As organisations around the world face a pandemic, businesses are quickly focusing on how to overcome serious challenges. One of these is how to enable a significant portion, if not all, of our workforce to work securely from home. Keeping people safe is at the forefront of this process. Organisations also want to keep their business and sensitive data secure at the same time. We are here to help you get a better understanding of all the security risks and learn the steps to prevent unnecessary risk. While every organisation is different and every journey will be unique, there are a couple of approaches that allow businesses to operate in a risk-appropriate manner by enabling better access to security decisions. On this webinar recording we share some of our insights, experience and customer stories, addressing some of your queries and concerns. See the recording at https://www.intergen.co.nz/ReimagineWork

1. Securing the new remote workforce

2. Introducing your speaker…
Gavin van Nierkerk
Practice Lead Modern Workplace
Lead Cybersecurity Team

3. LESS THAN
3%

4. GREATER THAN
98%

5. 3%Your security designs
are all focused on this
being the assumption
98%98% - Your security
designs need to
shift focus

6. Media

7. THE COVID-19 PANDEMIC HAS UNLEASHED A WAVE OF
CYBER ATTACKS – HERE’S HOW TO PROTECT YOURSELF

8. On-premise/
private cloud

9. Approach

10. Zero Trust/Lean
Trust isn’t…
<what?>
“Strong identity + device
health + least privilege
user access and verified
with telemetry”
LITERAL
You can’t build a practical strategy around absolutes
AN ADJECTIVE
You aren’t going to ‘be’ Zero Trust
FOR SALE
There’s no such thing as ‘Zero Trust’ tech
INSTANT
You can’t boil the ocean
A REVOLUTION
Build on what you’ve got

11. Making Zero Trust a reality Do you know what <Zero Trust> is?
Have you established a v-team
with your stakeholders?
Do you know where you are at today
with your <Zero Trust> journey?
Do you have buy-in from C-level?
An approach to security which
assumes pervasive risk
How do we behave in an
environment of pervasive risk?
TRADITIONAL
OPTIMAL
ADVANCED
MATURITY MODELStrong Authentication!
Enrolled & Managed Devices
Risk based management –
Identity, Device, Session

12. Every company is at a different stage of their
journey to the cloud. Maybe identity and
device management are your top priorities,
or you are digging into multi-factor
authentication (MFA) or desktop virtualisation.
Every IT leader needs to define the priorities to
enable productivity from anywhere across their
organisation’s workforce.
We get that, and we want to help.
The Journey

13. Assumptions vs. Reality
Users are employees
Corporate managed devices
On-premises apps
Corp network and firewall
Local packet tracking and logs
Employees, contractors, partners & customers
Bring your own device
Explosion of cloud apps
Expanding perimeter
Overwhelming source of available signal

14. Customer Questions
Customer 1: How can Employees enrol their devices into device
management to gain access to company resources?
Risk Mitigation: Trusted devices (only). Potentially Intune
Scenario 2: How can Security Teams enforce device health checks per
application or service?
Risk Mitigation: Trusted devices + health (Intune + Defender ATP) +
secure app access (Cloud Application Security).
Scenario 3: How can Employees and business guests have a secure way to
access corporate resources when not using a managed device?
Risk Mitigation: Non-trusted devices (Conditional Access Application
Control e.g. secure email).
One of the biggest benefits of Zero Trust is a
change in mindset. An approach to security
which treats every access attempt as if it’s
originating from an untrusted network.

15. Plan

16. Major Phases
Verify identity
Verify device
Verify access
Verify services
All user accounts
set up for strong
identity
enforcement
Strong identity
enforced for
O365
Least privilege
user rights
Eliminate
passwords –
biometric based
model
Device health
required for
SharePoint,
Exchange, Teams
on iOS, Android,
Mac, and
Windows
Usage data for
Application and
Services
Device
Management
required to tiered
network access
Internet Only
for users
Establish solutions
for unmanaged
devices
Least privilege
access model
Device health
required for
wired/wireless
corporate network
Grow coverage
in Device health
requirement
Service health
concept
Device
management
not required
Single factor
authentication
to resources
Capability to
enforce strong
identity exists
Pre-Zero Trust
U S E R & A C C E S S T E L E M E T RY

17. 1. Connect all apps for Single Sign On
2. Strong Authentication using Multi-Factor Auth and Risk Detection
3. Enforce Policy Based Access for breach containment
Identity teams – here is your to-do list:

18. 1. Register devices with your Identity Provider
2. Implement MDM based security baselines and compliance reporting
3. Use endpoint threat detection to monitor device risk
Device teams – here is your to-do list:

19. Network & Infra Security Teams – here is your to-do list:
1. Enable a Cloud Workload Protection solution across your estate
2. Reduce attack surface by enabling just-in-time
3. Use cloud-native controls to create micro-perimeters with real-time threat protection

20. 1. Agree on a label taxonomy and classify all documents and emails with the default label
2. Apply real-time protection to high risk scenarios: sensitive data and unmanaged access in apps
3. Perform Shadow IT discovery and a cloud control program
Apps & Data Security Teams – here is your to-do list:

21. Next Steps

22. We have run a number assessments for
customers to understand how their security
models and architecture may need to change
in our remote working world.
We are concerned at the decreased control
businesses have over their overall security
posture.
…and we want to help.

23. Next Steps…
Take the self assessment:
https://info.microsoft.com/ww-landing-Zero-Trust-
Assessment.html
Feel free to share the results if you want and we can
provide insights and guidance.

24. Next Steps…
Visit our page
https://www.empired.com/reimaginework
https://www.intergen.co.nz/reimaginework
Contact us
contact@empired.com
info@intergen.co.nz

25. Questions?

27. Sample Architecture

28. Corporate
Network
Geo-location
Microsoft
Cloud App SecurityMacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Require
MFA
Allow/block
access
Block legacy
authentication
Force
password
reset******
Limited
access
Controls
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Physical &
Virtual Location
Client apps &
Auth Method
Conditions
Machine
learning
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy
Azure AD Conditional Access

29. Thank you!
For more information please follow contact us here:
Linkedin.com/company/empired-ltd
Facebook.com/empiredltd
Twitter.com/empiredltd
Linkedin.com/company/intergen
Facebook.com/teamintergen
Twitter.com/teamintergen
Australia
Gavin van Nierkerk
Practice Lead
Gavin.vanNiekerk@empired.com
New Zealand
Victor Philp
Solutions Manager
victor.philp@intergen.co.nz