will explain what conditional access is below and how this works with multi-factor authentication (MFA). We will also advise of the advantages of moving to a conditional access process.

What Is Conditional Access?

Conditional access which is also known as contextual access, is a method of controlling user access. It can be thought of a series of “if/then” statements, meaning “if” this is present, “then” do that.

An example of this would be conditional access allows you to set a rule that would state the following. “If a user is logging in form outside the UK, require a one time passcode.

Conditional access allows you to add many conditions to the process of a user being able to login to your cloud systems. It is commonly used with MFA. This improves the security posture without inconveniencing users.

Some of the more common contextual factors used include:

• IP address
• Geographic location
• Time of day
• The type of device used
• Role or group the user belongs to

Conditional access can be setup in Azure Active Directory which is part of Office 365. It can also be set in other identity and access management tools. It is always best to involve your IT partner before implementing as you could restrict yourself from being able to access the system. Commercial Networks always recommend creating a “break glass” account before working on conditional access and ensure that this account is exempt from all rules.

Benefits of Implementing Conditional Access for Identity Management

Improves Security

By using conditional access it improves security. It allows for more flexibility in ensuring users are legitimate. It goes beyond just allowing access with a simple username and password, it ensures that a user meets additional requirements.

Contextual access could block sign in attempts from country’s where you have no employees working. It could also requires additional verification when employees use a device that is not recognised.

Automates the Access Management Process

Once you or your IT partner have setup the if/then statements. It automates the monitoring for contextual factors and takes the appropriate steps based on these. This in turn can reduce the workload on your IT teams. It also ensures that no one is falling through the cracks.

Allows Restriction of Set Activities

Conditional access is not only for keeping un-wanted people out of your accounts. It can be used in other ways. One such way would be to restrict the activities that employees can do.

For example you could restrict access to your HR folder in SharePoint based on the security group they are a member of. You can also use these conditions in combination, such as allowing access to HR but only with a view only permission. You could trigger a set role based on the type of device, its location or if it is unknown.

Improves the Login Experience

Recent studies show that 67% of businesses do not use multi-factor authentication. This is despite it being one of the most effective means of preventing credential breaches.

One of the biggest reasons most businesses do not implement it, is due to the inconvenience it creates for employees. They may complain that it interferes with their productivity, they are not prepared to use their “personal” mobile phone for text messages and or authenticator applications.

By using conditional access with MFA could actually improve the user experience. For example you can require only MFA if a user is not in the office. You could put extra challenge questions on a role or context-based basis. This prevents users from being put out.

Enforces the Rule of Least Privilege

A security best practice Commercial Networks use is using the rule of least privilege. This means only granting the lowest level of access within a system for a user to do their work. Once we have setup roles in identity management we can base access on those roles.

Conditional access simplifies the restricting access to functions or data. This can then be based on the job needs, such as an accounts administrator would not need the same access as the accounts supervisor. It allows streamlining of identity management because it contains all the functions in the same system for access and MFA rules. When everything stays together is allows the management to be a much simpler process.

Need Help Implementing Conditional Access ?

Once you get conditional access setup in your organisation the automation takes over. It can improve your security and reduce the chance of an account breach. Contact Commercial Networks today for a free consultation to enhance your cybersecurity.