Based on the principle of “never trust, always verify, Zero Trust helps secure corporate resources by eliminating unknown and unmanaged devices and limiting lateral movement. Implementing a true Zero Trust model requires that all components—user identity, device, network, and applications—be validated and proven trustworthy. Taking a layered approach to secure corporate and customer data, Microsoft’s phased implementation of Zero Trust centers on strong user identity, device health verification, validation of application health, and secure, least-privilege access to corporate resources and services. The core principle of zero trust is maintaining strict access control.
Below are the 10 Tips for enabling Zero Trust Security for your customers:
- Realign around Identity – Identity is the best starting point for Zero Trust.
- Implement conditional access controls – Hackers routinely compromise identity credentials and use them to access systems and move laterally in the network.
- Strengthen your credentials – Weak passwords undermine the security of your identity system and make it easy for hackers to compromise your network via, for example, password spraying or credential-stuffing attacks.
- Plan for a dual-perimeter strategy – To prevent business disruption and re-introducing old risks, maintain existing network based protections while adding new identity-based controls to your environment.
- Integrate intelligence and behavior analytics – Support for identity-based access control in cloud applications is not the only reason to accelerate cloud migration.
- Reduce your attack surface – To bolster the security of your identity infrastructure, it’s important to minimize your attack surface. (That’s good security practice in general, of course.)
- Increase security awareness – Use a Security Information and Event Management (SIEM) system to aggregate and correlate the data to better detect suspicious activities and patterns.
- Enable end-user self-help – Users are likely to be far less resistant to Zero Trust than they are to many other security initiatives.
- Don’t overpromise – Zero Trust is not a single ‘big bang’ initiative like implementing multi-factor authentication.
- Show value along the way – One of the most effective ways to build long-term support for a Zero Trust initiative is to demonstrate incremental value with each investment.
There’s no way to predict which new exploits will appear in the wild on any given day or how they might gain entry into your environment. Because one can never assume that any particular user or the device, app, or network they’re using is completely safe, the only reasonable approach to security is to trust nothing and verify everything. A Zero Trust model is not easy to achieve, but it’s a key element of any long-term modernization objective for the digital enterprise.