Accelerating Zero Trust Security – Part 1
Aug 8, 2020
How to prioritize your zero trust security initiatives
We’re seeing major technological shifts such as work-from-home, automation, robotics, IoT, etc. accelerate due to the recent health and ensuing economic disruptions. Reality is that digitization was already facilitating these trends, and now CIO/CISOs must take the helm in enabling their organizations to make the transition toward the new “normal” of conducting business while reducing cybersecurity risk.
One of the major enablers of digitization is zero trust security (ZTS), which was discussed in one of our recent blog posts. Not surprisingly, ZTS is now a business priority—not just a technical thing—for those CIO/CISOs who are recognizing the need to adapt their security approaches to the new business realities.
Knowing how to correctly identify and prioritize Zero Trust Security activities across its six major areas is crucial, including:
- Identities from users to endpoints to IoT devices with strong authentication, least privilege access, anomalous behavior detection, etc.
- Devices whether company-owned or bring-your-own (BYO) that are both secure and compliant to provide users with access to apps and data.
- Apps and API monitoring and remediation to detect abnormal behavior, unauthorized user actions, and insecure configurations.
- Data access policy violations and data loss prevention (DLP) incidents for confidential and restricted data.
- Infrastructure configuration, monitoring, just-in-time (JIT) access to VMs, containers, and microservices.
- Network controls and micro-segmentation to detect attackers from moving laterally across the network.
We recommend organizations develop 30/60/90-day plans using Agile practices to enable Zero Trust Security. In this part one of the ZTS post, we provide specific, practical actions and related tech recommendations to implement ZTS during the first 30 days as outlined below.
Component | Actions | Recommended Tech |
Identities | Implement federated identity management across on-prem and cloud Enable all admin accounts for multi-factor Implement a security Develop and enforce conditional access |
Azure Active Directory (AD) |
Devices | Enable BYOD users to connect to organizational resources Domain-join or register user devices |
Microsoft Intune, Azure AD, |
Apps & API | Perform ongoing shadow IT discovery and risk assessment of unsanctioned apps Implement policy-based access controls |
Microsoft Threat Protection (MTP), Microsoft Cloud App Security (MCAS), Azure Sentinel |
Data | Create a data classification policy and labels that users can apply from within the apps they are using Implement encryption of data at rest, in Enforce data loss prevention (DLP) |
MTP, Microsoft Endpoint Data Loss Prevention (DLP), Microsoft Information Protection (MIP), MCAS |
Infrastructure | Enable cloud workload protection solution across hybrid clouds and on- prem Assign system-managed identities and Use an integrated threat detection tool Provide security information and event |
Azure AD, Azure Key Vault, Azure Sentinel |
Network | Enable access to on-premises apps and resources without a virtual private network (VPN) Develop a federation model to manage Enable cloud-based threat protection for |
Azure Sentinel, Azure AD, Azure Network Security Groups (NSG), Application Security Groups (ASG) |
Although some of these recommendations to adopt Zero Trust Security may seem challenging due to unique constraints in your environment, we’ve seen most organizations perform these actions fairly quickly, especially if they’re working with an experienced team of cybersecurity professionals. Remember it’s not only the initial setup but the ongoing management of ZTS that’s critically important because it’ll continue to evolve rapidly.
In part two of this series, we’ll focus on the 60/90-day implementation activities and tech recommendations. Meanwhile, consider these three questions as you reflect on how best to enable Zero Trust Security at your organization in support of business needs:
- Have you adopted a ZTS maturity model to identify where you’re on the spectrum of maturity?
- Have you identified the cybersecurity products and services needed for enabling ZTS?
- What’s your plan for monitoring and managing your ZTS implementation either internally or with the help of a cybersecurity managed services provider?