Accelerating Zero Trust Security (ZTS) – Part 2

August 17, 2020|Fawaad Khan

How to prioritize your zero trust security (ZTS) initiatives

In part 1 of this blog post on zero trust security (ZTS), we discussed the trends that are accelerating digitization and why CIO/CISOs need to adapt their cybersecurity posture as a result.

We’d submit to you that Zero Trust Security is arguably the most important development in cybersecurity since the days of the exploding e-commerce in the early 2000s when most organizations were forced to shift from not only securing client-server architectures interacting within the confines of one’s own data centers. Those businesses also had to figure out how to secure exploding new e-commerce architectures requiring connectivity to anyone and anywhere over the internet, and around the world.

In the first part of this blog post, we outlined specific actions and recommended tech for each of the components of ZTS that organizations can adopt during the first 30 days to jump-start their journey, and now we define additional actions that you can take during 60-90 days as outlined below.

Component	Actions	Recommended Tech
Identities	Enable all user accounts for multi-factor authentication (MFA) Design and deploy access policies to use multiple contexts, including user risk, device compliance, network location, and sign-in risk Grant administrative access to applications provided with just-in-time (JIT) and least privilege to reduce risk of permanent assignments and excess permissions Review administrative privileges at least every 90 days to manage the risk of compromised identities	Microsoft Active Directory (AD)
Devices	Use policy-based access based on the device’s security and compliance state to grant access to organizational apps and data Integrate endpoint threat detection and response (EDR) with SIEM to enable detection of cyberattacks across devices and cloud apps	Microsoft Intune, Microsoft AD, Microsoft Threat Protection (MTP), Microsoft Sentinel
Apps & API	Enable apps for SSO with access managed via identity and device checks Discover and enforce data policies for cloud apps using reverse proxies and API Secure API communication via certificates and access via keys managed by a cloud gateway Enable real-time in-session monitoring to identify risks and respond Deliver granular control to your apps (such as limited visibility, read-only, block, and more) based on user and session risk	MTP, Microsoft Cloud App Security (MCAS), Microsoft Sentinel
Data	Use an ML/AI tool to discover, classify and label data on a continuous basis Manage access decisions via data sensitivity criteria instead of relying on network perimeter or endpoint agent-based controls only	MTP, Microsoft Endpoint Data Loss Prevention (DLP), Microsoft Information Protection (MIP), MCAS
Infrastructure	Deploy AI/ML tools to enable a security operations team to use behavior analytics to detect and investigate threats Use security orchestration, automation, and remediation (SOAR) tool to reduce manual effort in threat response	Microsoft AD, Microsoft Key Vault, Microsoft Sentinel, Microsoft Logic Apps, Microsoft Jupyter Notebooks
Network	Implement ingress/egress software-defined policies for both north/south and east/west traffic for sensitive apps and data repository Implement network micro-segmentation to detect lateral movement Establish role-based secure administrative access to protect network segments	Microsoft Sentinel, Microsoft AD, Microsoft Network Security Groups (NSG), Application Security Groups (ASG)

We’ll continue to share best practices and lessons learned in future posts on ZTS based on our work with customers because this is an area that will continue to evolve in leaps and bounds.

In closing, consider these three questions as you enable ZTS at your organization:

Is your IT and cybersecurity strategy aligned with ZTS actions and the recommended tech outlined in these posts?
Have you developed a change management and user training plan because ZTS will impact your organizational processes?
What’s the plan to address the skills gap of your cybersecurity team to ensure that the ZTS can be implemented quickly and correctly?

How Can We Help?

Main Contact Form

First Name

Last Name

Company Email

Company Name

Work Phone

Country

How can we help?

Additional Information

By checking this box, you consent to CyberMSI using the information you provided to subscribe you to communications and content from CyberMSI and its partners relevant to your request. Such communications may be in the form of email, phone, or postal service. You may unsubscribe at any time. CyberMSI respects your privacy: for additional details on how CyberMSI uses and protects your information, click here to view our Privacy Policy.