The Zero Trust model assumes breach and verifies each request as though it originates in an open network. The policy is “never trust, always verify”. Every access request is fully authenticated, authorised, and encrypted before granting access. User access is limited with just-in-time and just-enough-access (JIT/JEA), risk adaptive policies, and data protection to help secure both data and productivity. Analytics are used to get visibility, drive threat detection, and improve defenses.
Traditional perimeter-based security is no longer fit for purpose. We work in a world with an increase in hybrid and remote working as a well as dispersed workplaces. Organisations today need a security model that adapts to a complex working environment. One which embraces a mobile workforce protecting people, devices, apps and data, no matter where they are located.
Here we outline some of the cloud-based solutions Microsoft has developed to deliver security based on a Zero Trust model.
Identity
This is your first line of defence. Start with a strong cloud identity foundation, like Azure Active Directory (Azure AD). Passwordless authentication is now generally available for cloud and hybrid environment. With Azure AD employees can sign in with biometrics or a tap using Windows Hello for Business, the Microsoft Authenticator app, or a compatible FIDO2 security key from Microsoft Intelligent Security Association partners. Azure AD Conditional Access, the policy engine at the heart of a Zero Trust model solution, now uses authentication context to enforce even more granular policies based on user actions within the app they are using or sensitivity of data they are trying to access. This helps you appropriately protect important information without unduly restricting access to less sensitive content.
Security
Integrated solutions deliver visibility across all your platforms and all your clouds. Some vendors deliver endpoint or email protection, while others deliver Security Information and Event Management (SIEM) tools. Integrating those pieces together can be a time-consuming challenge. Microsoft takes a holistic approach that combines best-of-breed SIEM and extended detection and response (XDR) tools built from the ground up in the cloud to improve your posture, protection, and response. This gives you the best-of-breed combined with the best-of-integration, so you don’t have to compromise.
Microsoft Defender for Endpoint and Defender for Office 365 customers can now investigate and remediate threats from the Microsoft 365 Defender portal. It provides unified alerts, user and investigation pages for deep, automated analysis and simple visualisation. It also provides a new Learning Hub where customers can leverage instructional resources with best practices and how-tos.
Incidents, schema, and user experiences are now common between Microsoft 365 Defender and Azure Sentinel. Microsoft are also continuing to expand connectors for Azure Sentinel and work to simplify data ingestion and automation.
InTune is part of Microsoft’s Enterprise Mobility and Security (EMS) suite and integrates with Azure Active Directory. It is a cloud-based service that focused on mobile device management (MDM) and mobile application management (MAM). Intune can control who has access to your organisations data and what they can have access to. InTune enables people in your organisation to use their personal devices for work while ensuring that your organisations data stays protected. In essence it isolates organisational data from personal data.
Compliance
A Zero Trust model is not just about protection from external threats. It is also about providing protection from internal threats. Compliance includes managing the risks related to data which can be stored across a breadth of clouds and platforms. To get work done collaboration and productivity are critical. The challenge with an increasingly dispersed workforce is to ensure data remains safe wherever it is being worked on. Using Microsoft Information Protection it is now possible for multiple users to simultaneously edit an encrypted Microsoft Office document.
Enabling a comprehensive and flexible approach to data loss prevention solutions is one of the most important ways to protect your data. Microsoft have developed a unified Data Loss Prevention (DLP) solution—a key part of Microsoft Information Protection. It understands and classifies your data, keeps it protected, and prevents data loss across Microsoft 365 Apps (including Word, PowerPoint, Excel, and Outlook), services (including Microsoft Teams, SharePoint, and Exchange), third-party software as a service (SaaS) applications, and more—on-premises or in the cloud. According to Alym Rayani, General Manager of Compliance Marketing at Microsoft, “Microsoft’s unified data loss prevention approach provides simplicity, enabling you to set a data loss prevention (DLP) policy once and have it enforced across services, endpoints, and first-and third-party apps”.
Are you interested in protecting your organisation in an increasingly dispersed world of work? Do you want to minimise security risks in an environment of remote and hybrid working? Get in touch and we will be happy to discuss the solutions that best protect you and your business.