Last Updated on February 21, 2024 by Arnav Sharma
Zero Trust Principles
Protect assets against attacker control by explicitly validating that all trust and security decisions use all relevant available information and telemetry.
Use least privilege access
Limit access to a potentially compromised asset with just-in-time and just-enough-access (JIT/JEA), and risk-based policies like adaptive access control.
Assume attackers can and will successfully attack anything in the system (identity, network, device, app, infrastructure, etc.) and plan accordingly
Zero Trust Technological Pillars
Identities – whether they represent people, services, or IoT devices, they define the Zero Trust control plane. When an identity attempts to access a resource, verify that identity with strong authentication, and ensure access is compliant and typical for that identity. Follow least privilege access principles.
Once an identity has been granted access to a resource, data can flow to a variety of different endpoints, i.e. from IoT devices to smartphones, BYOD to partner-managed devices, and on-premises workloads to cloud-hosted servers. This diversity creates a massive attack surface area. Monitor and enforce device health and compliance for secure access.
Applications and APIs provide the interface by which data is consumed. They may be legacy on-premises, lifted-and-shifted to cloud workloads, or modern SaaS applications. Apply controls and technologies to discover shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behaviour, control user actions, and validate secure configuration options.
Ultimately, security teams are protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Classify, label, and encrypt data and restrict access based on those attributes.
Infrastructure – on-premises servers, cloud-based VMs, containers, or micro-services, represents a critical threat vector. Assess for version, configuration, and JIT access to harden defence. Use telemetry to detect attacks/anomalies and automatically block and flag risky behaviour and take protective actions.
All data is ultimately accessed over network infrastructure. Networking controls can provide critical controls to enhance visibility and help prevent attackers from moving laterally across the network. Segment networks (and do deeper in-network micro-segmentation) and deploy real-time threat protection, end-to-end encryption, monitoring, and analytics.
Visibility, automation, and orchestration
This approach recommends to implement an end-to-end Zero Trust methodology across identities, endpoints and devices, data, apps, infrastructure, and network. These activities increase your visibility, which gives you better data for making trust decisions. With each of these individual areas generating their own relevant alerts, we need an integrated capability to manage the resulting influx of data to better defend against threats and validate trust in a transaction.
Q: What is a zero trust model?
A: A zero trust model is a security concept based on the principle of always verifying all access requests before granting access to resources. It assumes that all users and devices are untrusted and determines access based on the user’s identity, the device’s security posture, and the context of the access request.
Q: Why do organizations need a new security model like zero trust?
A: Traditional network security architecture is based on the perimeter model, which assumes that everything behind the corporate firewall is safe. However, this model is no longer effective in today’s digital landscape, where users access applications and data from anywhere, using a variety of devices. Zero trust helps organizations ensure security posture by implementing security measures that verify every access request.
Q: What is Microsoft’s zero trust security model?
A: Microsoft’s zero trust security model is a comprehensive approach to implement a zero trust network architecture. It is based on the principle of always verifying access requests, and it integrates with Microsoft’s security strategy, such as Azure Active Directory, Multi-Factor Authentication, and security services. It provides an effective security posture for organizations implementing zero trust.
Q: What is the role of architecture in implementing zero trust?
A: Architecture plays a critical role in implementing a zero trust model. With a zero trust network architecture, every access request must be verified. The architecture provides a framework to implement security measures that enable organizations to validate user identity, verify devices and locations, detect anomalies, and prevent unauthorized access.
Q: How can Microsoft help implement zero trust?
A: Microsoft provides a comprehensive suite of security offerings that can be used to implement a zero trust model effectively. These offerings include Azure Active Directory, Multi-Factor Authentication, and Security Center, amongst others. Furthermore, Microsoft has created an implementation approach that helps organizations begin their zero trust journey in a structured manner.
Q: What is least privilege in the context of a zero trust security model?
A: Least privilege is a security principle that requires that users and devices access resources only when necessary to complete their work. It is a fundamental aspect of the zero trust security model, which helps ensure that access to an organization’s resources is restricted to only the entities that need it.
Q: What is access management in the zero trust security model?
A: Access management is the process of managing and enforcing permissions for users and devices accessing resources. In the context of the zero trust security model, access management is a critical aspect of the architecture, as it enables organizations to implement access policies that restrict users and devices to only the resources necessary to do their work.
Q: How does Microsoft 365 fit into the zero trust security model?
A: Microsoft 365 is a suite of cloud-based productivity tools and services that integrate with Microsoft’s zero trust security model. It offers features like Azure AD, Information Protection, and Conditional Access, among others, that enable organizations to implement a comprehensive security posture based on the zero trust model.
Q: What are credentials, and how are they related to the zero trust network?
A: Credentials are a user’s digital identity and are used to authenticate access to resources on the network. In the zero trust model, credential security is critical, as it enables organizations to verify the identity of the user and device before granting access.
Q: Can you explain the role of verification in the zero trust security model?
A: Verification is a critical aspect of the zero trust network architecture, as it enables organizations to always verify all access requests. Verification includes validating user identity, device security posture, location, and context of the access request, amongst others. With verification, organizations can prevent unauthorized access and maintain a strong security posture.
keywords: zero trust implementation, zero trust architecture, validation corporate network, corporate network, network perimeter, zero trust model assumes breach, model assumes breach and verifies, model assumes breach and verifies