Microsoft’s Zero Trust is not about distrusting your employees it revolves around one basic principle:
NEVER TRUST ALWAYS VERIFY
What is Zero Trust?
Zero Trust is a Microsoft strategy, documented to help businesses deploy and maintain a robust and secure infrastructure. Adopting a Zero Trust strategy will form the baseline achievement make achieving Cyber Essentials a straightforward exercise.
Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located.
Why adopt a Zero Trust Strategy
Microsoft isn’t wrong in recommending a Zero Trust Strategy. The workplace IS very different to 2019. About half of UK employees access work solutions and data using their own device (BYOD) than before the pandemic. This helps to facilitate the new culture of hybrid working which in a survey over 55% of UK employees would insist upon as part of their job description.
This means that ANY device that touches the corporate network (phone, tablet, laptop etc) needs to have secure access.
Microsoft suggest 3 cornerstones for a Zero Trust strategy
- Productivity everywhere
Staff can work anytime, anywhere from any device effectively and securely
- Cloud migration
Whilst Microsoft would advocate a migration to cloud solutions because that’s what they almost exclusively offer now – they have a point. Cloud solutions are as standard, far more secure than on-premises solutions which require additional security measures to keep them safe, like Firewalls.
Think Digital Transformation
Digital transformation is the adoption of digital technology by an organization. Common goals for its implementation are to improve efficiency, value or innovation.
- Risk Mitigation
Close the gaps and cracks that allow malicious attacks on your infrastructure
Zero Trust Strategy and your Business
Here is the Microsoft Zero Trust Business Plan (you’re welcome)
Long story short, working to Zero Trust is not a quick fix but achieving the baseline to serve as a platform to develop your Zero Trust strategy is not as onerous as it sounds.
Tips to start your Zero Trust strategy
Microsoft Licensing
Microsoft Office 365 Standard licensing used with Microsoft Defender for Endpoint, applied with the right policies will get you on the baseline
Microsoft Office 365 Premium licensing used with Microsoft Defender for Endpoint, applied with right policies will get you mid-way
Moving to a wholly Cloud based Accounting or ERP solution immediately provides the opportunity to elevate your security and thus improve your Zero Trust status
Improve your VPN security
Consider your VPN (Virtual Private Network) if you wish to remain on server installed software. VPN technology has moved on and now VPNs should have multi factor authentication.
Whilst this TechRadar article suggests VPN’s are yesterday’s news – that’s not quite true. VPN’s with multi factor authentication such as those offered by Unify will support your Zero Trust strategy – there will just be more to do to get there. MFA VPN’s can also reduce Firewall costs.
Thought for the Day
A Zero Trust Strategy, relevant to your business and its activities does not have to be onerous, it does not have to result in lots of expense. A Zero Trust Strategy will, however, ensure that you are adopting a modern approach to maintaining and developing your IT Hardware Network infrastructure which will protect your data and your productivity and an approach that will continue to develop over time. Contact Qi to discuss a realistic approach to a Zero Trust strategy for your business.