Demystifying Zero Trust


March 25, 2022
Cyber Security Customer Success

Zero Trust is a timely approach to address the cyber security challenges originating from the rise in remote working, the proliferation of personal devices, and obsolete physical security perimeters.

The Zero Trust cyber security model is based on the principle of “never trust, always verify”. In a cyber security architecture based on Zero Trust, no user (person, device, or application) is trusted by default, whether the user is on the corporate network or remote. Every user request for access to resources is treated as a potential cyber security breach. Any access privileges are minimised to “just enough access” to satisfy the user’s request. In addition, in the Zero Trust model, there is continual adjustment of security to changes in the digital landscape.

In this series of digital events we show you how the principles of Zero Trust with a risk-based, step-by-step approach and associated cyber security tools can help you effectively protect your entire digital estate (on-premises and in the cloud) in today’s hybrid work environment.

Today’s cyberworld is complex. Fortunately, Zero Trust or “Never trust, always verify” is a simple and effective approach to improving cyber security. Clear, practical guidance can help in applying Zero Trust principles to protect against risks like increased working from home, use of personal devices, and heightened cyber threats. We start with an understanding of how a Zero Trust strategy can benefit organisations like yours. Building on insights of cyber security thought leaders from Microsoft, Cloud Security Alliance and NTT, we explore tried and tested Zero Trust strategies for defending your entire digital estate.

James Bond said it best

I bet you’ve already seen a spy film in which one character says to another, “remember, trust nobody!”. That memorable line could also sum up Zero Trust for cyber security. Zero Trust means trusting no user, whether human, device, or applications, no matter where the user is located (inside or outside the organisation).

Zero Trust is also a timely answer to increased cyberattacks as remote working and use of the cloud become more widespread. In the 12 months up to June 2020, the Australian Cybersecurity Centre received 2266 cybersecurity incident reports. The average cost of a data breach was $3.35 million. And that is likely only the tip of the iceberg.

Why the mystery?

As a concept, Zero Trust is simple. “Never trust, always verify”. So, why the need for demystification? It’s because we’re applying Zero Trust to a world that continues to evolve at breakneck speed. Users can be anywhere. They can be working from their office, their home, or any other location that isn’t under lockdown. Data and applications can be anywhere too. They don’t just live on corporate servers anymore, but also in laptops, smartphones, and the cloud.

This new complexity can seem overwhelming. The solution is to keep things as simple as possible, adopting new perspectives as needed.

The perimeter: out with the old, in with the new!

Take the notion of the security perimeter, for example. It is no longer defined by physical corporate firewalls, but by virtual identity. Hackers steal identities, i.e., access credentials, to carry out many cyberattacks. So, for a user requesting access to a resource, apply a Zero Trust strategy to verify user identity, together with device compliance, location and behaviour, and only grant least privilege access as required.

Cyber security tools for Identity & Access Management include:

  • Multi-factor authentication (MFA)
  • User and entity behaviour analytics (UEBA)
  • Policy automation for consistent application of the right level of access for each user.
A black background image with an illustration of a magnifying glass on a cloud, connected to a monitor and a lightbulb

6 pillars of a Zero Trust architecture

You can define your strategy to protect your entire digital estate, including on-premises, cloud, and edge components like IoT, by basing it on six Zero Trust pillars. They are:

  1. Identity (as above)
  2. Devices
  3. Applications
  4. Data
  5. Infrastructure
  6. Networks

These assets may include personal devices being used for work and unsanctioned shadow IT like cloud-based data and applications. You will need to discover and secure each asset, minimising the cyberattack surface and the blast radius, i.e., the possibility of collateral damage to other assets if the asset is compromised.

Relevant cyber security tools and solutions include:

  • Segmentation and micro segmentation
  • Real-time threat protection
  • End-to-end encryption
  • Telemetry to detect cyberattacks and anomalies.

Big improvements happen step by step

You can implement your strategy gradually, using a risk-based approach to target key vulnerabilities first. And remember, you’re not alone! At Microsoft, we’ve been phasing in our own Zero Trust architecture. We’re ready to share our learnings, experience and best practices with you!

Find out more about Zero Trust and how to get the cyber security benefits by registering for the digital series. You’ll see how to apply Zero Trust to protect your entire digital estate and discover practical tips from Microsoft’s Zero Trust experts that you can use immediately.


Categorised in:

This post was written by Cyber Security Customer Success