IAPP CIPT – How Technology can help in achieving GDPR compliance

1. What you will going to see in this section

Hi guys. In this lesson we’ll discuss what you’re going to see in this whole section number eight. And after we manage to fill in and to see all the documents you need to create and use in order to become GDPR compliance, either your company or your client, then in the end, the report will have some recommendations. And usually these recommendations solutions are filled in with technology. So right now in this section, I want to show you pieces of technology, pieces of security services that can help an organization achieve GDPR compliance and fill in the gaps already assigned through the gap assessment and through all the processes that we already defined in the last section.

So I’ve chosen a cloud platform, which is Microsoft Azure, in order to demonstrate some concepts. Just because right now cloud security is a hot topic and using cloud services has a lot of benefits. You don’t need to have the on prem hardware machines, you don’t need to process and to have all these data processes, data processing machines in your own prem environment. You can just use the data and do all the processing activities and everything that’s regarding analytics in the cloud related to security. So what we’ll discuss about is we’ll discuss about Asia Active Directory as a start, so managing the identities, protecting the identities.

We’ll discuss about privileged identity management, we’ll discuss about mobile productivity and how mobile devices can be integrated in an environment. We’ll discuss about ways to control and to have visibility about cloud applications that your users from the on prem environment they are accessing, like Facebook, like LinkedIn, like Box, like Dropbox. And we want to know how the information and what data is processed through these cloud applications. We will speak about classification, labeling and protection of files and emails because this is how the data will flow between different users or different applications. And we want to protect the information from one end to another. And then we’ll discuss about different ways of achieving a level of protection at the endpoint level, what is incident response? What is the automation in incident response and how we can achieve that.

And for sure, we’ll go also a bit for companies that have their infrastructures already in the cloud and they can use some services in order to protect and to get some insights about what’s happening in their virtual machines right there. So Microsoft Azure is the demonstration platform. You can have similar, let’s say, features for other cloud platforms, but Microsoft developed some really nice tools and features which are different products in their cloud platform that you can, that your customer or your company can buy and use in order to become GDPR compliance. So let’s see what we can get here.

2. Identity Protection demo (AAD IP)

Hi guys. In this lesson, we’ll discuss about identity protection. So, identity protection is part of product called Azure Active Directory Premium P Two. Microsoft has two licensing modules for premium Azure ad. P One and P Two. P two has two features that we will discuss in this lesson and the following one identity protection and privileged identity Management. So first, what is Azure? Active directory. So, Asreactive Directory is the cloud version of the Active Directory, I can tell you that this is one of the requirements for other features Microsoft is using.

So, in order to use some cloud security products, they would need to use the identities list from their cloud platform from Asia. So what you need to do, you don’t need to go and create an infrastructure in Asia. What you can do is to install a connector in your own On Prem environment and practically synchronize the identities from the On Prem Active Directory to Azure Active Directory. What’s happening in that moment is practically azure Active Directory will become the single point of authentication from all your applications for all your users. So when the user would like to log in to an application, he will be prompted to Azure Active Directory. Azure Active Directory will check the signings by connecting and talking with the Onprem ad, verifying that that user is able to access these resources and then giving the users credit for the login. So, practically everything that’s related to single sign, on to authentication, to authorization will be handled by Azure Active Directory. So the connector that I was discussing is called Azure ad Connect.

So practically you should download this, install it in the Onprem environment. There is a separate procedure already defined by Microsoft. Then you will connect this Azure ad connect to your tenant in Azure Active Directory. And practically the synchronization will start to happen. So the end result will be that here in your users and groups, you will have all your users synced from the On Premad. And practically you will see all the users and all your groups from the Active Directory. Right now, in my demo environment, I don’t have the sync enabled. All my users are created from the cloud. But this will look in the same way when you do the synchronization. So, from here, you can define how the authentication portal will look like. You see here, company branding. You can enable single password reset options for your users, so they don’t need to contact the It department when they need to change their passwords. You can look for the outer clock.

So you can do a lot of things, important areas. So if you have your applications that are not publicly available, they are not web application. Let’s say these are applications you developed by your own team. So you can use the application proxy and that’s another connector in order to connect those On Prem applications to Azure Active Directory. So, Azure ad will know what to look for and who to speak to in order to see if a specific user will have access to that application. Then you have an area of enterprise applications. So here in Enterprise Applications, you will define your business applications that your users need access to. And practically you will also define single sign null for all these applications for a different group of users. So, just to give you a simple example, when you go to all applications over here, let’s say I’m going to Salesforce. com, right? I want to enable single sign on. This is not enabled. I will choose the Sml based single sign on.

So practically here there are different configurations that need to be performed either on the Salesforce site, either on the Azure site, but you can have it here. There is a button configure Salesforce. So the portal will show and it will present step by step what you need to do in order to configure this integration, right? So anything that needs to be done at the salesforce level and then everything that needs to be configured also in the Azure Portal. So what we use from the Azure Portal and put there like this Azure Ad SAML Identity Entity ID, different configuration patterns that needs to be added to the cell for Salesforce in order for that application to communicate with the Azure Ad. So when this is already configured and is configured in a proper way, all the users that want to authenticate to Salesforce will be sent to Azure Ad and the authentication will be managed by Azure Ad. So coming back right now, I will show you what this Identity Protection means. So, Identity Protection is a service developed by Microsoft for the Azure 80 customers. So Azure Identity Protection is a security service developed by Microsoft for their Azure Ad customers. This is based on the security intelligence Microsoft developed from Cloud. And they are looking at sign in and they are looking at the users that come into sign in. So they are able to identify when a specific request for authentication in a specific application has some sort of a risk. So they are looking at users that try to log in right now from France and after 30 minutes they try to log in from Germany or from Brazil.

And this is suspicious. Then they are looking for users or IP addresses that already delivered malware in the worldwide level. They are looking for IP addresses that come from central command control centers or malware systems that are already known in the market. But they’re also searching the Dark Web to see that specific user accounts like username and passwords are already hacked and this group of identities are already shared in the Dark web. So again, that’s another risk. So if you take a look here at the risk events, you will see that we have signings from anonymous IP addresses, users that are trying to use, I don’t know, Tor browsers for example, or different sort of VPNs at the endpoint level in order to hide their identity, or signings from unfamiliar locations. So you usually sign in from Czech Republic, but somehow right now you’re signing in from Thailand.

This is not necessarily something suspicious, but this is something that we can investigate on or request more authentication methods like a two factor or something else. So in terms of users, they are analyzing the level of security of that user, so how that user performed on a timeline basis, if there were some suspicious actions developed by that user one week ago, one month ago, at what endpoints or from what IP addresses, from what applications and what was the result of those actions. So all of these factors we analyze it, we correlate and practically the end result is, well, we consider that as a medium high or low risk level action. And based on the policies the user configures here in the portal, in the user risk or signing risk policy, then the system will perform an action. So in terms of signing risk policies, you assign all your users, you assign some conditions and the conditions usually say this is what you need to do. If there is an action with medium or low or high risk levels, I specify the conditions and then I specify the control.

So usually if I want to block it, then I block that authentication. If I want to allow it, I can enforce multifactor authentication. So the user must need to register, let’s say, his phone, and he should receive a security pin or a call to that phone number in order to properly authenticate that session. So in order for the system to be sure that he is the real user who is trying to authenticate. So for the sign insof is looking in blocking or in allowing with enforcing MFA for the users, and the users with, let’s say, suspicious activities in the past, then it’s similar way. So the user same conditions apply, I mean the risk level and you can create a policy for all these risks. So a policy for low, a policy for medium, a policy for high, or a policy that bundles more. And then here the controls are blocking or allowing with password change. So I allow this user to authenticate if he’s changing his password, right? So after the password is changed, then the user is allowed to log in because I know he’s the one who requested the change. We have a two step password change mechanism.

So again, it’s sort of a multifactor authentication. Again, so you can do these sections when the system tells you that somehow this is a suspicious activity, you can see everything that’s happening in the audit logs in the Asia Active Directory. So you have an area of signings and you have an area of audit logs. So in the audit logs, practically you see all the actions happening, everything who is connected, updated different things that happened at the platform level and in activity. Practically in the signings you will see users who sign in right now is the administrator. If the sign in status is success or failed, if it was MFA, multifactor authentication required or enforced and what is the result of the MFA and practically all these details. And you see also the application that the user tried to access. So this is how you can control the security of your authentication of security of the user who is trying to authenticate to your application. So it’s not necessary that you limit the access to your own users, but you need to confirm troll when sort of a user account is hijacked where an account, a cover was already performed by an attacker.

• Category: Uncategorized