Microsoft believes companies should be utilizing Zero Trust in order to keep their systems secure. Zero Trust is a security model in which a company always assumes there is a breach and provides the least privileged access necessary.
Remote work, and now hybrid work, have shown the need for employees to securely access applications from all types of devices, some of which are BYOD. This has further made Zero Trust a necessity, Microsoft explained.
“To truly meet this challenge, defenders across the industry must come together for an end-to-end, Zero Trust security approach that covers the entire technology ecosystem. Because today, digital transformation cannot happen without security transformation. Even as many people start to transition back to the office, we expect a future where hybrid work is the norm. People are working on corporate networks and home networks and moving fluidly between business and personal activity online thanks to technologies intertwined with both aspects of our daily routines. The network is changing with employees’ home networks and devices are now part of the corporate network. What this means for organizations is that the network is suddenly without firm borders,” a Microsoft spokesperson told ITOps Times in an email.
RELATED CONTENT: Microsoft reveals new cybersecurity issues in a remote world
Microsoft believes following a unified device management approach is crucial to successful Zero Trust implementation in these cases.
For successful unified device management, Microsoft recommends:
- Connect devices to the cloud identity
- Ensure that devices are managed
- Ensure those devices are healthy.
Microsoft has a number of capabilities that organizations can use to help with that management. It recently added capabilities to Microsoft Endpoint Manager, such as filters and conditional launch settings with App Protection Policies. “These controls can block access or wipe data based on conditions such as maximum OS version, jailbroken or rooted devices, or require Android devices to pass SafetyNet attestation,” the Microsoft spokesperson explained.
When getting started with Zero Trust, Microsoft first recommends companies take time to assess where they are at in order to determine how to move on to the next stage. It recommends looking at the tools an organization already has in place and using those if possible.
For example, weak passwords, password spraying and phishing are entry points for a majority of attacks. Multi-factor authentication is a defense against that, but according to Microsoft’s data, only 18% of its customers are using it.
“The hybrid world is largely perimeterless, so wrapping protections around identity and devices is critical. As part of Zero Trust, we also think the future is passwordless and we will start to see that transition. We believe that Zero Trust security strategy and architecture is most effective when integrated across [the] entire digital estate and equally across all pillars,” the Microsoft spokesperson said.
Microsoft also added that it understands many companies will need to take a phased approach to Zero Trust based on their maturity, available resources, and priorities. “Zero Trust is a journey and it is important to consider each investment carefully and align them with current business needs. The first step does not have to be a large lift and shift to cloud-based security tools. Many organizations will benefit greatly from utilizing hybrid infrastructure that connects into their existing security investments to begin to realize the value of Zero Trust initiatives more quickly. Fortunately, each step forward will make a difference in reducing risk and returning trust in the entirety of the digital estate,” the Microsoft spokesperson said.