With the Zero Trust cyber security approach, you’ll always know the good guys from the bad guys

Zero Trust is a timely approach to address the cyber security challenges originating from the rise in remote working, the proliferation of personal devices, and obsolete physical security perimeters.

The Zero Trust cyber security model is based on the principle of “never trust, always verify”. In a cyber security architecture based on Zero Trust, no user (person, device, or application) is trusted by default, whether the user is on the corporate network or remote. Every user request for access to resources is treated as a potential cyber security breach. Any access privileges are minimised to “just enough access” to satisfy the user’s request. In addition, in the Zero Trust model, there is continual adjustment of security to changes in the digital landscape.

In this series of digital events we show you how the principles of Zero Trust with a risk-based, step-by-step approach and associated cyber security tools can help you effectively protect your entire digital estate (on-premises and in the cloud) in today’s hybrid work environment.

User identities can no longer be trusted by default, with employees, partners, and suppliers all asking to access your data. Endpoints connecting to your data centre can now be anywhere, due to cloud and workforce mobility. However, the Zero Trust control plane can help you maintain cybersecurity and compliance for users and endpoints throughout your cyberspace. With the help of Microsoft cyber security experts, we discuss how to apply Zero Trust to contain the attack surface that has been expanded by remote working and device proliferation. We also describe solutions for user risk mitigation, device health, and compliance for secure access.

Sorry, I just can’t trust you: A different cyber security approach

Welcome to the overlapping worlds of identities and endpoints. Today, you may be accessing data in your organisation from an office PC. Tomorrow, from a personal smartphone. As users, endpoints, and locations multiply onsite and offsite, so does the attack surface for your organisation. To spice things up, some users may not be employees and your organisation may not own or manage some devices. Trust is too risky. Logically, there’s only one way forward. A Zero Trust cyber security approach.

Zero Trust to solve your identity crisis

Let’s start by applying the “never trust, always verify” mantra of Zero Trust to identities. The first rule is to validate identity explicitly, without inferring it from the environment. Somebody trying to connect from my smartphone may not be me, especially if my smartphone has been lost or stolen. Instead, we need robust authentication of the user, verification that usage is compliant, and checking of suitable behaviour during the user access session.

However, people still need to be productive. So, for example, multifactor authentication (MFA) can be combined with single sign-on (SSO) to save users time and effort securely. In general, the aim when applying Zero Trust is for any access to be “JIT and JEA”, meaning just in time and just enough access to let users do their jobs, while suitably mitigating risk.

Endpoint security at cloud speed

All endpoints are treated as equals in a Zero Trust architecture. It doesn’t matter whether they are PC, Mac, smartphone, tablet, wearable, or IoT devices. The same security policies also apply wherever they are connected and whoever owns them. Registration of endpoints with a cloud identity provider lets you monitor security and risk of multiple endpoints for the same user. You can also allow access only for cloud-managed and compliant endpoints, while offering solutions such as patches or upgrades to restore compliance to other endpoints.

Microsoft solutions

Microsoft integrated solutions make Zero Trust achievable at scale. Microsoft Security identity and access management and endpoint management solutions use an automated policy engine to enforce control. They also mix in information like device health, behaviour patterns, and automated threat detection and response, to make informed, dynamic access decisions.

For example, our identity management solutions based on Azure AD continually update user risk profiles for appropriate action. Users that reach a high risk-threshold can be required to perform a secure password change. The unified Microsoft 365 Security Center contains Microsoft Defender for Endpoint to monitor devices for vulnerabilities and incidents, helping to modulate access based on endpoint risk. Conditional access policies can then block file downloads from platforms like SharePoint to specific devices with insufficient digital health, and so on.

Scalable, automated, universal Zero Trust

Overall, Microsoft offers a holistic approach to implementing a Zero Trust architecture over your entire digital estate. Your security operations team can implement scalable, automated security for all users and an extensive variety of endpoints including Windows client and server operating systems, and Linux, MacOS, iOS, and Android devices.