2020 was the year that proved that teams could work from literally anywhere. But while the ability to work from anywhere has truly been essential to keeping businesses and the economy functional, it has opened up new challenges that need to be addressed.
Companies found that traditional security models required bringing users and data to ‘safe’ network places, which doesn’t scale and doesn’t provide the needed visibility. Employees are getting their work done using personal devices, sharing data through new services, and collaborating outside the confines of traditional protections of the corporate network.
What is Zero Trust?
Zero trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. It means that as an organization, you need to adopt the following things:
- Least-privilege Application Access Model.
- Provide proactive protection against conventional and zero-day malware.
- Eliminate traditional Virtual Private Network (VPN) for some users and groups.
Zero Trust can only be successful if organizations are able to continuously monitor and validate that a user and his or her device has the right privileges and attributes. Not every Zero Trust model implementation is the same, different organizational requirements, existing technology implementations, and security stages all affect how a Zero Trust security model implementation is planned.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy. This is done by implementing Zero Trust controls and technologies across six foundational elements: identities, devices, applications, data, infrastructure, and networks. Each of these six foundational elements is a source of signal, a control plane for enforcement, and a critical resource to be defended. This makes each an important area to focus investments.
Microsoft Zero Trust
In an integrated Microsoft Zero Trust solution, AAD and Microsoft Defender for Identity provide protection, monitoring, and trust insights in the User/Identity Pillar. Microsoft Defender for Endpoints and Intune protect and manage the Device. Azure Security Center and Azure Sentinel monitor, report, and provide automated playbooks to deal with events.
In today’s modern and dynamic workplace, it’s not enough to know what’s happening in your cloud environment after the fact. Enable real-time monitoring and control over access to any of your apps with Microsoft Cloud App Security access and session policies, including cloud and on-prem apps and resources hosted by the Azure AD App Proxy.
A Zero Trust approach encourages you to think that a security incident can happen anytime, and you are always under attack, this is where segmenting your network while you design its layout becomes important. When you operate on Azure, you have a wide and diverse set of segmentation controls available to help create isolated environments. Here are the five basic controls that you can use to perform network segmentation in Azure:
Zero Trust Security with Microsoft 365
Microsoft 365 as a core service adheres to Zero Trust Networking. A foundational building block of how organizations can implement Zero Trust within Microsoft 365 is Azure Active Directory Conditional Access. Conditional access combined with Azure Active Directory Identity Protection capabilities, allows organizations to make effective access control decisions based on user, device, location, as well as session risk for every request to Microsoft 365 resources.
Organizations can achieve Zero Trust within Microsoft 365, by using the following features:
- Microsoft Defender for Endpoints.
- Windows Defender System Guard Runtime Attestation
- Azure Active Directory
- Microsoft Intune
- Cloud App Security
- Azure Information Protection
Microsoft is currently on its own Zero Trust journey. Check this IT Showcase here to learn more about how Microsoft approached the Zero Trust journey. In the meantime, don’t forget that you can reach out to us at VNEXT here if you have any question or need any help.