Where in the World is Matt Lee?
Matt Lee, Iconic IT’s Director of Technology and Security, builds a first-of its-kind Privileged Identity Management solution with Microsoft, talks about “Living Compromised,” and bids good riddance to Adobe Flash.
I found myself jumping into the new year with seven security meetings in the first week of January. I also did a deep dive into tickets, helping our own Jason Farmer catch up a little. I participated in several advisory panel meetings and prepared for Iconic IT’s webinar, Enabling Remote Work and Improving Company Culture.
The next week was more of the same, with eight more presentations and even more tickets to resolve, and the last weeks of January involved back-to-back…to back…meetings and presentations. One of the fun things I got to do was a thirty-minute cybersecurity awareness training class for a business in Denver. Paul Beecher, from our Dallas Fort Worth branch, originally created this presentation and used it himself last month. Score for cybersecurity awareness!
I’ve had lots of Microsoft meetings, and have recently starting advising on Global Delegated Administrative Permissions (GDAP) project for them. But wait, there’s more…
We have built the first PIM (Privileged Identity Management) solution in Microsoft history for Partner Center Access as an MSP. We are the first and only company that’s done this but are currently helping other MSPs utilize it to protect their clients as well. Microsoft engineers in the Lighthouse Project used our input to build this solution, and the tech giant will be unrolling it under the name “Just in Time Access,” or JIT. JIT allows limited access to data on as-needed basis. If James needs access to data but isn’t an administrator, he submits a ticket to a designated approver to request access to the data for an hour. The designated approver will look at the appropriateness of James’ request and grant the access (or not). After an hour, James’ privileges automatically expire. To be successful, a bad actor will not only need to attack James but will need to do it in the limited time he has advanced data access. We are the first MSP in the world to have this solution, and I will be broadcasting JIT to other MSPs.
This new application roll out is part of my theme for February: Live Compromised. We can’t continue to believe that our security tools will stop a determined threat actor. We need to find new ways to limit the damage a threat actor can do if s/he is successful in getting past your protections. Food for thought: James may have administrative privileges, but does he really need to be an administrator all the time? This concept is the foundation of PIM, which creates layers of approval for James before he can access specific data. It limits his purview to what he really needs to perform his job. PIM means a bad actor has very limited access to information, even if James is breached.
I guess you could wonder, if we are already Living Compromised, why bother with advanced protections? Consider advanced protections as a wall that protects your castle. Those walls are solid and sturdy, but not as impenetrable as we’d like to think. So why bother? The simple answer: businesses are ethically bound by the concept of “due care.” At its foundation, “due care” means that businesses are responsible for detecting threats, identifying vulnerabilities, and protecting clients from those threats. Living Compromised doesn’t mean giving up your protections and giving in…”oh well, I quit.” It means acknowledging that you will most likely be compromised and, in fact, may already be compromised. You build your castle wall using the thickest bricks you could find, but it was breached anyway. Maybe the bad actor climbed under it, or maybe they parachuted in; the only thing that matters is that they were determined enough to successfully get in your castle. Chances are your wall had already deterred lots of bad actors before this one got through, but now, here we are with an enemy in our castle. Your biggest concern now is limiting the damage s/he can do, and detecting these threats faster.
I talked a lot about this concept recently in a two-day security summit. Basically, as an industry, we were getting a little too complacent in our belief that we could stop all threats. To increase our own awareness, Iconic IT has started an internal security club with our security gurus. We play fun games, but we also review security incidents so we can share the lessons learned to all our locations.
On a different note, this month I became aware of a disconnect with some of our vendors. Iconic IT works with the top administrators to develop plans, and that message doesn’t always get through to the techs who implement the plans. After one prolonged struggle to get the teams on the ground to cooperate with a plan the top commanders had authorized, it occurred to me that too often we lose sight of the top-level mission. We need to be on our clients’ side and use strategic account management to make their journey easier, not fight to justify why we “can’t” do something for them. Those that can’t be on the right side of the table and work with clients to resolve issues will see losses as their customers find other alternatives that will.
Now for a sad, sad moment in Adobe’s history: I’d like to take a moment to bid farewell to Adobe Flash, officially retired in January 2021. Good riddance to a software that was as secure as swiss cheese. Make sure you uninstall Flash from your machines if you haven’t already done so. Uninstall it ten or twenty times to make sure it’s truly gone. Your security platforms will thank you.
Lastly, I want to give a shout-out to two exceptionally cool Icons I worked with in January, Matt Bosick and Zachary Hinchcliffe, for being so active with clients and the security space. Major kudos and mad respect, guys!
Where will February take me? Find out next time!