Zero Trust for app and data security, with user productivity

Zero Trust is a timely approach to address the cyber security challenges originating from the rise in remote working, the proliferation of personal devices, and obsolete physical security perimeters.

The Zero Trust cyber security model is based on the principle of “never trust, always verify”. In a cyber security architecture based on Zero Trust, no user (person, device, or application) is trusted by default, whether the user is on the corporate network or remote. Every user request for access to resources is treated as a potential cyber security breach. Any access privileges are minimised to “just enough access” to satisfy the user’s request. In addition, in the Zero Trust model, there is continual adjustment of security to changes in the digital landscape.

In this series of digital events we show you how the principles of Zero Trust with a risk-based, step-by-step approach and associated cyber security tools can help you effectively protect your entire digital estate (on-premises and in the cloud) in today’s hybrid work environment.

As applications and data is migrated from on-premises to the cloud, people increasingly work remotely, traditional security perimeters become irrelevant. Software as a Service (SaaS) apps are an additional challenge, fuelling the growth of unsanctioned or “shadow” IT. Remote working compounds the problem. However, instead of trying to beat users, it’s better to join them – with a Zero Trust strategy that unifies productivity and security. Microsoft cyber security experts offer their knowledge and insights to help you assess your security posture and apply app controls and data protection, for a Zero Trust based defence of your organisation both on-premises and the Cloud.

Protection must travel with apps and data

As applications and data move outside the traditional security perimeter, their cyber protection needs to move with them. “One firewall to defend them all” no longer works. In a new hybrid(on-premises+cloud), and intelligent edge environment where implicit trust has no place, each app and each dataset must travel with its own security. Every request for access must be scrutinised, every user and usage monitored. In short, Zero Trust and “Never trust, always verify” is crucial.

Their credit cards, your breach

However, putting Zero Trust in place can be a challenge. Software as a Service (SaaS) applications are a prime example. Users with their own budget (or a personal credit card) can sign up for any number of SaaS apps without telling their IT department. Without suitable controls, they can store confidential data on the SaaS provider’s platform as they like. On average, there are more than 1,000 different applications in use in an organisation, but over half (61 percent) are not approved by IT. Whether accidental or malicious, data breaches are just around the corner.

How do you deal with this shadow IT and its risks? Bans on SaaS apps won’t work. Users can always go elsewhere. A smarter solution is to offer users the choices they want in a cloud environment that has Zero Trust security built in.

Satisfying app users while staying secure

Microsoft Cloud App Security is a cloud app security broker (CASB) with a catalogue of more than 16,000 apps, including favourites for happy and productive users. Each app is evaluated for more than 90 risk factors. Microsoft Cloud App Security (MCAS) also leverages native integrations with Azure Active Directory (AD), Intune, Azure Information Protection, and other security and identity solutions. Cybersecurity advantages include:

• Identification of cloud apps and services being used in your organisation, including shadow IT
• User session risk monitoring via conditional access policies
• Data access control through Zero Trust user identity management
• Data protection, ensuring that data cannot be exfiltrated from your organisation.

Data classification to drive your security

For your data, your security baseline actions will start with data discovery and cataloguing, classifying data for sensitivity, and labelling data to monitor and control its use.

Microsoft Information Protection combines Microsoft’s classification, labelling, and protection services. It provides unified administration across Microsoft 365, Azure Information Protection, Windows Information Protection, and additional Microsoft solutions. Instead of old-style perimeter control and manual ad-hoc sensitivity labelling, you can move to an improved data security posture across your organisation with:

• Data classification and labelling using standard regular expressions (regex) and keyword methods
• Data access decisions driven by a cloud security policy engine
• Data loss prevention (DLP) policies for secure sharing with encryption and tracking.

Together Microsoft Cloud App Security (MCAS) and Microsoft Information Protection (MIP) offer a holistic solution for implementing Zero Trust for your applications and data.