Protect Your Campus With a Zero-Trust Cybersecurity Approach
Transcript of Protect Your Campus With a Zero-Trust Cybersecurity Approach
Thank you for joining us! The web seminar will start promptly at 2:00 ET.
Welcome to today’s University Business web seminar
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
Kurt Eisele-Dyrli
Web Seminar Editor
University Business
Chris Irwin
Partner and CTO
Forsyte IT Solutions
Sam Buckhalter
Security and
Compliance Technical
Specialist
Microsoft
lobby
Thank you for joining us!
The web seminar will start shortly at 2:00 ET.
For technical support:
Use the Chat panel at the right of your screen. Select the name of our event
Host, Jason York, and type your message.
No computer speakers? Prefer to listen privately?
Dial the phone number and access code posted in the Chat window.
To submit a question to our panel:
Use the Q&A panel at the right of your screen. Send your question to All
Panelists, the default option.
Don’t see a panel?
Click the “expand panel” triangle in front of the panel name.
Need to access the presentation at a later time?
Everyone will receive an email with links to the slides and the archive
recording.
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
“Chat” for tech support
“Q&A” for panelist questions
Welcome to today’s University Business web seminar
Welcome to today’s University Business web seminar
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
Kurt Eisele-Dyrli
Web Seminar Editor
University Business
Chris Irwin
Partner and CTO
Forsyte IT Solutions
Sam Buckhalter
Security and
Compliance Technical
Specialist
Microsoft
This web seminar is sponsored by:
Welcome to today’s University Business web seminar
Welcome to today’s University Business web seminar
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
Kurt Eisele-Dyrli
Web Seminar Editor
University Business
Chris Irwin
Partner and CTO
Forsyte IT Solutions
Sam Buckhalter
Security and
Compliance Technical
Specialist
Microsoft
lobby
Housekeeping
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
For technical support:
Use the Chat panel at the right of your screen. Select the name of our event
Host, Jason York, and type your message.
No computer speakers? Prefer to listen privately?
Dial the phone number and access code posted in the Chat window.
To submit a question to our panel:
Use the Q&A panel at the right of your screen. Send your question to All
Panelists, the default option.
Don’t see a panel?
Click the “expand panel” triangle in front of the panel name.
Need to access the presentation at a later time?
Everyone will receive an email with links to the slides and the archive
recording.
“Chat” for tech support
“Q&A” for panelist questions
Welcome to today’s University Business web seminar
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
Kurt Eisele-Dyrli
Web Seminar Editor
University Business
Chris Irwin
Partner and CTO
Forsyte IT Solutions
Sam Buckhalter
Security and
Compliance Technical
Specialist
Microsoft
Sam Buckhalter
Microsoft Technical Specialist
Security & Compliance
Chris Irwin
Chief Technology Officer
Forsyte I.T. Solutions
What is Zero-Trust?
• Literal – You can’t build and manage a
practical strategy around absolutes
• Adjective – You aren’t going to “be” Zero-Trust
• Product – There is no such thing as “Zero-Trust
technology”
• Revolution – You can build on what you have
What Zero-Trust Isn’t:
• Everything is open to the Internet
• Trust NO single source
• Breach containment
• There aren’t enough people
What it means to have a Zero-Trust Mindset …
Identity Challenges for Today’s Organizations
Explosion of apps, devices,
and users outside of the
corporate network
Increase in identity
attacks and lack of
visibility and control
Evolving data privacy and
security regulations to
comply with
Demands for increased
productivity and
IT modernization
The intelligent, connected cloud introduces
both opportunity and risk
81%of hacking breaches leverage
stolen/ weak passwordsVerizon 2017 Data Breach Investigation Report
73%of passwords are duplicatesMicrosoft 2018
80%of employees use non-approved
apps for workMicrosoft 2018
TECHNOLOGY HAS CHANGED THE WAY WE DO BUSINESS.
PROTECTING COMPANY ASSETS REQUIRES A NEW APPROACH.
Common identity platform:
Office 365
Active
Directory
Domain
Services
Azure
Active
Directory
Synchronization
Service
Azure
Active
Directory
Azure Active Directory (AAD or Azure AD) is the underlying
identity platform for multiple cloud services
Att
rib
ute
Sto
reA
uth
entica
tio
n
Azure Active
Directory3rd party applications
810,000active apps integrated with
Azure Active Directory
September 2018
ServiceNow
Google Apps
Workday
SuccessFactors
Schoology
Concur
Salesforce
Workplace
by Facebook
Myday
Canvas
Cornerstone
OnDemand
Blackboard
Learn
Clever
Box
Firefly# monthly active users
20Mmonthly active users
of 3rd party apps
Seamless access to apps:
Azure AD
Connect
On-premises /Private cloud
Microsoft Azure Active Directory
Identity is the new control plane.
Assume every resource is on the open internet.
Never trust. Always verify.
Microsoft Threat
Protection
Identities Endpoints User Data Cloud Apps Infrastructure
Users and admins Devices and sensors Email messages and documents
SaaS applications and data stores
Servers, virtual machines, databases,
networks
Microsoft Intelligent Security Graph6.5 trillion signals per day
Microsoft Intelligent Security Graph
Microsoft Zero-Trust Solution
Device
Managed or BYOD
Health & compliance
Device risk
Type and OS version
Encryption status
MicrosoftAzure AD
MicrosoftDefender ATP
MicrosoftIntune
Azure Sentinel
MicrosoftInformation Protection
MicrosoftCloud App
Security
MicrosoftAzure ATP
User
Groups/Role
Location
Privileges
Session risk
User Risk
Security &
Compliance
Policy Engine
Technical Details – Zero Trust User Access
University Use Case: Large University System
• Azure B2B accounts, offloading the identity
management lifecycle to participating schools
• Azure SSO for SaaS apps
• Azure Application Proxy for legacy on-prem apps
• Privileged Identity Management (PIM)
• mCAS to assist with security
SCENARIO: Large university system was looking to build a central Azure environment to
provide hosting and shared services, as well as increased collaboration between schools.
TACTICS
University Use Case: 18K Student School
• Azure SSO for SaaS apps
Azure app proxy for legacy applications
• Azure Conditional Access w/MFA
• Azure AD Identity Protection
SCENARIO: Mid-sized university with roughly 18k students on-premise had a fast-growing
distance learning program with an increasing number of users who never come to campus.
TACTICS
University Use Case: University System with Hospital
• Azure AD
• Windows Virtual Desktop to provide
VDI for med apps
• Azure Conditional Access
• Privileged Identity Management (PIM)
• mCAS
• Azure ATP
• Defender ATP
SCENARIO: University with a hospital provides IT services to local clinics and doctors.
TACTICS
Best Practices, Strategies & Key Takeaways
Use mCAS to help discover “Shadow IT.” mCAS also couples well with Windows Defender ATP.
While we are still a ways away from getting rid of
passwords entirely, there are several technologies
that will help make the move easier:
• Microsoft Passwordless Authentication
• Biometrics
• Windows Hello
• FIDO2
Azure conditional access
is a great way to reduce
auth fatigue and drive
user adoption.
Use mCAS to monitor your
Microsoft SaaS solutions:
mCAS is a valuable tool and
can also monitor a variety of
3rd party apps (Box, Google,
ServiceNow).
Have a question for our presenters? Submit it through the Q&A at the right. Q&A
Protect Your Campus
With a Zero-Trust Cybersecurity Approach
Q&A
Kurt Eisele-Dyrli
Web Seminar Editor
University Business
Chris Irwin
Partner and CTO
Forsyte IT Solutions
Sam Buckhalter
Security and
Compliance Technical
Specialist
Microsoft
University Business is the leader in editorial coverage of news, trends
and current issues in higher education.
Subscribe for FREE and stay up-to-date through our print magazine, digital edition, enewsletters
and web seminars.
Print magazine
UB Daily, Campus CIO
and other enewsletters
Web seminars
Digital edition and website
Thank you for joining us!
The archive recording of this web seminar will be available
for you to review, or share with members of your team, at:
http://www.UniversityBusiness.com/Web-Seminars
You will also receive an email
later with a link to the slides.