Microsoft Jun 25, 2020

Debunking security myths. Today: A firewall is enough protection my data.

Anyone who, like me, has worked for four years in the enterprise sector or in the SMC area Microsoft 365 Consulting hears a lot. Much of it is serious concerns from customers—which need to be dealt with just as seriously. Some of it, though, belongs in the myths category, unfortunately. In my first blog, I explained why Microsoft is a dyed-in-the-wool security provider. Yet another argument I always came across was the statement that nowadays company data receives sufficient protection from cyber-attacks behind a firewall. This is a fallacy.

Share article

Michael Stachowski
Business Development Manager

We find ourselves in a time where data is not centrally located behind a firewall. This means that data is not just stored on-premise in the company. And also computers, smartphones, tablets, etc. that employees access this company data are no longer just in the company network. We find ourselves in a time in which cloud services are an indispensable part of daily working, which means that company data goes from the in-house data centre to all sorts of cloud services. And the other aspect is that there are now many different types of endpoint (smartphone, laptops, tablets) that can move freely and go wherever we go on a daily basis because employees can now work from home and access sensitive company data on the go from their mobile or tablet. Concretely, this means that data today is everywhere and accordingly also needs protection that's suited to the situation. The model we used to use to demonstrate that the firewall was the most important element in protecting data is no longer valid.

Attack vectors and protection mechanisms.

For one thing, the protection to be developed has to evolve. Protection that is effective on devices that can access corporate data in order to rule out unauthorised devices accessing it. Moreover, this protection needs to shield the data itself so that only authorised users and devices can access it. And for each new time corporate resources are accessed, this access must be checked for validity. If something isn’t right, such as access not coming from a trustworthy location, a second factor needs to be promptly requested in order to find out whether the access is authorised or is a cyber-attack.

Additionally, the users’ identity also needs to be blocked. Unfortunately, passwords such as 123456 (the number one most used password in Germany in 2019) make it very easy for attackers to hijack user accounts in the company network. If an account falls victim to a hacker attack, even the best firewall won’t be able to help as the hacker is already using the user’s identity behind the firewall—meaning that the attack can go undiscovered for a long time.

The answer to all problems.

The security features of the Microsoft 365 E3 and Microsoft 365 E5 Suite help to protect corporate data and user identity against exactly these sort of attacks. If you’d like to learn more, simply get in touch!