How to prioritize your zero trust security initiatives
We’re seeing major technological shifts such as work-from-home, automation, robotics, IoT, etc. accelerate due to the recent health and ensuing economic disruptions. Reality is that digitization was already facilitating these trends, and now CIO/CISOs must take the helm in enabling their organizations to make the transition toward the new “normal” of conducting business while reducing cybersecurity risk.
One of the major enablers of digitization is zero trust security (ZTS), which was discussed in one of our recent blog posts. Not surprisingly, ZTS is now a business priority—not just a technical thing—for those CIO/CISOs who are recognizing the need to adapt their security approaches to the new business realities.
Knowing how to correctly identify and prioritize Zero Trust Security activities across its six major areas is crucial, including:
- Identities from users to endpoints to IoT devices with strong authentication, least privilege access, anomalous behavior detection, etc.
- Devices whether company-owned or bring-your-own (BYO) that are both secure and compliant to provide users with access to apps and data.
- Apps and API monitoring and remediation to detect abnormal behavior, unauthorized user actions, and insecure configurations.
- Data access policy violations and data loss prevention (DLP) incidents for confidential and restricted data.
- Infrastructure configuration, monitoring, just-in-time (JIT) access to VMs, containers, and microservices.
- Network controls and micro-segmentation to detect attackers from moving laterally across the network.
We recommend organizations develop 30/60/90-day plans using Agile practices to enable Zero Trust Security. In this part one of the ZTS post, we provide specific, practical actions and related tech recommendations to implement ZTS during the first 30 days as outlined below.
Component | Actions | Recommended Tech |
Identities | Implement federated identity management across on-prem and cloud Enable all admin accounts for multi-factor authentication (MFA) Implement a security policy engine for making access decisions Develop and enforce conditional access policies based on user risk | Microsoft Active Directory (AD) |
Devices | Enable BYOD users to connect to organizational resources Domain-join or register user devices with a cloud-based device and app management platform | Microsoft Intune, Microsoft AD, |
Apps & API | Perform ongoing shadow IT discovery and risk assessment of unsanctioned apps Implement policy-based access controls for apps | Microsoft Threat Protection (MTP), Microsoft Cloud App Security (MCAS), Microsoft Sentinel |
Data | Create a data classification policy and labels that users can apply from within the apps they are using Implement encryption of data at rest, in transport and in use across devices and cloud for confidential and restricted data Enforce data loss prevention (DLP) policies on all managed and unmanaged devices | MTP, Microsoft Endpoint Data Loss Prevention (DLP), Microsoft Information Protection (MIP), MCAS |
Infrastructure | Enable cloud workload protection solution across hybrid clouds and on- prem Assign system-managed identities and key management to all workloads Use an integrated threat detection tool for endpoints, email attacks, and identity attacks Provide security information and event management (SIEM) solution to aggregate and analyze events across multiple sources | Microsoft AD, Microsoft Key Vault, Microsoft Sentinel |
Network | Enable access to on-premises apps and resources without a virtual private network (VPN) Develop a federation model to manage cybersecurity functions for cloud Enable cloud-based threat protection for all assets | Microsoft Sentinel, Microsoft AD, Microsoft Network Security Groups (NSG), Application Security Groups (ASG) |
Although some of these recommendations to adopt Zero Trust Security may seem challenging due to unique constraints in your environment, we’ve seen most organizations perform these actions fairly quickly, especially if they’re working with an experienced team of cybersecurity professionals. Remember it’s not only the initial setup but the ongoing management of ZTS that’s critically important because it’ll continue to evolve rapidly.
In part two of this series, we’ll focus on the 60/90-day implementation activities and tech recommendations. Meanwhile, consider these three questions as you reflect on how best to enable Zero Trust Security at your organization in support of business needs:
- Have you adopted a ZTS maturity model to identify where you’re on the spectrum of maturity?
- Have you identified the cybersecurity products and services needed for enabling ZTS?
- What’s your plan for monitoring and managing your ZTS implementation either internally or with the help of a cybersecurity managed services provider?