With today’s evolving landscape of hybrid work, businesses and their data are exposed to threats outside just their corporate networks. 81% of businesses are moving to a hybrid workspace, which introduces new complexities that come with even more security concerns. How can corporations balance the benefits of a hybrid workspace while also securing their data from new threats?
The idea of Zero Trust security is not new; however, Microsoft has been working to create new features in Microsoft 365 and Azure to help customers better utilize the principles that make up the Zero Trust security model. So, what exactly is “Zero Trust”? Microsoft describes their Zero Trust approach as consisting of three primary concepts:
- Verify explicitly
- Use least privileged access
- Assume breach
“Verify explicitly” in this context refers to the identity and access management component of Microsoft services; most commonly, this will be Azure Active Directory (AD). Even though a correct username and password is entered, does that mean it is the user in question logging in? Or has a malicious actor stolen their credentials? Microsoft has implemented tools to help businesses better govern their identity management and secure their identity and access controls. For example, Conditional Access policies can require additional verification based on conditions the organization specifies, such as location, applications being accessed, and more. In addition to requiring a second authentication method, these policies can be used to ensure devices meet organization compliance. There are also risky sign-in and risky user-detection policies that can automatically act when malicious login attempts occur or when a user account is suspected of being compromised.
Least privileged access is the concept of only providing enough access for an employee to do their job. Ideally, a business would want employees to only have access to files and business information that is pertinent to their daily tasks. Microsoft has implemented several tools to help organizations utilize least privileged access while ensuring employees can still do their jobs with little to no interruption. Through the use of tools such as Privileged Identity Management (PIM) and Privileged Access Management (PAM), users can elevate their permissions temporarily, provide a reason for the privilege escalation, and can be prompted by a second factor to enable these elevated permissions. This allows organizations to better secure accounts that may not always need administrator permissions by treating them as a lower privileged account the majority of the time.
Lastly, in a Zero Trust environment, an organization must have the mindset of “assumed breach.” Essentially, the organization has to operate under the assumption that accounts are going to be compromised. The unfortunate truth of modern information technology is that breaches happen. And when they do, it is imperative that the potential impact is minimized. Applications need to be designed in such a way that minimal damage is incurred when a breach occurs. Group membership for privileged information should be audited routinely so accounts that no longer need access can be removed. This ties into both verifying explicitly and using least privileged access — organizations should require multiple methods of authentication, always ask for authentication, and only provide access to what is necessary for the job function.
User accounts are not the only way that attackers can breach an organization, however. Zero Trust applies to not only employee accounts, but also data, applications, networks, and endpoints. By leveraging Microsoft security products, such as Microsoft Defender for Endpoint, organizations can establish security baselines for their user devices, create alerts when malicious software or activity is detected, and even automate the resolution of security events. They can also leverage this to enforce device compliance and prevent access to corporate resources if a computer falls outside the compliance guidelines set. Additionally, Microsoft Sentinel allows organizations to aggregate their event and logging information into a single solution. (For more information on Microsoft Defender for Endpoint and Microsoft Sentinel, see our Cloud Security Administrator Christian Ellis’s blog post here.)
Cloudforce has taken steps internally to adopt Microsoft’s best practices for establishing a Zero Trust environment and has used that experience to help shape the security conversation with our clients. We understand the process because we utilize it ourselves. Our team of technologists have the knowledge and experience to assess environments, discover security shortcomings, and deploy solutions to keep your business secure in the ever-evolving cyber landscape.
Organizations need to be security conscious in the modern digital world. Implementing a Zero Trust approach can help secure your business and help ensure that only authorized users have access — exactly to what they need — to mitigate your attack surface. If you are interested in learning more about how your organization can leverage the tools to be better protected in the cloud, please reach out to us to schedule a conversation with one of our cloud security experts via the links below.