Zero Trust in Microsoft Azure 1— “never trust, always verify.”

Hi Squad,

Hi Squad,

I am going to write about implementing Zero trust in Microsoft Azure. Let’s not waste time and jump right into it.

Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Organizations now require a new security paradigm that can adapt to the complexity of the contemporary environment, embrace the mobile workforce, and safeguard users, devices, apps, and data wherever they may be.

To address this new world of computing, Microsoft highly recommends the Zero Trust security model, which is based on these guiding principles:

  • Verify explicitly — Always authenticate and authorize based on all available data points.
  • Use least privilege access — Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
  • Assume breach — Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

This is the core of Zero Trust. The Zero Trust approach assumes breach and validates each request as though it came from an uncontrolled network, as opposed to thinking that everything inside the company firewall is secure. The Zero Trust paradigm instructs us to “never trust, always verify,” regardless of where the request is coming from or what resource it accesses.

A Zero Trust strategy should be implemented across the full digital estate and act as an integrated security tenet and end-to-end plan. To achieve this, six fundamental parts are implemented with Zero Trust controls and technology. Each of them serves as a signal source, a control plane for enforcement, and a vital resource that has to be protected.

From security perimeter to Zero Trust

The conventional method of access management for IT has relied on limiting access to a business network before adding further safeguards as necessary. This model has grown too restrictive to fulfill the demands of a dynamic organization since it limits all resources to a corporate-owned network connection.

As they embrace remote work and use cloud technology to digitally transform their company strategy, customer engagement model, employee engagement model, and empowerment model, organizations must adopt a Zero Trust approach to access control.

Zero trust principles support the establishment and ongoing improvement of security guarantees while preserving flexibility to adapt to this new world. The majority of zero trust initiatives begin with access control and concentrate on identification as a preferred and primary control while continuing to embrace network security technologies as a crucial component. Although they are still present in a modern access control model, network technology and the security perimeter strategy are not the main and preferred methods in a comprehensive access control strategy.


Deploying Zero Trust solutions

  1. Identity

Identities, representing people, services, or IoT devices, are the common dominator across today’s many networks, endpoints, and applications. In the Zero Trust security model, they function as a powerful, flexible, and granular way to control access to data.

When implementing an end-to-end Zero Trust framework for identity, we recommend you focus first on these initial deployment objectives:

I. Cloud identity federates with on-premises identity systems

II. Conditional Access policies gate access and provide remediation activities

III. Analytics improve visibility

IV. Identities and access privileges are managed with identity governance

V. User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection

VI. Integrate threat signals from other security solutions to improve detection, protection, and response

2. Endpoint Device

The modern enterprise has an incredible diversity of endpoints accessing data. Not all endpoints are managed or even owned by the organization, leading to different device configurations and software patch levels. This creates a massive attack surface and, if left unresolved, accessing work data from untrusted endpoints can easily become the weakest link in your Zero Trust security strategy.

When implementing an end-to-end Zero Trust framework for securing endpoints, we recommend you focus first on these initial deployment objectives:

I. Endpoints are registered with cloud identity providers. In order to monitor security and risk across multiple endpoints used by any one person, you need visibility in all devices and access points that may be accessing your resources.

II. Access is only granted to cloud-managed and compliant endpoints and apps. Set compliance rules to ensure that devices meet minimum security requirements before access is granted. Also, set remediation rules for noncompliant devices so that people know how to resolve the issue.

III. Data loss prevention (DLP) policies are enforced for corporate devices and BYOD. Control what the user can do with the data after they have access. For instance, restrict file saving to untrusted locations (such as local disk), or restrict copy-and-paste sharing with a consumer communication app or chat app to protect data.

V. Endpoint threat detection is used to monitor device risk. Use a single pane of glass to manage all endpoints in a consistent way, and use a SIEM to route endpoint logs and transactions such that you get fewer, but actionable, alerts.

V. Access control is gated on endpoint risk for both corporate devices and BYOD. Integrate data from Microsoft Defender for Endpoint, or other Mobile Threat Defense (MTD) vendors, as an information source for device compliance policies and device Conditional Access rules. The device risk will then directly influence what resources will be accessible by the user of that device.

3. Applications

To get the full benefit of cloud apps and services, organizations must find the right balance of providing access while maintaining control to protect critical data accessed via applications and APIs.

When implementing a Zero Trust approach to managing and monitoring applications, we recommend you focus first on these initial deployment objectives:

I. Gain visibility into the activities and data in your applications by connecting them via APIs.

II. Discover and control the use of shadow IT.

III. Protect sensitive information and activities automatically by implementing policies.

IV. Deploy adaptive access and session controls for all apps.

V. Strengthen protection against cyber threats and rogue apps.

VI. Assess the security posture of your cloud environments

4. Data

Protecting data is one of the primary responsibilities of security and compliance teams. Data should remain protected while at rest, in use, and when it leaves the endpoints, apps, infrastructure, and networks that are within the control of the organization. To ensure protection and that data access is restricted to authorized users, data should be inventoried, classified, labeled, and, where appropriate, encrypted.

When implementing an end-to-end Zero Trust framework for data, we recommend you focus first on these initial deployment objectives:

I. Access decisions are governed by encryption.

II. Data is automatically classified and labeled.

III. Classification is augmented by smart machine learning models.

IV. Access decisions are governed by a cloud security policy engine.

V. Prevent data leakage through DLP policies based on a sensitivity label and content inspection.

5. Infrastructure

Infrastructure represents a critical threat vector. IT Infrastructure, whether on-premises or multi-cloud, is defined as all the hardware (physical, virtual, containerized), software (open source, first- and third-party, PaaS, SaaS), micro-services (functions, APIs), networking infrastructure, facilities, etc. that are required to develop, test, deliver, monitor, control, or support IT services. It is an area where Microsoft has invested tremendous resources to develop a comprehensive set of capabilities to secure your future cloud and on-premises infrastructure.

When implementing an end-to-end Zero Trust framework for managing and monitoring your infrastructure, we recommend you focus first on these initial deployment objectives:

I. Workloads are monitored and alerted to abnormal behavior.

II. Every workload is assigned an app identity — and configured and deployed consistently.

III. Human access to resources requires Just-In-Time.

IV. Unauthorized deployments are blocked, and alert is triggered.

V. Granular visibility and access control are available across workloads.

VI. User and resource access segmented for each workload.

6. Networks

Big data presents new opportunities to derive new insights and gain a competitive edge. We are moving away from an era where networks were clearly defined and usually specific to a certain location. The cloud, mobile devices, and other endpoints expand the boundaries and change the paradigm. Now there isn’t necessarily a contained/defined network to secure. Instead, there is a vast portfolio of devices and networks, all linked by the cloud.

Instead of believing everything behind the corporate firewall is safe, an end-to-end Zero Trust strategy assumes breaches are inevitable. That means you must verify each request as if it originates from an uncontrolled network — identity management plays a crucial role in this.

When implementing an end-to-end Zero Trust framework for securing networks, we recommend you focus first on these initial deployment objectives:

I. Network segmentation: Many ingress/egress cloud micro-perimeters with some micro-segmentation.

II. Threat protection: Cloud native filtering and protection for known threats.

III. Encryption: User-to-app internal traffic is encrypted.

IV. Network segmentation: Fully distributed ingress/egress cloud micro-perimeters and deeper micro-segmentation.

V. Threat protection: Machine learning-based threat protection and filtering with context-based signals.

VI. Encryption: All traffic is encrypted.


In the next article, we gonna be talking about Rapid Modernization Plan (RaMP). Stay tuned!!!

Please give a clap if you found it to be useful and follow me to get more knowledge.

References:

  1. https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-overview