Adopting Zero Trust to secure identity

April 13, 2021
Pouya Koushandehfar
Data Protections

Organisation's perimeters have been redefined as a result of remote working. The traditional edge of the network has changed thanks to rapid digital transformation, resulting from having a mobile workforce that relies on cloud apps.The lines have blurred between work and personal devices, which gives rise to the need for real-time remote access to data and apps outside the company network by employees and external parties.This is why identity is being called "the new perimeter".Placing identity at the heart of the businessThe ability to establish trusted identities is fast becoming central to organisations, becoming the common denominator across networks, endpoints, and applications.This key component works as a powerful and granular element to control and validate access to applications and data in Zero Trust security model. Therefore, protecting and securing identities as the first step towards granting access is a vital consideration for all businesses.At a high level, securing identities is based on the following key principles:

  • Verifying identities using strong authentication to minimise the risk of compromised or stolen credentials (see Best Practise Security Measures for Remote Work).
  • Confirming that the access request is compliant and typical for that identity.
  • Establishing what is the minimum privilege needed for access for all users, including system admins.

To meet above principles, businesses should consider implementing the below as part of an overall identity and access management strategy, taking a staged approach. Doing so will enable organisations to adopt a Zero Trust security model for securing identity successfully.

  • Implement federated cloud identities with on-premises identity systems to ensure proper identity governance on a single identity for each use, improving user experience.
  • Define Conditional Access (CA) policies based on conditions and controls that align with organisation standards and risk appetite.
  • Improve visibility of user identity and access through the power of analytics providing strong operational insights.
  • Manage identities and access privileges with Privileged Identity Management (PIM) allowing control of endpoints, conditions and credentials utilised by end users for privileged operational activities.
  • Analyse user, device, location, and behaviour in real time to evaluate risk of trusted identities and ensure ongoing protection.
  • Integrate the access management and identity tools with other security solutions to assimilate additional threat signals and improve detection, protection, and response capabilities.

[caption id="attachment_1344" align="aligncenter" width="640"]

Conditional access policies[/caption]Best practise approach to Zero Trust identityIdentity is central to a successful Zero Trust strategy. Nowadays, the best detection, protection and defence strategy should involve integrating security solutions for various digital components.Taking a strategic approach, the goal of the system is to integrate threat signals from various solutions to automate the protection and reduce the time of response against raised security incidents. Microsoft Azure AD along with other Microsoft and non-Microsoft security solutions provide a best-practise approach to secure your identity against advanced threats.Byte is a gold security partner working with Microsoft, and can play a key role in helping organisations adopt full integrated security stack solutions under Microsoft 365 and Azure platforms.Talk to us to assess your organisation's security maturity, define the roadmap and work with your team and business to protect your assets and intellectual property against cybersecurity risks.

Follow us

Dive behind the scenes and keep up to date on the latest people centred tech.

Find out how we can support your business

Talk to us today