Accelerating Zero Trust Security – Part 1
How to prioritize your zero trust security initiatives
We’re seeing major technological shifts such as work-from-home, automation, robotics, IoT, etc. accelerate due to the recent health and ensuing economic disruptions. Reality is that digitization was already facilitating these trends, and now CIO/CISOs must take the helm in enabling their organizations to make the transition toward the new “normal” of conducting business while reducing cybersecurity risk.
One of the major enablers of digitization is zero trust security (ZTS), which was discussed in one of our recent blog posts. Not surprisingly, ZTS is now a business priority—not just a technical thing—for those CIO/CISOs who are recognizing the need to adapt their security approaches to the new business realities.
Knowing how to correctly identify and prioritize Zero Trust Security activities across its six major areas is crucial, including:
- Identities from users to endpoints to IoT devices with strong authentication, least privilege access, anomalous behavior detection, etc.
- Devices whether company-owned or bring-your-own (BYO) that are both secure and compliant to provide users with access to apps and data.
- Apps and API monitoring and remediation to detect abnormal behavior, unauthorized user actions, and insecure configurations.
- Data access policy violations and data loss prevention (DLP) incidents for confidential and restricted data.
- Infrastructure configuration, monitoring, just-in-time (JIT) access to VMs, containers, and microservices.
- Network controls and micro-segmentation to detect attackers from moving laterally across the network.
We recommend organizations develop 30/60/90-day plans using Agile practices to enable Zero Trust Security. In this part one of the ZTS post, we provide specific, practical actions and related tech recommendations to implement ZTS during the first 30 days as outlined below.
|Identities||Implement federated identity management
across on-prem and cloud
Enable all admin accounts for multi-factor
Implement a security
Develop and enforce conditional access
|Azure Active Directory (AD)|
|Devices||Enable BYOD users to connect to
Domain-join or register user devices
|Microsoft Intune, Azure AD,|
|Apps & API||Perform ongoing shadow IT discovery
and risk assessment of unsanctioned
Implement policy-based access controls
|Microsoft Threat Protection
(MTP), Microsoft Cloud App
Security (MCAS), Azure
|Data||Create a data classification policy and
labels that users can apply from within
the apps they are using
Implement encryption of data at rest, in
Enforce data loss prevention (DLP)
|MTP, Microsoft Endpoint
Data Loss Prevention (DLP),
Protection (MIP), MCAS
|Infrastructure||Enable cloud workload protection
solution across hybrid clouds and on-
Assign system-managed identities and
Use an integrated threat detection tool
Provide security information and event
|Azure AD, Azure Key Vault,
|Network||Enable access to on-premises apps and
resources without a virtual private network
Develop a federation model to manage
Enable cloud-based threat protection for
|Azure Sentinel, Azure AD,
Azure Network Security
Groups (NSG), Application
Security Groups (ASG)
Although some of these recommendations to adopt Zero Trust Security may seem challenging due to unique constraints in your environment, we’ve seen most organizations perform these actions fairly quickly, especially if they’re working with an experienced team of cybersecurity professionals. Remember it’s not only the initial setup but the ongoing management of ZTS that’s critically important because it’ll continue to evolve rapidly.
In part two of this series, we’ll focus on the 60/90-day implementation activities and tech recommendations. Meanwhile, consider these three questions as you reflect on how best to enable Zero Trust Security at your organization in support of business needs:
- Have you adopted a ZTS maturity model to identify where you’re on the spectrum of maturity?
- Have you identified the cybersecurity products and services needed for enabling ZTS?
- What’s your plan for monitoring and managing your ZTS implementation either internally or with the help of a cybersecurity managed services provider?