Plan for a Zero Trust security model in your organization
In some ways, the easiest way to think about Zero Trust is to assume everything is on the open internet, even resources we think are safe in our “walled gardens.” Organizations often work under the assumption that "If they're on my network, it’s OK." They believe their network is secure because they implemented sufficient security measures such as firewalls, antivirus software, and access controls. They also believe they can trust the employees and devices they connected to it.
Unfortunately, there's a critical flaw in this assumption. It assumes that all employees and devices on the network are trustworthy and secure, which isn't always the case. Malicious actors can exploit vulnerabilities in the network or in the devices connected to it to gain access and cause damage. Additionally, employees or contractors might accidentally or intentionally compromise the network by clicking on a phishing email, visiting a malicious website, or downloading an infected file.
With the Zero Trust security model, organizations move from the world of implicit assumptions they make based on single elements to explicit verification of all elements of access. Many organizations harden their external access points by requiring multifactor authentication (MFA) or certifications to access their VPN. A successful Zero Trust strategy requires flexible access to applications, systems, and data. At the same time, organizations must maintain security for both users and the resources they need to do their jobs. The five steps that organizations should follow to secure their identity infrastructure include:
- Strengthen your credentials. If users in your identity system are using weak passwords and not strengthening them with MFA, it isn’t a matter of if or when you get compromised. Instead, how often users compromise your identity infrastructure becomes the larger question.
- Reduce your attack surface area. To make life harder for hackers, eliminate using older, less secure protocols, limit access entry points, and exercise more significant control of administrative access to resources.
- Automate threat response. Reduce costs and risks by reducing the time criminals have to embed themselves into your environment.
- Increase your awareness. Use auditing and logging of security-related events and related alerts to help detect potential compromising patterns. These patterns can indicate internal attacks or attempted or successful external penetration of your network.
- Enable user self-help. Reduce friction by enabling your users to stay productive, even as you remain vigilant.
Additional reading. For more information, see Five steps to securing your identity infrastructure.
Move from a model of implicit trust to one of explicit verification
To implement a Zero Trust model—and assuming that all users, applications, and machines are on the internet—you must move from a model of implicit trust to one of explicit verification. You must explicitly:
- Verify authentication claims. Don't assume you have a user that's in a high assurance session (for example, multifactor authentication) because of the network.
- Verify devices. Don't assume the user has a valid machine because of the network.
- Classify and encrypt data. Don't automatically allow access to file shares because the user's on the network.
To determine the overall risk of each session, a robust Zero Trust strategy must consider the full context of the session, which includes:
- The identity of the user.
- The state of the user's device.
- The apps the user runs.
- The sensitivity of the data the user is trying to access.
A Zero Trust model then applies holistic policies that define when to allow, block, or restrict access. These policies control access by requiring extra authentication challenges, such as:
- multifactor authentication
- limiting functionality such as downloads
- applying compliance controls such as terms of use
These holistic policies block both internal and external threats, such as:
- A hacker trying to gain access using stolen credentials on an unknown device.
- A verified user running a healthy device who's trying to access data they don't have permission to see.
This strategy can also create guardrails so well-meaning employees can use organizational resources responsibly.
Zero Trust using Microsoft Entra conditional access
Microsoft Entra ID provides the strong, adaptive, standards-based identity verification required in a Zero Trust framework.
Important
Azure Active Directory (Azure AD) is now Microsoft Entra ID. Learn more.
While Microsoft Entra ID provides intrinsically strong authentication (including automatic adaptive protection against many attacks), it also allows admins to express their access requirements in simple terms. Virtually every aspect of each sign-in (including associated user or session risk) is available to define the conditions under which the system applies access policies. A framework of controls regulates access. For example, extra authentication factors, terms of use, limited access, and other session semantics. These controls guarantee that organizations are “secure at access” in their Zero Trust approach.
Zero Trust Assessment tool
The following factors affect the planning and execution of a Zero Trust security model implementation:
- Different organizational requirements
- Existing technology implementations
- Security stages
The Zero Trust Assessment tool helps organizations determine where they are in their journey across their identities, devices, apps, infrastructure, network, and data. It also tells them which maturity stage they're at (Traditional, Advanced, or Optimal). The assessment provides recommendations on how to progress to the next stage.
To take the Zero Trust assessment, see the Zero Trust Assessment tool.
Additional reading. To learn more about Microsoft's own implementation of a Zero Trust security model, see Implementing a Zero Trust security model at Microsoft.