Resource: Microsoft White Paper on Modern Enterprise Security - Items to Watch

The keys to the kingdom: Always assume that a set of your corporate identities have been reused, are for sale, are replicated in a 3^rd party cloud or are still being used to access corporate data and assets even after separation/termination.

With friends like these: You must adopt an assumed breach posture. You’ve already been compromised — the goal is to contain it.

Silver bullets are for werewolves: You must take a layered approach to all security initiatives/solutions, where the next layer is always challenging the previous one.

Hiding in plain sight: When it comes to sophisticated attacks, it increasingly “takes a village” to identify them. The new cloud security model requires putting very large telemetry sets and computational power to work on your behalf.

Humans take the path of least resistance (usually): Doubling down on end-user security policy and relying on end-user compliance will often result in bad end-user habits, workarounds and a compromised security posture.

If it ain't broke, don't change it?: Yes, it is possible for security solutions to delight users, improve productivity, and save money while improving your posture.

It's all about the data, and the bass, not treble: IT can absolutely regain full control and security over SaaS apps and cloud storage with the correct solution.

False sense of security: Marketing and sales hype don’t always live up to practical execution. Ensure you understand the practical limitations, gaps and overlaps of all of your security components.

Head in the sand: Continuous testing of your security layers and vectors of entry is a key component of any long-term posture improvement strategy. Human error, corporate crisis and new, advanced threats can compromise the best security plans.