Cloud Solutions – Conditional Access
What is Conditional Access?
Conditional access utilises signals to make decisions and enforce organisation policies. They are, at their core, if-then statements. For example, if a user wishes to complete an action, like sign-in to an application, then they must go through a multi-factor authentication verification.
Why Conditional Access?
The modern security approach now extends beyond an organisation’s network to include both user and device identities.
Conditional access policies can be utilised as part of your approach to modern day security best practices of zero trust. At its simplest, zero trust adoption requires a mindset of “assuming breach”.
This means that you should always assume your network, device, user, or application has been breached and there is a malicious threat.
If you adopt this mindset you can look to minimise damage and reduce lateral movement of a threat through several means, including network segmentation, granting just enough rights to identities, only when they need it and verifying access explicitly.