Accelerating Zero Trust Security (ZTS) – Part 2

Accelerating Zero Trust Security (ZTS) Part 2

How to prioritize your zero trust security (ZTS) initiatives

In part 1 of this blog post on zero trust security (ZTS), we discussed the trends that are accelerating digitization and why CIO/CISOs need to adapt their cybersecurity posture as a result. 

We’d submit to you that Zero Trust Security is arguably the most important development in cybersecurity since the days of the exploding e-commerce in the early 2000s when most organizations were forced to shift from not only securing client-server architectures interacting within the confines of one’s own data centers. Those businesses also had to figure out how to secure exploding new e-commerce architectures requiring connectivity to anyone and anywhere over the internet, and around the world. 

In the first part of this blog post, we outlined specific actions and recommended tech for each of the components of ZTS that organizations can adopt during the first 30 days to jump-start their journey, and now we define additional actions that you can take during 60-90 days as outlined below.

Component ActionsRecommended Tech
IdentitiesEnable all user accounts for multi-factor authentication (MFA)

Design and deploy access policies to use multiple contexts, including user risk, device compliance, network location, and sign-in risk

Grant administrative access to applications provided with just-in-time (JIT) and least privilege to reduce risk of permanent assignments and excess permissions

Review administrative privileges at least every 90 days to manage the risk of compromised identities
Microsoft Active Directory (AD)
DevicesUse policy-based access based on the device’s security and compliance state to grant access to organizational apps and data

Integrate endpoint threat detection and response (EDR) with SIEM to enable detection of cyberattacks across devices and cloud apps
Microsoft Intune, Microsoft AD, Microsoft Threat Protection (MTP), Microsoft Sentinel
Apps & APIEnable apps for SSO with access managed via identity and device checks

Discover and enforce data policies for cloud apps using reverse proxies and API

Secure API communication via certificates and access via keys managed by a cloud gateway

Enable real-time in-session monitoring to identify risks and respond

Deliver granular control to your apps (such as limited visibility, read-only, block, and more) based on user and session risk
MTP, Microsoft Cloud App Security (MCAS), Microsoft Sentinel
DataUse an ML/AI tool to discover, classify and label data on a continuous basis

Manage access decisions via data sensitivity criteria instead of relying on network perimeter or endpoint agent-based controls only
MTP, Microsoft Endpoint Data Loss Prevention (DLP), Microsoft Information Protection (MIP), MCAS
InfrastructureDeploy AI/ML tools to enable a security operations team to use behavior analytics to detect and investigate threats

Use security orchestration, automation, and remediation (SOAR) tool to reduce manual effort in threat response
Microsoft AD, Microsoft Key Vault, Microsoft Sentinel, Microsoft Logic Apps, Microsoft Jupyter Notebooks
NetworkImplement ingress/egress software-defined policies for both north/south and east/west traffic for sensitive apps and data repository

Implement network micro-segmentation to detect lateral movement

Establish role-based secure administrative access to protect network segments
Microsoft Sentinel, Microsoft AD, Microsoft Network Security Groups (NSG), Application Security Groups (ASG)

We’ll continue to share best practices and lessons learned in future posts on ZTS based on our work with customers because this is an area that will continue to evolve in leaps and bounds.

In closing, consider these three questions as you enable ZTS at your organization:

  1. Is your IT and cybersecurity strategy aligned with ZTS actions and the recommended tech outlined in these posts?
  2. Have you developed a change management and user training plan because ZTS will impact your organizational processes?
  3. What’s the plan to address the skills gap of your cybersecurity team to ensure that the ZTS can be implemented quickly and correctly?

How Can We Help?

Main Contact Form