More secure than an in-house data center
Customers often ask Åsen how safe it really is to migrate to the cloud. Is having everything out there on the net sufficiently secure? Is there sufficient control?
"The answer is that migrating your identity, email and personal folders to the cloud brings lots of new security-related features, providing more security than an in-house data center," says Åsen.
An example of this is the securing of user accounts. If two people log into a user account simultaneously, one from Norway and the other from somewhere else in the world, this is detected by algorithms that trigger an alarm. To log in, the user must then use multi-factor authentication to confirm his/her identity. This was one of the first issues to be resolved.
All Microsoft cloud services include an arsenal of security features. The challenge lies in their balanced adaptation, something at which Innofactor's consultants excel.
When security staff have too much power
"All security settings are turned off as a default. If you switch everything on, you might just as well go home. You will accomplish absolutely nothing," says Erik Monsen, Business Development Manager at Innofactor, who has been working closely with Marin IT to achieve the right security balance.
It is crucial to strike a balance between effective security, interaction and sharing. The objective should be security for the user without compromising availability, interaction and innovation.
"Work soon becomes no fun at all if you have to log in using two-factor authentication each time you want to read an e-mail or use 16 parameters to save a document that you need to classify. This is familiar to people who have worked in places where the security staff have had too much decision-making power," says Ellefsen.
"You may then end up with the paradox of systems that are less, rather than more, secure. A shadow IT problem develops, because users create their own, more efficient solutions, such as a free cloud-storage service account. The higher you set the password requirements, the more likely you are to find a yellow post-it, showing the password, on someone's screen," Monsen explains.
The goal is to implement cloud-based security in a totally unobtrusive way for the user. Because users are not always aware of whether certain choices are safe or potentially disastrous, a security solution should be built that liberates them from making such decisions, while being automated and intelligent enough to safeguard them.