How to prioritize your zero trust security (ZTS) initiatives
In part 1 of this blog post on zero trust security (ZTS), we discussed the trends that are accelerating digitization and why CIO/CISOs need to adapt their cybersecurity posture as a result.
We’d submit to you that Zero Trust Security is arguably the most important development in cybersecurity since the days of the exploding e-commerce in the early 2000s when most organizations were forced to shift from not only securing client-server architectures interacting within the confines of one’s own data centers. Those businesses also had to figure out how to secure exploding new e-commerce architectures requiring connectivity to anyone and anywhere over the internet, and around the world.
In the first part of this blog post, we outlined specific actions and recommended tech for each of the components of ZTS that organizations can adopt during the first 30 days to jump-start their journey, and now we define additional actions that you can take during 60-90 days as outlined below.
Component | Actions | Recommended Tech |
Identities | Enable all user accounts for multi-factor authentication (MFA) Design and deploy access policies to use multiple contexts, including user risk, device compliance, network location, and sign-in risk Grant administrative access to applications provided with just-in-time (JIT) and least privilege to reduce risk of permanent assignments and excess permissions Review administrative privileges at least every 90 days to manage the risk of compromised identities | Microsoft Active Directory (AD) |
Devices | Use policy-based access based on the device’s security and compliance state to grant access to organizational apps and data Integrate endpoint threat detection and response (EDR) with SIEM to enable detection of cyberattacks across devices and cloud apps | Microsoft Intune, Microsoft AD, Microsoft Threat Protection (MTP), Microsoft Sentinel |
Apps & API | Enable apps for SSO with access managed via identity and device checks Discover and enforce data policies for cloud apps using reverse proxies and API Secure API communication via certificates and access via keys managed by a cloud gateway Enable real-time in-session monitoring to identify risks and respond Deliver granular control to your apps (such as limited visibility, read-only, block, and more) based on user and session risk | MTP, Microsoft Cloud App Security (MCAS), Microsoft Sentinel |
Data | Use an ML/AI tool to discover, classify and label data on a continuous basis Manage access decisions via data sensitivity criteria instead of relying on network perimeter or endpoint agent-based controls only | MTP, Microsoft Endpoint Data Loss Prevention (DLP), Microsoft Information Protection (MIP), MCAS |
Infrastructure | Deploy AI/ML tools to enable a security operations team to use behavior analytics to detect and investigate threats Use security orchestration, automation, and remediation (SOAR) tool to reduce manual effort in threat response | Microsoft AD, Microsoft Key Vault, Microsoft Sentinel, Microsoft Logic Apps, Microsoft Jupyter Notebooks |
Network | Implement ingress/egress software-defined policies for both north/south and east/west traffic for sensitive apps and data repository Implement network micro-segmentation to detect lateral movement Establish role-based secure administrative access to protect network segments | Microsoft Sentinel, Microsoft AD, Microsoft Network Security Groups (NSG), Application Security Groups (ASG) |
We’ll continue to share best practices and lessons learned in future posts on ZTS based on our work with customers because this is an area that will continue to evolve in leaps and bounds.
In closing, consider these three questions as you enable ZTS at your organization:
- Is your IT and cybersecurity strategy aligned with ZTS actions and the recommended tech outlined in these posts?
- Have you developed a change management and user training plan because ZTS will impact your organizational processes?
- What’s the plan to address the skills gap of your cybersecurity team to ensure that the ZTS can be implemented quickly and correctly?