From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Security in the modern era

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Security in the modern era

- When developing a security plan for your organization, there are many things to keep in mind. Are you the only security admin in the company? Or are there already others who handle security? If there's others, you'll be working with a security specialist rather than on your own. You'll need to take advice from them on security matters. If you're the only person who handles security along with your CIS admin duties, you have a lot more to consider. I suggest you begin with a layered approach. A layered defense is a way to say you don't trust any single type of defense. There are many different types of defenses, such as MFA, intrusion prevention, strong firewall rules, patching and updates and others. Make as many layers as you can between a hacker and your data. Hackers can either be focused on your vertical market or just looking for an easy target. Making things difficult can take out at least half of hacking attempts. Next, consider privilege separation. This goes along with Microsoft role-based access where there are lots of different roles an admin or user can have, but don't just give everyone in the company all the rights. I suggest you go even further and don't give anyone rights who doesn't need them. This can include just-in-time management, which only assigns rights when needed and then they're removed until needed again. Data loss prevention is a strategy used to determine what data is classified as needing additional security and what is more general information that may not require as much. There are many tools for DLP, such as creating keywords for emails to be flagged if anyone uses them, such as social security or credit card numbers. This information can be stopped at the door when using a strong DLP policy. This can also be applied to Teams, SharePoint, OneDrive and other products. Dynamic access can further lock down file access using properties that may already exist in your AD user profiles, such as by location or job position, among others. Device security has to do with the explosion of mobile devices on the market and how easily data can leak out to outside influences due to operating systems we have not traditionally managed. DLP policies and products like Endpoint Manager can manage all Windows and mobile device operating systems to keep them secure. You could even separate the personal files from corporate files in a mobile device using Intune. You may also need to be in charge of physical security in your organization when it comes to the ability to get to your on-premises equipment. You may need to install cameras, electronic locks and other security measures to be sure there's no easy access to your equipment. It may also mean moving some pieces to a third-party secure data center or moving the data to the cloud as needed. Security has many pieces to consider in your role as a CIS admin. Be sure to bring in experts who can help set you up for success. It will be money well spent. A quiet office where nothing exciting happens is far more appreciated than one that is in constant chaos with technology and security.

Contents