1 This increase is due in part to the rise of generative AI and large language models, which bring new opportunities and challenges for security professionals while affecting what we must do to secure access effectively.
Learn how unified multicloud identity and network access help you protect and verify identities, manage permissions, and enforce intelligent access policies, all in one place.
One of the most common questions we hear is how to secure access to AI apps-especially those in corporate and third-party environments.
Ultimately, organizations must secure their AI applications with the same identity and access governance rules they apply to the rest of their corporate resources.
This can be done with an identity governance solution, which lets you define and roll out granular access policies for all your users and company resources, including the generative AI apps your organization decides to adopt.
The access lifecycle can be automated at scale through controls like identity verification, entitlement management, lifecycle workflows, access requests, reviews, and expirations.
To enforce least privilege access, make sure that all sanctioned apps and services, including generative AI apps, are managed by your identity and access solution.
Define or update your access policies with a tool like Microsoft Entra ID Governance that controls who, when, why, and how long users retain access to company resources.
Use lifecycle workflows to automate user access policies so that any time a user's status changes, they still maintain the correct level of access.
Where applicable, extend custom governance rules and user experiences to any customer, vendor, contractor, or partner by integrating Microsoft Entra External ID, a customer identity and access management solution.
Then use continuous access evaluation with token protection features to respond to risk signals in real-time and block, challenge, limit, revoke, or allow user access.
Finally, for high assurance scenarios, consider using verifiable credentials-digital identity claims from authoritative sources-to quickly verify an individual's credentials and grant least privilege access with confidence.
This is problematic because it requires conditional access changes to be made in multiple places, increasing the chance of security holes, redundancies, and inconsistent access policies between teams.
Plus, by enforcing universal conditional access policies from a single location, your policy engine can analyze a more diverse set of signals such as network, identity, endpoint, and application conditions before granting access to any resource-without making any code changes.
The solution includes Microsoft Entra Internet Access, an SWG for safeguarding SaaS apps and internet traffic, as well as Microsoft Entra Private Access, a Zero Trust Network Access solution for securing access to all applications and resources.
When you unify your network and identity access policies, it is easier to secure access and manage your organization's conditional access lifecycle.
How to get started: Read these blogs to learn why their identity-aware designs make Microsoft Entra Internet Access and Microsoft Entra Private Access unique to the SSE category.
Securing access to your multicloud infrastructure across all identity types starts with selecting the methodology that makes sense for your organization.
Extending these controls to your machine identities will require a purpose-built tool for workload identities that uses strong credentials, conditional access policies, anomaly and risk signal monitoring, access reviews, and location restrictions.
Access security is not a one-way street, it is your continuous feedback that enables us to provide truly customer-centric solutions to the identity and access problems we face in 2024 and beyond.
This Cyber News was published on www.microsoft.com. Publication date: Thu, 11 Jan 2024 14:13:43 +0000