Usage Scenarios
This introduces how to utilize the Security365 Management Center in various work environments.
1. Microsoft 365 Environment Integrated Management
situation
Management of Security Services for Organizations Using Microsoft 365
The problem many organizations face:
- Dual Management of Microsoft 365 User Information and Security Service User Information
- When new employees join or leave, individual updates are required for each service.
- Mismatch between Azure AD organizational structure and security service group structure
- Burden of creating a separate security service account other than a Microsoft account
Utilizing the Security365 Management Center
Composition Plan
1. Microsoft 365 Sync Settings
- Settings > Inbound Provisioning
- Enable Microsoft 365 Sync
- Choose Full Sync or Specific Group Sync
2. Set Automatic Sync Frequency
- Set automatic sync for 6 AM daily
- Reflect personnel changes in real-time
3. Enable Microsoft Account Authentication
- Settings > User Authentication Settings
- Enable Microsoft Account Authentication
- Users log in with their existing Microsoft accounts
4. Set Automatic License Assignment
- License Management > Enable Automatic Assignment
- Automatically assign licenses to synchronized users
Expected Effects
- Management Efficiency: Eliminate dual management with automatic reflection of Azure AD information
- User Convenience: SSO login with Microsoft account
- Real-time reflection: Apply security services immediately upon personnel changes
- Maintain Consistency: Organization Structure and Security Policy Group Automatic Synchronization
2. Remote Work Access Control
situation
Security Access Management in Remote Work Environments
Remote Work Security Challenges:
- Security Risks When Granting the Same Access Rights as Internal Users
- Challenges of Access Control in Personal Network Environments
- Concerns about unauthorized access outside of working hours
- Separate management of access policies is required during overseas business trips.
Utilizing the Security365 Management Center
Composition Plan
1. Location Condition Registration
- Condition Item > Add Condition
- In-house IP Range: 10.0.0.0/8 → "In-house Network"
- Registered Remote IP: Individual Registration → "Remote Network"
2. Time Condition Registration
- Weekdays 09:00~18:00 → "Regular Working Hours"
- Weekdays 18:00~22:00 → "Extended Working Hours"
3. Conditional Policy Creation
Policy 1: In-house Work
- Condition: In-house Network + Regular Working Hours
- Access Policy: Allow
Policy 2: Remote Work
- Condition: Remote Network + Regular Working Hours
- Access Policy: Allow + OTP Authentication
Policy 3: Night Access
- Condition: Extended Working Hours
- Access Policy: Allow + Email Authentication
Policy 4: Default Block
- Condition: None (All Cases)
- Access Policy: Block
Expected Effects
- Flexible Approach: Differential security applied according to the working environment
- Additional Authentication: Strengthening identity verification for external access
- Time-based control: Additional Verification for Irregular Hour Access
- Security Enhancement: Blocking Access Sources in Unregistered Environments
3. Vendor Access Management
situation
Management of System Access for External Partners
Difficulty in Managing Partner Companies:
- Different partners participating in each project
- Frequent changes in partner company personnel
- Risk of missing permission revocation after project completion
- Differentiated application of access scope by partner company is necessary.
Utilizing the Security365 Management Center
Composition Plan
1. Create Policy Group by Partner
- Group Management > Policy Group > Register Policy Group
- Group Name: "Project A - Partner B"
- Members: Add users from the respective partner
2. Set Partner-Specific Conditions
- Condition Items > Register Location Condition
- Register Partner Office IP
3. Create Conditional Policy
- Target: Partner Policy Group
- Conditions: Partner IP + Weekday Working Hours
- Services: Select only project-related services
- Access Policy: Allow + OTP Authentication
4. Handling Upon Project Completion
- Remove members from the policy group
- Or delete the entire policy group
- Automatic license recovery
Expected Effects
- Scope Limitation: Allow access only to necessary services
- Location Restrictions: Accessible only at the designated location
- History Tracking: All vendor activity log records
- Automatic Retrieval: Revoke permissions in bulk when deleting a group
4. Large-Scale User Onboarding
situation
Account Management When a Large Number of New Hires Occur
Large-scale onboarding task:
- Public recruitment, mergers and acquisitions, etc. simultaneous hiring of hundreds of people
- Takes a lot of time to create individual accounts
- Account issues due to input errors
- Departmental permission settings are complex
Utilizing the Security365 Management Center
Composition Plan
1. Prepare CSV Template
- User Management > Bulk Registration > Download Template
- Enter new hire information by the HR team
- Required fields: Name, Email
- Optional fields: ID, Group
2. Execute Bulk Registration
- Upload the completed CSV file
- Automatic validity check performed
- Register after checking for duplicates/missing items
3. Enable Automatic License Assignment
- License Management > Automatic Assignment Settings
- Select "Automatically assign to active users"
4. Utilize Condition-Based Policy Groups
- Create groups based on common conditions for new hires
- Example: Filtering based on hire date
- Apply restricted access policies during the new hire training period
Expected Effects
- Fast Processing: Hundreds of people can register simultaneously
- Error Prevention: Minimize input errors with automatic validation
- Automation: Manual license assignment not required
- Consistency: Automatic application of the same policy to users under the same conditions
5. Compliance Audit Response
situation
Information Security Audit and Compliance Requirements
Compliance Requirements:
- Obligation to Record Personal Information Access History
- Administrator Activity Log Retention
- Principle of Least Privilege Evidence
- Quick Submission of Audit Materials
Utilizing the Security365 Management Center
Composition Plan
1. Log Backup Settings
- Settings > Log Settings > Log Backup Settings
- Backup Frequency: Daily
- Collection Period: 90 days
- Number of Archive Files: 12 (1 year retention)
2. External Transfer Settings
- Enable External Transfer of Backup Logs
- Automatically transfer to a separate log server
- Ensure integrity of original logs
3. Designate Log Inquiry Administrator
- Designate the auditor as "Log Inquiry Administrator"
- No access to menus other than logs
- Enable log inquiry notifications
4. Role-Based Permission Evidence
- Download list of administrators and permission status
- Download list of conditional policies
- Submit evidence of applying the principle of least privilege
Expected Effects
- Complete Record: All Access Activity Detailed Logs
- Integrity Guarantee: Log Tampering Prevention
- Rapid Response: Thank you materials can be extracted immediately
- Role Separation: Ensuring audit independence for log review dedicated managers
6. Data Classification by Security Level
situation
Establishing a Data Security Classification System within the Organization
Need for Data Classification:
- Applying the same security level to all data is inefficient
- Differentiated management of confidential/sensitive/public data is necessary
- Differentiated Access Policies by Data Type
- Need for criteria to assess impact in case of a security incident
Utilizing the Security365 Management Center
Composition Plan
1. Security Level Creation
- Security Classification Label > Label Level > Level Creation
Level 1: Confidential (Red)
- Definition: Serious damage to the organization in case of leakage
- Examples: Personnel information, Financial information, Trade secrets
Level 2: Sensitive (Orange)
- Definition: Disruption to operations in case of leakage
- Examples: Customer information, Project documents
Level 3: Public (Green)
- Definition: Can be shared externally
- Examples: Marketing materials, Public documents
2. Detailed Label Creation
- Register specific labels under each level
Confidential Level:
- Personnel information
- Salary information
- Management strategy
Sensitive Level:
- Customer DB
- Contracts
- Internal meeting minutes
3. Utilization in Integrated Services
- SHIELDrive: Apply labels to folders/files
- Document Security: Link levels during document encryption
Expected Effects
- Systematic Classification: Classifying data with clear criteria
- Visual distinction: Instantly recognize security levels by color
- Policy Linkage: Differential Access Policy by Grade
- Thank you for your ease.: Sensitive Data Access History Tracking
7. Building a Multi-Factor Authentication System
situation
Security Limitations of Single Password Authentication
Authentication Security Challenges:
- Risk of Account Takeover in Case of Password Leakage
- Credential theft due to phishing attacks
- Additional identity verification required for high-risk tasks
- Balancing User Convenience and Security Level
Utilizing the Security365 Management Center
Composition Plan
1. Basic Authentication Settings
- Settings > User Authentication Settings
- Security365 Authentication + Microsoft Account Authentication Activation
- Choose login method based on user selection
2. Password Strength Policy
- Settings > Account Settings > Password Rules
- At least 10 characters
- Combination of uppercase and lowercase letters + numbers + special characters
- Mandatory change every 90 days
- Prohibit reuse of the last 5 passwords
3. Conditional Additional Authentication
- Set up situational additional authentication in conditional policies
Situation 1: External IP Access
→ Add OTP Authentication
Situation 2: Admin Page Access
→ Add Email Authentication
Situation 3: Sensitive System Access
→ Add OTP Authentication
4. Account Lockout Policy
- Lock for 10 minutes after 5 failed authentication attempts
- Prevent brute force attacks
Expected Effects
- Hierarchical Security: Differential Application of Authentication Strength by Situation
- Deodorization Prevention: Access not possible with password only
- Maintaining Convenience: Low-risk situations allow for simple authentication
- Attack Blocking: Defending Against Brute Force Attacks with Account Lockout
8. Separation of Administrator Privileges
situation
Risks Due to Concentration of Administrator Privileges
Permission Management Tasks:
- One administrator has all permissions
- Risk to the Entire System in Case of Administrator Account Theft
- Distribution of management responsibilities by task is necessary
- Evidence Requirements for Role Separation in Audits
Utilizing the Security365 Management Center
Composition Plan
1. Role-based Administrator Assignment
Super Administrator (1-2 people)
- IT Security Officer
- Overall system management and administrator privileges assignment
Editor Administrator (by department)
- IT personnel of each department
- Management of users and groups in the affiliated department
- Policy setting and modification
Viewer Administrator (if necessary)
- Security monitoring personnel
- Only able to view status, cannot modify
Log Viewer Administrator (for auditing)
- Internal audit team
- Can only view logs
2. Administrator Access Policy Settings
- Super Administrator: Company IP + Working hours + OTP
- Editor Administrator: Company IP + Working hours
- Log Viewer Administrator: Notification sent upon log viewing
3. Log Viewing Notification Activation
- When Log Viewer Administrator logs in/out
- Email notification to Super Administrator
Expected Effects
- Decentralization of Authority: Remove Single Admin Dependency
- Clarification of Responsibilities: Specify Management Scope by Role
- Risk Reduction: Limiting the Scope of Damage in Account Takeover
- Audit Response: Compliance Evidence of Role Separation Principle
9. SCI Server Integration Environment
situation
Integrated Management of Organizations Using Document Security
SCI Server Environment Task:
- Using Document Security and Security365 Services in Parallel
- SCI Server personnel information and separate management burden
- Mismatch between the existing employee number system and email format
- Need for user information synchronization between the two systems
Utilizing the Security365 Management Center
Composition Plan
1. SCI Server Integration Settings
- Settings > Inbound Provisioning > SCI Server Synchronization
- Enter SCI Server IP / Port
- Run Integration Test
2. Domain Settings
- Convert employee number format to email format
- Example: Set domain "company.com"
- Result: hong123 → hong123@company.com
3. Automatic Synchronization Settings
- Automatic synchronization every dawn
- Automatically reflect personnel changes from SCI Server
4. Group Path Display Settings
- Activate path display based on group settings
- Check user department path in logs
- Example: Headquarters/Sales Division/Sales Team 1/Hong Gil-dong
Expected Effects
- Integrated Management: SCI Server + Security365 Single Console Management
- Automatic conversion: Employee Number → Email Format Automatic Processing
- Real-time synchronization: Immediate reflection of personnel changes
- Department Tracking: Organization path can be checked in the logs