As an executive who possesses far greater context for business decision-making than deploying technical security measures, I was intrigued by the title of a specific session during Secure 2023, Microsoft’s flagship event for security professionals: “Adopting a Zero Trust Approach Requires Buy-In Across the C-Suite.”
While Zero Trust has become a common moniker within the technical community, translating its substance and business value up to the highest levels of any organization can be a challenge. This short session sought to accomplish just this by defining the concept, framing some of its key tenets, demonstrating a few common use cases for its application, and pointing its participants to the Microsoft solutions available for its implementation.
Mark Simos, Lead Cybersecurity Architect at Microsoft, began by simply defining “Zero Trust” for his audience, “Very simply, Zero Trust is security, minus a flawed assumption that putting a business asset on a network magically makes that business asset more secure. It’s just security, and so ultimately, Zero Trust applies to all the layers of the digital estate; it applies to endpoints, identities, infrastructure, and network.”
He goes on to share three principles related to Zero Trust. First, Zero Trust presumes that every asset within an organization’s technology stack either has been, or will eventually be, compromised. The traditional premise of trusting users, devices, or identities simply because they are located within your company’s secure network is perilous at best. Second, Zero Trust verifies trust explicitly for any asset. Appreciating the things that each asset can control, alter, or influence, be certain that each asset’s definitive identity has been established. Finally, Zero Trust applies the principle of least-privileged access. Access to company assets is restricted by refusing to allow an asset permission any greater (just-enough) or longer (just-in-time) than is required for the job at hand.
From here, and consistent with the session title, the presentation narrowed its focus to the C-suite executive, highlighting the business benefits uncovered through the application of Zero Trust principles. Based upon a study that Microsoft commissioned through Forrester Consulting, entitled “The Total Economic Impact™ Of Zero Trust Solutions From Microsoft,”¹ this white paper was able to quantify the economic and financial benefits of Zero Trust into a series of compelling data points including:
1. An investment in Microsoft Zero Trust solutions has a 92% return on investment (ROI) with a less than six-month payback.
2. Deploying Microsoft Zero Trust solutions leads, on average, to 50% decreases in:
a) calls placed to IT and help desk analysts regarding security, identity, and access-management;
b) the risk of a data breach;
c) management time due to improved security processes.
3. 25% reduction in the resources required for audit and compliance management while reducing the likelihood of regulatory fines.
With this compelling backdrop, the session went on to present two common use cases in which Microsoft products facilitate a Zero Trust posture. First, supporting remote and hybrid work from anywhere, anytime, and from any device; and second, in the event of a breach, minimizing any potential consequence to end-user productivity and business reputation.
The session concluded by pointing its attendees to some of the resources that Microsoft makes available to promote an organization’s Zero Trust journey: the CISO Workshop via Microsoft Unified and Zero Trust blogs published in the Microsoft community.
This session certainly reinforced what I have come to understand over my years in the technology consulting sphere, that the risk of cybersecurity inaction, or misdirected action, is exceedingly large. While bad actors are devoting exponentially greater resources each year to breach company assets, this spend is matched by Microsoft’s tireless investment into its secure platform and toolset. It is further apparent that the thoughtful application of Zero Trust principles through the Microsoft ecosystem create not only security resilience, but business value through the enhancement of productivity, the elimination of waste, and the avoidance of financial and reputational loss.
Curious as to how your organization can begin its journey to installing Zero Trust within your digital estate? Reach out to the Microsoft experts and technology ninjas at Cloudforce. We are building, deploying, and monitoring these very solutions for many of the best-secured organizations across the nation. It would be our privilege to welcome you to the Zero Trust era of Microsoft security.
1 The Total Economic Impact™ Of Zero Trust Solutions From Microsoft