Most security incidents occur when people ignore or misunderstand the basics. (2025 State of Enterprise Technology Survey, n.d.) Focusing on these fundamentals can significantly improve your security. People often talk about Zero Trust, AI-driven detection (Ravikrishnan, 2024), and advanced dashboards. However, if your identity, access, and network basics are not strong, these advanced tools will not help much. Here are common issues I notice in different environments and why they are essential.
1. Identity Is Still Treated Like a Checkbox
Many organisations still see Entra ID as just another directory. They often miss important steps, such as setting up Conditional Access policies or avoiding over-permissioned accounts. I see things like:
- Legacy authentication is still enabled
- No Conditional Access policies
- Over‑permissioned accounts
- Guest access with no governance
- MFA enabled… but not enforced
Identity now acts as the main security boundary. If it is weak, other protections do not matter much. (Shende & Satyaketu, 2023)
2. Networks Are Overcomplicated or Under‑Designed
When it comes to networking, people often make it too complicated or pay insufficient attention to it. Common patterns:
- Flat networks with no segmentation
- VLANs created but not actually enforced
- Firewalls with “allow any” rules buried somewhere
- DNS filtering is not even considered
A well-planned and simple network design can solve more problems than many people expect. ((CISA), 2023)
3. Firewalls Are Treated Like Set‑and‑Forget Appliances
Firewalls are not magic solutions. They work well only if you set up good rules, logging, and monitoring. I still see:
- Rules created years ago that nobody understands
- Logging was disabled because “it was noisy.”
- No alerting on critical events
- No regular audits
If you cannot see what your firewall is doing, it is no better than an expensive router. (Amoroso, 2020)
4. Security Tools Are Installed but Not Operationalised
This issue is prevalent. Organisations deploy:
- EDR
- SIEM
- Backup solutions
- Vulnerability scanners
However, people often do not review alerts, adjust policies, or check reports. Security tools don’t secure anything on their own. People and processes do.
When you master the basics, you become more confident and motivated to build better security habits. This makes complex problems more straightforward to handle.
From my experience building labs, testing tools, and working in different environments, I have learned one primary lesson: Security is not about making things complex. It is about being consistent. If you get the basics right:
- Strong identity
- Clean network design
- Proper firewall rules
- Good logging
- Regular reviews
If you do these things, you are already ahead of most organisations.
Why I Write About This
I share these insights because hands-on work brings a lot of clarity. My home lab makes me break things, fix them, and understand them well. That is the perspective I want to share here on itblogs.ca.If you are learning about security, Entra ID, networking, or firewalls, begin with the basics. Master them. Build them in your lab. Break them on purpose and then rebuild them better. Everything else becomes easier after that.
References
(n.d.). 2025 State of Enterprise Technology Survey. https://www.cioandleader.com/wp-content/uploads/2025/08/Survey-Report-2025.pdf
Ravikrishnan, A. (January 29, 2024). Zero Trust and AI: A Synergistic Approach to Next-Generation Cyber Threat Mitigation. Zscaler Blog. https://www.zscaler.com/blogs/product-insights/81-companies-embrace-zero-trust-new-cyber-defense-norm
Shende, J. R. & Satyaketu, G. (2023). Identity as a New Security Perimeter. ISACA Journal 21. https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2023/volume-21/identity-as-a-new-security-perimeter
(CISA), C. a. (2023). Securing Networks. CISA. https://www.cisa.gov/topics/cyber-threats-and-advisories/securing-networks
Amoroso, E. (November 23, 2020). How to maximise traffic visibility with virtual firewalls. Security Magazine. https://www.securitymagazine.com/articles/94010-how-to-maximize-traffic-visibility-with-virtual-firewalls
Jaspreet Singh Author @ ITBlogs.ca Identity & Cloud Security (Hands-on, not theoretical)