What is Zero Trust Security? (ZTS)
Zero Trust Security was still considered a buzz word when we first wrote about over a year ago, but has since seen NIST release an official Zero Trust framework, 800-207, and has also become one of the most accepted frameworks for defending distributed work forces. One of the key ideas behind ZTS is that there IS no perimeter. With users able to work from any place and on any device, we can no longer rely on keeping everyone safe behind a firewall. Even with the best firewalls, there are too many weaknesses presented by individuals and their varied devices to lean on that to assume you are safe.
This is particularly important right now, given that an estimated 90% of Americans are under some form of stay at home order, which is driving the number of remote workers through the roof. It is also fueling a meteoric rise in cyber attacks and threats including Phishing attacks claiming to have COVID-19 related information or tools, ransomware attacks on hospitals, and Zoom just being Zoom, an immature company doing their best to meet the demand, but now recognizing the problems and technical debt they assumed by rolling their own security and skipping critical security functions in the rush to market.
Zero Trust adapts to the complexity of this modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located. Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. The Zero Trust approach is based on three guiding principles: Verify explicitly, use least privileged access, and assume breach.
The Three Guiding Principles of Zero Trust Security
Zero Trust Security is guided across three principles:
- Verify Explicitly
- Use Least Privileged Access
- Assume Breach
The Six Pillars of Zero Trust
The three principles of Zero Trust are applied to defend six pillars that represent a data estate.
Zero Trust Security With Microsoft 365
This demonstration provides a quick look at how a number of integrated tools across Microsoft’s security stack can be applied to enable a Zero Trust methodology in your organization. For more in-depth explorations and demos, please check out these other blogs:
Understanding Active Directory
Microsoft Defender Advanced Threat Protection Demo
Automate Security with Cloud App Security and Power Automate
Intune for Mobile Device Management
Managing Microsoft Secure Score
Setting up Single Sign On (SSO) in Azure Active Directory
Azure Information Protection Demo
Protecting your Data Even Outside of Office 365
Combating Shadow IT with EMS and Cloud App Security
Need help defending your remote workers and assuring your devices, data, and identities are secure? Agile IT is a Gold Microsoft Security Partner, and have solutions to help your organization remain secure.