Microsoft’s Zero Trust Model: Summarised
Zero Trust Principles
- Verify explicitly
Protect assets against attacker control by explicitly validating that all trust and security decisions use all relevant available information and telemetry.
- Use least privilege access
Limit access to a potentially compromised asset with just-in-time and just-enough-access (JIT/JEA), and risk-based policies like adaptive access control.
- Assume breach
Assume attackers can and will successfully attack anything in the system (identity, network, device, app, infrastructure, etc.) and plan accordingly
Zero Trust Technological Pillars
- Secure identity
Identities – whether they represent people, services, or IoT devices, they define the Zero Trust control plane. When an identity attempts to access a resource, verify that identity with strong authentication, and ensure access is compliant and typical for that identity. Follow least privilege access principles.
- Secure endpoints
Once an identity has been granted access to a resource, data can flow to a variety of different endpoints, i.e. from IoT devices to smartphones, BYOD to partner-managed devices, and on-premises workloads to cloud-hosted servers. This diversity creates a massive attack surface area. Monitor and enforce device health and compliance for secure access.
- Secure applications
Applications and APIs provide the interface by which data is consumed. They may be legacy on-premises, lifted-and-shifted to cloud workloads, or modern SaaS applications. Apply controls and technologies to discover shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behaviour, control user actions, and validate secure configuration options.
- Secure data
Ultimately, security teams are protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Classify, label, and encrypt data and restrict access based on those attributes.
- Secure infrastructure
Infrastructure – on-premises servers, cloud-based VMs, containers, or micro-services, represents a critical threat vector. Assess for version, configuration, and JIT access to harden defence. Use telemetry to detect attacks/anomalies and automatically block and flag risky behaviour and take protective actions.
- Secure networks
All data is ultimately accessed over network infrastructure. Networking controls can provide critical controls to enhance visibility and help prevent attackers from moving laterally across the network. Segment networks (and do deeper in-network micro-segmentation) and deploy real-time threat protection, end-to-end encryption, monitoring, and analytics.
- Visibility, automation, and orchestration
This approach recommends to implement an end-to-end Zero Trust methodology across identities, endpoints and devices, data, apps, infrastructure, and network. These activities increase your visibility, which gives you better data for making trust decisions. With each of these individual areas generating their own relevant alerts, we need an integrated capability to manage the resulting influx of data to better defend against threats and validate trust in a transaction.