Tag: CloudInsight

30 Nov 2022
Microsoft Azure Maintenance Basics

Microsoft Azure Maintenance Basics

Microsoft Azure Maintenance Basics

Financial institutions need to stay on top of Microsoft Azure maintenance to efficiently use Microsoft cloud services and have effective controls across identity and access. Azure maintenance is also a matter of regulatory compliance.

Microsoft Azure maintenance encompasses Azure Active Directory, M365 (formerly called Office 365), Microsoft Exchange Online, and other associated Azure cloud services. Many institutions may not realize they are leveraging cloud solutions because it’s not always obvious where different technology services originate. Regardless of how an institution obtains Microsoft Exchange or M365, it creates a Microsoft tenant with Azure AD. Institutions are ultimately responsible for these tenants and this includes properly securing and maintaining them.

The Federal Financial Institutions Examination Council (FFIEC) expects institutions to engage in effective risk management for the “safe and sound” use of cloud computing services. The council indicated as much in its statement on “Security in a Cloud Computing Environment,” saying: “System vulnerabilities can arise due to the failure to properly configure security tools within cloud computing systems. Financial institutions can use their own tools, leverage those provided by cloud service providers, or use tools from industry organizations to securely configure systems, provision access, and log and monitor the financial institution’s systems and information assets residing in the cloud computing environment.”

In addition, financial institutions are obligated to oversee third-party service providers and make sure that they use proper security controls. “Management should be responsible for ensuring that such third parties use suitable information security controls when providing services to the institution,” the FFIEC IT Handbook’s Information Security booklet stated. “Management should verify that third-party service providers implement and maintain controls sufficient to appropriately mitigate risks.”

Azure Active Directory

Azure Active Directory (Azure AD, AAD) is the primary identity platform across all Azure services. There are some standard maintenance objectives that financial institutions should meet with Azure AD.

Some of the key types of identities to review within Azure AD are users, devices, and enterprise applications. User maintenance is an area many people are familiar with, and it involves ensuring the list of users matches expectations. IT administrators should be on the lookout for new accounts; they should look for users who should not be there and delete or disable them if appropriate. For example, users may need to be purged from the list after they complete off-boarding procedures.

With device maintenance, it is important to be aware of all the devices that the organization has placed into Azure AD. IT administrators should ensure that, at least for Windows OS devices, they follow the established naming convention. They should delete “stale” or inactive devices and ensure that all devices—whether desktop or mobile—adhere to established compliance policies.

The maintenance for enterprise applications—objects with some form of connectivity with your Azure tenant—involves making sure various service apps meet expectations for functionality. Administrators should review the apps’ properties to ensure the best controls are being applied. For instance, this could include addressing apps that have an expired certificate.

Other important maintenance areas within Azure AD include reviewing privilege role assignments to ensure their validity, scrutinizing delegated administration partners to confirm their level of access, and “right-sizing” the number and types of licenses to avoid being over or under-provisioned.

M365 and Exchange Administration

SharePoint Online, Exchange Online, and OneDrive are core components of M365 and as such, they require strategic maintenance. Here are some important areas IT admins should address to maintain these services:

  • Usage reporting— Monitor usage reports to ensure they match the institution’s expectations. Anomalies in consumption and storage could indicate a possible security or compliance concern.
  • Cleaning up files— Delete old, unused files from OneDrive or SharePoint. Administrators can solicit help from users by notifying those who are approaching their limits.
  • File retention policy— Automatically delete files based on a set schedule or duration, such as anything older than seven years.
  • Exchange Online mailbox usage— Notice mailbox statistics before users reach their limit to avoid service disruptions—and complaints.
  • Distribution list review— Make sure distribution lists contain the appropriate members for the most effective targeting.
  • Exchange Online mobile devices— Keep track of the details about users’ mobile devices to gain additional insights for achieving maintenance objectives and compliance.

For more information, listen to our “Azure Maintenance —The Basics Every IT Administrator Should Know” webinar.

27 Jul 2022
Learn How to Eliminate Compliance Pain Points with COMPaaS

Learn How to Eliminate Compliance Pain Points with COMPaaS

Learn How to Eliminate Compliance Pain Points with COMPaaS

Keeping compliance processes and information security up to date is crucial, especially with the ever-increasing risks and regulatory requirements that are facing financial institutions. Our compliance-as-a-service solution, COMPaaS, solves this problem. It offers community banks and credit unions an easy way to customize information technology and compliance services to match their institution’s needs.

What is COMPaaS?

COMPaaS is a collection of connected compliance applications combined with critical monitoring and reporting tools that institutions can customize to address their specific pain points. Regardless of type or size, any financial institution can use COMPaaS to build a unique package of services that are based on their specific compliance resources, expertise, and budget.

The full suite of services meets regulatory requirements in a range of areas from vendor and network management to cloud security, information technology, and business continuity management:

  • BCP Blueprint: An application that automates the building and maintenance of a business continuity plan.
  • CloudInsight M365 Security Basics: A reporting tool that provides visibility into security settings for Azure Active Directory and M365 tenants.
  • Cybersecurity RADAR: A user-friendly application to assess cybersecurity risk and maturity.
  • Information Security Program: A proven regulatory framework with applications that allow you to build a customized, interactive, and compliant infosec program.
  • Lookout: An event log monitoring solution that efficiently combs through daily logs and sends notifications for activities that need review.
  • NetInsight: A reporting tool that runs independently of existing network tools to provide third-party “insight” into IT controls.
  • Vendor Management: An application that tracks vendor risks, automates contract renewal reminders, and generates reports.
  • V-Scan: A security solution that scans a network, identifies vulnerabilities, and generates a comprehensive report.

How Does It Work?

The COMPaaS applications and services were built with our expert’s core knowledge and industry best practices to help your institution build a strong compliance foundation. Whether you choose one of the automated applications or a service that provides a dedicated compliance resource, COMPaaS can help you better manage your policies and procedures, implement effective controls, and fill in reporting gaps to meet examiner expectations. It is the ideal solution because it lets you select the exact products and services you need now and add more later as your requirements change. For example, if you are a smaller bank, you might begin with a vendor management application and then build from there to cover your cybersecurity risk and information security concerns.

Key Benefits

COMPaaS allows financial institutions to leverage the benefits of automation to streamline time-consuming processes related to regulatory requirements. It converts labor-intensive processes that often exist on paper into apps to create living documents that are more efficient and less likely to become outdated.

COMPaaS also uses technology to enforce verifiable controls and provide consumable reports so that institutions can implement the appropriate actions to maintain information security. This can make it easier to prove to a third party that critical issues are being addressed. In addition, all COMPaaS was designed with the regulatory needs of community banking institutions in mind. For example, the technology and security products cover the standards set by the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool (CAT) or the National Credit Union Administration’s Automated Cybersecurity Examination Tool (ACET).

The COMPaaS Advantage

With COMPaaS, institutions have an effective way to target and eliminate their specific compliance and information technology weaknesses. They can save time by automating compliance tasks and save money by selecting only the options where they need help. Institutions also can expand COMPaaS’ services to support internal IT staff who may not be well-versed in a particular area or wearing multiple hats and juggling too many tasks. Or they can use COMPaaS to fill a void when an IT staff member takes a vacation, goes on leave, gets promoted, or retires. Whatever the situation, institutions can maintain continuity by having access to the same tools, reporting features, and experts through COMPaaS. And our solutions will grow with the institution, so it can implement various services at separate times based on its budget and needs.

26 May 2022
Community Banks Use CloudInsight M365 Security Basics to Increase Security

Community Banks Use CloudInsight™ M365 Security Basics to Increase Security

Community Banks Use CloudInsight M365 Security Basics to Increase Security

To meet the challenges of escalating cyber threats and constantly evolving technology, organizations must have appropriate security measures in place to protect their network, data, and other assets. Financial institutions that use Microsoft Azure Directory and M365 can capitalize on CloudInsight™ M365 Security Basics to ensure they have the right security, identity, and compliance settings to keep their information safe in the Cloud. The product fills a critical need because Microsoft is always enabling and disabling features in Azure AD and M365, which can make it difficult for institutions to maintain the best security settings.

M365 Security Basics increases the visibility of potential security risks through three main services:

  • Reporting — The delivery of user-friendly Microsoft data
  • Alerting — Notifications of common indicators of compromise
  • Quarterly Reviews — Expert analysis and consultations

Here are two case study summaries to show how different institutions are using CloudInsight M365 Security Basics to gain better visibility into their cloud security and Microsoft settings:

Affinity Bank

Atlanta-based Affinity Bank wanted to get a better handle on potential security threats—particularly those relating to email. It implemented CloudInsight M365 Security Basics to prevent compromised user accounts, unknown users and forwarders, unapproved email access, and other risks. “Being able to receive alerts when attempted logins from outside of the country come through is a big reason why we were interested in the product,” said Senior Vice President and Chief Operations Robert Vickers. Just having the ability to put in preventative features blocking employees from sending or setting up a forward to an external email address was another plus for Affinity Bank. With almost $800 million in assets, three locations across Georgia, and a long-term relationship with Safe Systems, Affinity Bank anticipates significant improvement in its cloud security and overall security posture thanks to M365 Security Basics’ monitoring, alerting, and other tools. Aside from the tools that M365 Security Basics provides for Affinity Bank, the real advantage given to the bank is the relationship with Safe Systems. “The team at Safe Systems has been able to provide us with great expertise on exactly where we need to go, what we need to do, and best practices to get us there,” said Vickers. “Almost immediately after we signed on for CloudInsight, they gave us recommendations we could implement straight away.” Read more.

Franklin Bank & Trust Company

Since its inception in 1958, Franklin Bank & Trust Company has prioritized adapting to constant changes in technology to maintain its security. M365 Security Basics proved to be the ideal solution for the Franklin, Kentucky-based community bank, which has $700 million in assets and five branches across the state. Since implementing CloudInsight M365 Security Basics, the bank achieved improved efficiencies in its cloud security and settings. After the initial meeting with the new service, reports came back with deficiencies that the bank didn’t even know it had and that could expose them to potential data breaches and threats. They were able to tighten up privacy settings, including the bank’s Microsoft OneDrive, and impose conditional access policies to ensure data was protected. “Adding CloudInsight M365 Security Basics to our roster has really shone a light on our whole Microsoft cloud footprint. It has shown us which areas we need to shore up and, in turn, has made our bank more efficient and secure,” said IT Project Manager Aaron Miller. Read more.

Learn More

CloudInsight M365 Security Basics is a flexible, cost-effective solution that institutions can incorporate based on their specific priorities and requirements. While Affinity Bank used M365 Security Basics to primarily address email management, Franklin Bank & Trust Company wanted to gain better overall visibility into Microsoft security settings. In both cases, M365 Security Basics fit the bill. Depending on their license, financial institutions can use M365 Security Basics to customize a wide array of security settings in Azure AD, M365, and Exchange Online. This includes OneDrive and SharePoint Sharing; Teams and External Collaboration; and the Protection, Security, Compliance, and M365 Admin centers. Institutions can further enhance cloud security by adjusting the settings associated with Azure AD Premium P1, Intune, and Azure Information Protection. They can also apply conditional access policies, password protection, and a myriad of other security features.

For more information about how your institution can optimize Microsoft security settings to improve cloud security, download our white paper on “Azure and M365 Security Basics.”

22 Apr 2022
More Microsoft Azure and 365 Security Basics

More Microsoft Azure and 365 Security Basics

More Microsoft Azure and 365 Security Basics

Banks and credit unions today face an ever-increasing number of cloud security hazards. Here’s the good news: Financial institutions that use Microsoft Active Directory (Azure AD) and Microsoft 365 can lower their risk by modifying their security settings for these services. Not only can this help the financial institution minimize threats, but it can allow them to customize the features of Azure AD and Microsoft 365 (previously called Office 365) to their specific preferences and requirements.

Organizations are responsible for managing Azure AD and its security settings because when they purchased M365 licenses, they established a Microsoft tenant with Azure AD. From a compliance perspective, adjusting Azure AD’s settings is crucial since Microsoft automatically enables certain features that may violate or conflict with compliance policies for organizations in regulated industries.

Optimizing /M365 and Exchange Online Settings

Depending on your institution’s licenses, there is a wide range of security and compliance settings you can customize in Azure AD, M365, and Exchange Online such as:

  • OneDrive and SharePoint Sharing: Review the default level of sharing to control the flow of data based on what is appropriate for your institution.
  • Teams and External Collaboration: Review the platform’s default security and compliance settings, and if they are not sufficient, you can block all external domains to keep users from communicating externally.
  • Exchange Online: Control access, how emails are transmitted, the types of messages users can send to recipients in external domains, and the devices or apps that can connect.
  • Protection Center: Use the Basic Mobility and Security feature to manage and secure the mobile devices that are connected to your Microsoft 365 organization.
  • Security Center: Optimize email management by employing anti-spam policies for inbound emails, blocking automatic forwarding of outbound emails, using phishing simulations, quarantining potentially harmful messages, and blocking messages from fake senders.
  • Compliance Center: Implement a retention policy to manage the data by proactively choosing how to retain or delete content.
  • M365 Admin Center: Use modern authentication‎ in ‎Exchange Online‎ to enhance your institution’s security with features like conditional access and multifactor authentication. (Microsoft‎ strongly recommends turning off basic authentication for your organization.)

More Ways to Boost Security

You can further enhance cloud security by modifying the settings related to Azure AD Premium P1, Intune, and Azure Information Protection (AIP) licenses. With Azure AD Premium P1, for instance, you can include your institution’s logo, color scheme, and other branding elements on your Azure AD sign-in pages. You can also employ the hybrid Azure AD joined devices, conditional access policies, and password protection features. Microsoft Intune integration lets you configure policies to control how your institution’s devices and applications are used, including smartphones, tablets, and laptops. And AIP allows you to use deep content analysis to minimize data loss and enhance the labeling capabilities of Microsoft 365 to protect documents and emails.

M365 Security Basics Can Help

There are countless security settings that can be adjusted in Azure AD and /M365, and Microsoft is always introducing new features. This can make it difficult for institutions to ensure they have the most appropriate security, identity, and compliance settings—but our CloudInsight™ M365 Security Basics solution can make the process easier. M365 Security Basics is a collection of services designed to give community banks and credit unions a cost-effective way to manage their M365 settings. It offers reporting, the delivery of Microsoft data in a user-friendly format; alerting, notifications of the most common indicators of compromise; and quarterly reviews, expert analysis of M365 Security Basics reports, and explanations of the risk visible on the report and ways those risks may be mitigated.

To learn more about how to customize your institution’s Azure AD and M365 settings to bolster cloud security, access our “Microsoft Azure and M365 Security Basics” white paper.

09 Mar 2022
Microsoft Azure and 365 Security Basics Continued

Microsoft Azure and 365 Security Basics Continued

Microsoft Azure and 365 Security Basics Continued

When your institution acquired Microsoft 365 (also known as M365 and formerly called Office 365), it automatically created a Microsoft tenant with Azure AD. Since that tenant belongs to your organization, you are responsible for managing Azure AD and its security settings. Microsoft Azure services enable various default features that could be incompatible with the security, identity, and compliance requirements of your institution. it’s essential to customize the settings in Azure AD, M365, and Exchange Online (or Azure AD Premium P1, Intune, and Azure Information Protection) to fit your organization’s needs.

Customizing Azure AD Defaults

  • Security Defaults — Turn on security defaults to make it easier for your institution to thwart cyberattacks by using preconfigured security settings. (If your tenant was created on or after October 22, 2019, security defaults may already be enabled in your tenant.)
  • Password Policy — Configure the password policy applied to every user account that is created and managed directly in Azure AD. (Institutions with on-premises AD password policies governing password expirations should expect to manually synchronize their Azure AD password policy and their on-premises AD password policy.)
  • Azure AD Device Registration — Prevent users from joining devices on their own and require multi-factor authentication (MFA) to register or join devices with Azure AD.
  • Enterprise and Registered Apps — Keep non-administrator users from arbitrarily adding enterprise or registered applications, which can significantly increase risk. Afterwards, make sure to review every enterprise and registered application.
  • External Collaboration — Restrict regular users from inviting guests for collaboration and keep guest users from signing into your apps and services with their own work, school, or social identities.
  • Hybrid Identity with Password Hash Synchronization — Employ a hybrid identity architecture to synchronize users from on-premises Active Directory to Azure AD to minimize the number of identities users have across various platforms.
  • Azure AD Administration Portal — Limit regular users’ ability to read data in the Azure AD Administration Portal.
  • Administrator Review — Grant administrators only the specific permission they need to do their job and limit the number of static Global Administrator role assignments to fewer than five people.
  • Partners – When working with Microsoft-certified solution providers (partners) to purchase and manage solutions for your institution, they could be granted Global/Helpdesk admin roles giving them delegated administrative capabilities to your Azure instance. Make sure to review all partners and their delegated rights regularly.

Altering M365 and Exchange Online Settings

In M365, you can customize a variety of settings. In OneDrive, SharePoint Online, and Teams, look at configuring external collaboration capabilities of users. For Exchange Online, there are many settings to review but one to start with is the current forwarding capabilities and settings for users both globally and per-user. Modifying or reviewing these settings is highly advisable since they are inherently designed to facilitate interaction and external collaboration. In addition, you can use the Protection Center to secure mobile devices that are connected to your Microsoft 365 organization; the Security Center to refine email management; the Compliance Center to implement an effective data retention policy; and the M365 Admin Center to enhance security with modern authentication, which encompasses MFA. (According to Microsoft, 99.9 percent of account compromises can be blocked with MFA.)

And with the proper license, you can further enhance cloud security by optimizing the settings for Azure AD Premium P1, Intune, and Azure Information Protection.

M365 Security Basics Solution

Once your institution has sufficient settings in place to support your policies, it is essential to monitor for exceptions with reporting and alerting features such as those provided with Safe Systems CloudInsight™ M365 Security Basics solution. Financial institutions that partner with Safe Systems can gain critical visibility into their security settings helping them successfully navigate the complexities of optimizing M365’s features..

For more information about how your institution can optimize Azure AD and O365/M365 settings to improve cloud security, download our white paper on “Azure and M365 Security Basics.”

Important Disclaimer

The security settings that are discussed in this paper can have a dramatic impact on end-users and/or service functionality and should only be employed if deemed appropriate and after careful consideration. There are a variety of security options available, but organizations should strive to implement these technology services strategically and, ideally, through planned phases of objectives over potentially several months or even years. The recommendations, statements, and other concepts contained within this paper are provided primarily for the consideration of IT Administrators of financial institutions.

01 Mar 2022
Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

It can be challenging for financial institutions to manage security, identity, and compliance within Microsoft Azure Active Directory (Azure AD) and Microsoft 365 (also known as M365 and formerly branded as O365). Understanding the services and settings of the Azure AD and M365 ecosystem can make the process easier for IT administrators.

Some of the basic security settings that apply to most organizations fall under the free license level for Azure AD. These are also some of the low-hanging fruit that institutions can easily implement to make a dramatic difference in their security.

Security Defaults

One of the settings that can have the biggest impact is security defaults, which can be enabled to enforce a set of non-configurable conditional access policies. The policy set in Azure includes the ability to require multifactor authentication (MFA) and MFA registration for all users. It also offers the capability to block legacy authentication, which should be a high-priority goal for any organization.

Hackers can exploit basic authentication to effectively bypass MFA, which is a fundamental security service we recommend that every institution implement. If your institution has gone through the effort of enforcing MFA for users—but you’re not blocking basic authentication explicitly—there’s a major security gap. That gap should be addressed immediately, especially given Microsoft’s plans to decommission basic authentication protocols in Exchange Online in October 2022.

Identity Considerations

It’s also crucial to review the identity architecture for your financial institution. Any user, device, or app connecting to Azure should have an identity, whether it’s a guest user, mobile device, Mac OS device, or a Windows computer, so it can be assigned data access rights or even take on administrative capabilities. Every identity outside of Active Directory—which is the primary identity for users in many institutions—is another attack vector in a different system. An effective way to manage different identities is to consolidate them by sourcing them at the AD level and then synchronizing users and their password hashes to Azure AD. You should also review the level of access for all administrators as well as partners as they represent a huge risk downstream. Reviewing the level of access for partners goes beyond security; it’s also a matter of regulatory compliance.

Additional Considerations

Depending on your institution’s license level, there are additional Azure and M365 settings you can adjust in the areas of protection, compliance, and administration. For example, global auditing is an essential setting that should be enabled to augment security and facilitate troubleshooting after attacks. You should also block settings allowing for open collaboration and outbound email forwarding to avoid data loss and minimize cyberattacks.

If your institution is at the M365 level, it also needs the mobile device management (MDM) platform that offers sufficient protection. Exchange Online has built-in MDM capabilities but these capabilities do not extend to all M365/O365 apps.

Conditional access policies govern sign-ins and attempts. They can enable the enforcement of MFA and are the highest control layer for determining who has access to the data within Azure’s security ecosystem.

Since data lives outside of Exchange Online in the M365 world, if your institution has specific compliance requirements for retention, your retention policies will generally need to extend to all data.

M365 Security Basics

Adjusting all the security settings of Azure AD and M365 can be a daunting task, especially since Microsoft is constantly updating the features of its technology services. Our CloudInsight™ M365 Security Basics solution provides insights into security settings for Azure AD and M365 tenants. It helps IT administrators navigate the complexities of customizing their institution’s security settings through three services: reporting, alerting, and quarterly reviews.

The reporting service provides ongoing Microsoft data and packages it into a readable format that shows security settings at a glance, allowing institutions to easily see irregularities, such as when users sign in from Outside of the USA. Alerting sends a notification when an activity indicates that a potential compromise has occurred. With the quarterly reviews, trained experts analyze the settings, reports, and alerts and review them with administrators so they can speak with confidence to their board, steering committees, and auditors about their institution’s technology services and cloud security.

If you need help understanding how M365 Security Basics can support your financial institution’s risk mitigation or strategic planning efforts, contact us. You can learn more about this topic with our “How to Manage Security Identity and Compliance within the Microsoft Azure and M365 Ecosystem” webinar.

Important Disclaimer

The security settings that are discussed in this paper can have a dramatic impact on end-users and/or service functionality and should only be employed if deemed appropriate and after careful consideration. There are a variety of security options available, but organizations should strive to implement these technology services strategically and, ideally, through planned phases of objectives over potentially several months or even years. The recommendations, statements, and other concepts contained within this paper are provided primarily for the consideration of IT Administrators of financial institutions.

06 Dec 2021
How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

With the increasing complexity of cyberattacks, financial institutions need to implement more effective—and comprehensive—security measures. They need a variety of elements to create a layered approach to secure their data, infrastructure, and other resources from potential cyberthreats.

Many organizations rely on a castle-and-moat network security model where everyone inside the network is trusted by default. (Think of the network as the castle and the network perimeter as the moat.) No one outside the network is able to access data on the inside, but everyone inside the network can. However, security gaps may still exist in this model and others. The best approach to compensate for gaps is to surround the network with layers of security.

The basic “table stakes” for a layered security approach include a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process. Banks and credit unions could also invest in additional and more sophisticated layers but each one will have associated acquisition and management costs, along with ongoing maintenance. So, it’s prudent for institutions to invest only in the number of layers/solutions they can competently manage.

Key Concerns

Today the top IT security concern for many organizations is ransomware. Due to the proactive measures many financial institutions have taken, the banking industry has fewer security breaches than health care and some other industries thus far. However, when a breach does happen to a financial institution, the impact is more costly than breaches occurring in other industries.

Four-Layer Security Formula

With these concerns in mind, here’s a four-layer “recipe” organizations can employ to improve their security posture:

  • Training and Testing: Using email phishing tests can serve as a good foundation for minimizing BEC and other social engineering threats.
  • Network Design: Institutions should refresh older networks to segment their components into different zones. It’s no longer sufficient to have servers, workstations, and printers sitting in one IP space together.
  • Domain Name System (DNS) filtering: DNS filtering prevents potentially damaging traffic from ever reaching the network. Because it proactively blocks threats, this makes it one of the most effective and affordable security layers institutions can apply.
  • Endpoint Protection: Institutions should have this type of protection on each of their endpoints, and the best endpoint protection tools have built-in ransomware solutions.

Other Important Considerations

It’s important to back up data regularly and ensure that those backups are well beyond the reach of ransomware and other threats. (Backups done to a local server that’s on-site and are still on the network may be susceptible to ransomware.) One way to address this issue is to have immutable backups, which are backup files that can’t be altered in any way and can deploy to production servers immediately in case of ransomware attacks or other data loss. Another option is to send backups to a cloud solution like Microsoft Azure Storage, which is affordable and easy to integrate because there are no servers to manage.

Another crucial element in security is Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption protocol, which can be somewhat of a double-edged sword. About 80 percent of website traffic is encrypted to protect it from unauthorized users during transmission. Traditional firewalls don’t have the ability to scrutinize traffic against a content filtering engine, which means savvy hackers can hide ransomware and other dangerous content inside. But firewalls with advanced features are capable of TLS/SSL inspection; they can decrypt content, analyze it for threats, and then re-encrypt the traffic before entering or leaving the network.

There’s an array of security solutions that institutions can implement to establish layered protection against cyber threats. For more insights about this topic, listen to our webinar on “Cyber Threats, Why You Need a Layered Approach.”

16 Nov 2021
Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security

Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security

Using the Free Features of Microsoft Azure AD and O365/M365 to Enhance Cloud Security

Microsoft Azure Active Directory (Azure AD) and Office 365/M365 have a variety of free security settings that financial institutions can customize to their needs. These settings are important because they can enhance an institution’s cloud environment and operational security—and they’re available to everyone with Azure AD or O365/M365. Remember, even if the license was acquired through a third party, your institution is still responsible for managing all the security features of these cloud-based solutions.

Be aware that while adjustments made to the defaults can strengthen your cloud security, they will also impact the way people use the products. For instance, multifactor authentication (MFA) is a great first step at improving the security of your cloud environment but does impact how your users will log in.

Here are some other important free security settings you can optimize in Azure AD and/or O365/M365 to enhance security:

  • Global Auditing — The global auditing feature logs events that happen across Azure AD and O365/M365. It is advisable to enable Global Auditing. The information gained with this feature can help troubleshoot problems and investigate issues. Once Global Auditing has been enabled, it can take about 24 hours for the new setting to take effect.
  • Alert policies — Alert policies are designed to help you monitor threats against your existing resources. There are default built-in policies, and you can also create additional custom policies for free on your own. Keep in mind, you need to set the target recipient(s) for these policies.
  • Sharing in Microsoft OneDrive and SharePoint — Since these products were created to foster collaboration, their default setting is normally set to enable external data sharing. This allows users to create anonymous access links that make it possible for anyone in any organization with OneDrive and SharePoint to sign in and view their information. It is recommended that you review the level of sharing to control the flow of data based on what is appropriate for your organization.
  • External access in Microsoft Teams — Teams is set up by default to make it easy for individuals to connect with users located anywhere in the world, even in other organizations. You should review the platform’s security and compliance settings to ensure it fits your organization’s standards. You can block all external domains to restrict users’ ability to communicate externally.
  • Enterprise applications — Enterprise apps can represent a huge risk if users have the freedom to add them on their own. You can change the security setting to prevent anyone from randomly adding apps without the administrator’s approval. When this feature is activated, Microsoft will block users’ attempts to add apps and notify the administrator, who can approve or deny their requests.
  • Application registrations — Similarly, institutions can alter their security features to block users from registering any applications. There’s rarely a reason to allow users without administrative rights to create app registrations, so reviewing and/or adjusting this setting is essential.

Making these adjustments will help you to maintain control over users’ activities and tighten security. To learn more about M365 security topics, listen to our recent webinar, Ask the Experts: O-M365 Security Basics for IT Administrators.

Safe Systems’ M365 Security Basics solution provides visibility into these and other security settings and allows banks and credit unions to regularly monitor and review their configurations making it easier for them to manage their Azure AD and O365/M365 accounts.

26 Oct 2021
Glennville Bank Strengthens Security Posture with CloudInsight™ M365 Security Basics

Glennville Bank Strengthens Security Posture with CloudInsight™ M365 Security Basics

Glennville Bank Strengthens Security Posture with CloudInsight™ M365 Security Basics

Our CloudInsight™ M365 Security Basics solution is helping community financial institutions increase their security posture. Take Glennville Bank, for example. The Georgia community bank, which has $312 million in assets, seven locations, and 66 employees, jumped at the chance to capitalize on the service to identify and secure threats to its Microsoft 365 settings. M365 Security Basics provided the bank with greater visibility into cloud security settings for Azure Active Directory (Azure AD) and M365 tenants through reports and alerts.

Like most financial institutions, Glennville Bank leverages technology to better serve its customers and maintain its operations. Also, like other institutions, the bank has a variety of Microsoft licenses, and managing the security settings for these products became difficult and time-consuming, particularly for Glennville Bank’s network administrator, Zach Horn, who describes his proficiency with Microsoft as “fairly limited.”

“Given the complexity of our cloud tenant settings, I’m not comfortable enough with Microsoft or their updates to manage every setting correctly,” Horn explained. “With all the potential security risks out there, I knew I needed reports that could help me identify risky security settings, monitor identity controls, and ensure our configuration matches our information security policy.”

With M365 Security Basics, Glennville Bank was able to set data trends and identify several settings that needed addressing, such as creating a baseline for failed logins. The bank also discovered that its user access details were often inconsistent, and through the M365 Security Basics service they received easy-to-follow instructions for correcting the problem. “Safe Systems did a great job fine-tuning the product to the demographic we needed,” Horn said. “Their knowledge has been helpful in pointing me in the right direction in knowing which Microsoft licenses I need to go to in the future.”

Product Highlights

M365 Security Basics is the first offering in Safe Systems’ CloudInsight™ family of products. It’s specifically designed for community banks and credit unions that have Microsoft 365 products (Exchange Online, SharePoint, or OneDrive), use Azure AD, and store non-public information in the cloud. M365 Security Basics’ reporting, alerts, and quarterly reviews are customized to help financial institutions improve their cloud security awareness by identifying potential risks and common signs of compromise. The product is developed by engineers who hold dozens of certifications, including the Microsoft 365 Certified: Security Administrator Associate certification. M365 Security Basics makes it easier for institutions to monitor their configurations for current and new features that are automatically enabled by major cloud providers like Microsoft Azure.

The powerful reporting from M365 Security Basics enables financial institutions to review vital Microsoft cloud tenant settings. This allows them to recognize unsafe security settings, examine identity controls, make sure their configuration is consistent with their information security policy, and demonstrate this to examiners and stakeholders. Reports are available as “Summary” versions (with brief information, such as the Tenant Summary and User Summary) and “Details” versions with more in-depth data. (Glennville Bank uses the Tenant Summary to highlight important issues during IT steering committee meetings.)

M365 Security Basics also offers alerts and quarterly reviews as add-on services. Alerts provide notifications about the most common indicators of compromise (like unauthorized access) and are grouped under Azure AD Roles, Azure AD Sign Ins, OneDrive, SharePoint, and Exchange Online. The quarterly reviews give institutions a periodic, objective analysis of their recent M365 Security Basics reporting, so they can gain a better understanding of their Microsoft 365 tenant security.

CloudInsight™ M365 Security Basics not only helps financial institutions like Glennville Bank secure their information but also makes it easier to compile data required for examiners. Read the complete Glennville case study to see how your organization can benefit from M365 Security Basics.

08 Sep 2021
Key Terms FIs Need to Know for Microsoft 365 (Office 365) and Azure Active Directory

Key Terms FIs Need to Know for Microsoft 365 (Office 365) and Azure Active Directory

Key Terms FIs Need to Know for Microsoft 365 (Office 365) and Azure Active Directory

Many financial institutions rely on Microsoft 365 (formerly Office 365) and Azure Active Directory (Azure AD) to access resources that can enhance their employee productivity and business operations. Here are some basic, but important, terms to keep in mind for these products:

  • Microsoft 365 (M365) versus Microsoft Office (O365)

Microsoft announced early last year that it was rebranding most of its O365 products to M365.

“We are changing the names of our Office 365 SMB SKUs on April 21, 2020. Yes, that’s right, the Office 365 name is hanging up its jersey and making way for Microsoft 365.”

Because Office 365 was so widely used, it has taken a while for this name change to catch on. Adding to the confusion, Microsoft already had M365 products prior to the name change. In most cases today, M365 and O365 are terms that are used interchangeably.

  • Azure AD

Microsoft Azure AD is a cloud-based identity and access management service that enables users to sign in and access various resources. You may be familiar with Active Directory as your on-premises identity management platform. What you may not realize is this: When you purchased M365, you received Azure AD along with it. Azure AD allows your employees to sign into resources like M365, the Azure portal, and other SaaS applications. They can also use Azure AD to sign into some of your institution’s other resources, such as apps on the corporate network and intranet.

  • Azure AD Sign in

Since all O365/M365 services are funneled through Azure AD, whenever employees try to access these resources, they must first sign in to Azure AD. Essentially, Azure AD facilitates sign-in attempts by authenticating users’ identities. Because Azure AD works behind the scenes, employees may not realize they’re not directly signing into O365/M365.

  • Basic versus Modern Authentication

Customers of O365/M365 and Azure AD can choose basic or modern authentication to access their services. Basic authentication requires simple credentials like a username and password while modern authentication goes a step further with multi-factor authentication. This advanced login protocol requires a username, password, and another identity verification such as scanning a fingerprint, entering a code received by phone, or using the Microsoft Authenticator app. This adds another layer of protection to the sign-in process before users can access their O365/M365 and Azure AD accounts.

Safe Systems can make it easier for financial institutions to strengthen their security posture when using cloud-based solutions like M365 and Azure AD. M365 Security Basics provides visibility into security settings for these products through in-depth reporting, alerting, and quarterly reviews.