Protecting Your Data: The Power of Conditional Access

Conditional access restricts access to corporate resources based on either user identity, or device health. It’s also about enforcing policies based on location and application data sensitivity. For example, accessing a CRM application from a café requires multi-factor authentication because of both the location of the user and the sensitive data of the CRM system. Another example would be in email. A device must be compliant with policies, like encryption and PIN, to access corporate email. Properly enforcing conditional access policies across a company can improve an overall security posture.

What are your first steps to getting a policy in place?

  • Define a mobile device access policy that works for your business. You can either require full management of the device or just management of critical applications like Outlook to access corporate email.
  • Leverage dynamic groups to give employees access to the applications they need based on their roles.
  • Enforce multi-factor authentication this adds a layer of protection by requiring users to authenticate themselves two ways. The first method may be the traditional user name and password combination. The second often involves a physical component that would be virtually impossible to duplicate. For example, swiping a card key and entering a PIN, logging into a website and using a one-time password, logging in via a VPN client with a digital certificate, or scanning a user’s fingerprint.