Accelerating Zero Trust Security – Part 1
How to prioritize your zero trust security initiatives
We’re seeing major technological shifts such as work-from-home, automation, robotics, IoT, etc. accelerate due to the recent health and ensuing economic disruptions. Reality is that digitization was already facilitating these trends, and now CIO/CISOs must take the helm in enabling their organizations to make the transition toward the new “normal” of conducting business while reducing cybersecurity risk.
One of the major enablers of digitization is zero trust security (ZTS), which was discussed in one of our recent blog posts. Not surprisingly, ZTS is now a business priority—not just a technical thing—for those CIO/CISOs who are recognizing the need to adapt their security approaches to the new business realities.
Knowing how to correctly identify and prioritize Zero Trust Security activities across its six major areas is crucial, including:
- Identities from users to endpoints to IoT devices with strong authentication, least privilege access, anomalous behavior detection, etc.
- Devices whether company-owned or bring-your-own (BYO) that are both secure and compliant to provide users with access to apps and data.
- Apps and API monitoring and remediation to detect abnormal behavior, unauthorized user actions, and insecure configurations.
- Data access policy violations and data loss prevention (DLP) incidents for confidential and restricted data.
- Infrastructure configuration, monitoring, just-in-time (JIT) access to VMs, containers, and microservices.
- Network controls and micro-segmentation to detect attackers from moving laterally across the network.
We recommend organizations develop 30/60/90-day plans using Agile practices to enable Zero Trust Security. In this part one of the ZTS post, we provide specific, practical actions and related tech recommendations to implement ZTS during the first 30 days as outlined below.
|Identities||Implement federated identity management|
across on-prem and cloud
Enable all admin accounts for multi-factor
Implement a security
policy engine for making access decisions
Develop and enforce conditional access
policies based on user risk
|Microsoft Active Directory (AD)|
|Devices||Enable BYOD users to connect to|
Domain-join or register user devices
with a cloud-based device and app
|Microsoft Intune, Microsoft AD,|
|Apps & API||Perform ongoing shadow IT discovery|
and risk assessment of unsanctioned
Implement policy-based access controls
|Microsoft Threat Protection|
(MTP), Microsoft Cloud App
Security (MCAS), Microsoft
|Data||Create a data classification policy and|
labels that users can apply from within
the apps they are using
Implement encryption of data at rest, in
transport and in use across devices and
cloud for confidential and restricted data
Enforce data loss prevention (DLP)
policies on all managed and
|MTP, Microsoft Endpoint|
Data Loss Prevention (DLP),
Protection (MIP), MCAS
|Infrastructure||Enable cloud workload protection|
solution across hybrid clouds and on-
Assign system-managed identities and
key management to all workloads
Use an integrated threat detection tool
for endpoints, email attacks, and identity
Provide security information and event
management (SIEM) solution to
aggregate and analyze events across
|Microsoft AD, Microsoft Key Vault, |
|Network||Enable access to on-premises apps and|
resources without a virtual private network
Develop a federation model to manage
cybersecurity functions for cloud
Enable cloud-based threat protection for
|Microsoft Sentinel, Microsoft AD,|
Microsoft Network Security
Groups (NSG), Application
Security Groups (ASG)
Although some of these recommendations to adopt Zero Trust Security may seem challenging due to unique constraints in your environment, we’ve seen most organizations perform these actions fairly quickly, especially if they’re working with an experienced team of cybersecurity professionals. Remember it’s not only the initial setup but the ongoing management of ZTS that’s critically important because it’ll continue to evolve rapidly.
In part two of this series, we’ll focus on the 60/90-day implementation activities and tech recommendations. Meanwhile, consider these three questions as you reflect on how best to enable Zero Trust Security at your organization in support of business needs:
- Have you adopted a ZTS maturity model to identify where you’re on the spectrum of maturity?
- Have you identified the cybersecurity products and services needed for enabling ZTS?
- What’s your plan for monitoring and managing your ZTS implementation either internally or with the help of a cybersecurity managed services provider?