top of page
potter707

What am I accessing?

Updated: Jan 6




Hey everyone, Mary here. The day to day is hectic to say the least. I’m constantly pivoting between browser tabs and windows. I never log out unless the application times out or automatically logs me out. This can be annoying and then for some reason after about (7) days, I must re-authenticate via my authenticator app. Does any of this sound familiar to you?




Anyway, I use numerous applications including the Microsoft Office Suite (Email Outlook, SharePoint, Teams, PowerPoint, Excel, and Word), Asana and Monday for Project & Task Management, Slack and Zoom, Google Analytics and HubSpot for Data Analytics, Facebook Ads Manager, Instagram, Google Ads, LinkedIn Campaign Manager, and HootSuite for Ad Mgmt. & Social Media, MailChimp and Marketo for Marketing / Marketing Automation, Salesforce for CRM, and Canva, Adobe Photoshop, Adobe Illustrator, and Figma for Design & Content Creation. You might be asking yourself why do you use 2 or 3 tools for the same business function? This is because my partners and vendors have granted me access to their platforms for ease of use and collaboration. As you can see, I connect to various applications and platforms to manage campaigns, analyze data, and communicate with team members and external stakeholders. 


Now that we know what Mary accesses and utilizes daily, let’s go back to the foundational layer of Governance and consider how Mary has been provisioned in the HR system of record (e.g., Workday, Bamboo, ADP), which ties into and integrates with the organization’s Identity Governance solution. Since Mary’s roles, groups, and permissions have been defined, configured, and provisioned, we can ask why they’ve been granted the access they’ve been given, if it aligns with the principle of least privilege, which is one of the pillars of ZeroTrust, and how is Mary accessing and authenticating to the applications. 


Access and Authentication controls include a Secure Access Service Edge (SASE), Identity Provider, Firewall, WAF and MFA. These are the first lines of defense for mitigating and reducing the likelihood of a data breach, which can be the result of weak passwords, shared credentials, no MFA, weak MFA such as SMS, the inability to detect bots and prevent credential stuffing,  and configuration policies (e.g., MFA for onboarded users and admins, Blocking legacy & insecure protocols, Device Posture Checking, SharePoint Disabling “Anyone with the Link” access, RBAC, ABAC) that are antiquated, misconfigured, and non-compliant.  


The approach to access and authentication should be multi-layered and interoperable. A recommended starting point is a baseline analysis of the identity inventory (e.g., users and machines), applications including support for SSO, control coverage, gaps in control coverage, risky apps and users, shadow apps and access, and configurations (e.g., policies, compliance, vendor interoperability & integration). Once a baseline inventory has been established, it is easier to pivot and focus on prioritizing remediation and either fine tuning or establishing Access Lifecycle Management. An integral part of the Access Lifecycle is a SASE function. For a closer look at Loom Lens ZTNA Core and Loom Lens SASE Enhanced:


Loom Lens Core (Powered by Cato)

  1. FWaaS with Physical Firewall Policy Optimization

  2. Secure Web Gateway

  3. Least Privilege Identity Provisioning

  4. Secure Device Standards

Loom Lense SASE Enhanced (Powered by Cato)

  1. SD-Wan

  2. Sensitive data protection (DLP)

  3. Risk-based application access control (CASB)


Sign up to watch a video from our experts discussing the beginning stages of Marketing Mary's journey with Loom!

13 views0 comments

Recent Posts

See All

Comments


bottom of page