Microsoft this week published a blog post about how the IT giant is helping U.S. federal agencies adopt a Zero Trust architecture and comply with President Joe Biden’s executive order on cybersecurity, and the company’s guidelines should be a framework for any organization to strive towards.
The blog comes amid a heightened awareness of cybersecurity thanks to recent nation-state hacking campaigns and massive ransomware attacks, and as Microsoft partners with Zero Trust data management company Rubrik to bring Zero Trust solutions to the market via Microsoft Azure.
Microsoft is working with the National Institute of Standards and Technology (NIST) on the security framework outlined in the executive order, which includes a Zero Trust architecture.
According to a Microsoft blog, there are five scenarios agencies should build towards the executive order, and we think IT professionals at any organization should take a look:
- Cloud-ready authentication apps. These provide stronger multifactor authentication that can be extended to other software-as-a-service (SaaS) apps and custom claims-based applications.
- Web apps with legacy authentication. Organizations using apps that can’t be easily rewritten for modern authentication can use the Azure Active Directory Application Proxy, which builds on the Azure AD foundation to extend Zero Trust to legacy systems.
- Remote server administration. Administrators can secure remote administration by layering it with a strongly authenticated admin account and privileged-access workstation, which reduces the attack surface area and prevents unauthorized server-to-server management by requiring MFA and allow-listed admin devices for server administration via Azure AD Conditional Access.
- Segment cloud administration. This allows organizations to administer Microsoft and non-Microsoft workloads from isolated, dedicated and segmented admin accounts. Auditing controls should be introduced to help keep privilege segmentation in place.
- Network micro-segmentation. By establishing multiple levels of segmentation, organizations can achieve secure control and data planes. This can be done with Azure’s native capabilities by applying a consistent micro-segmentation strategy to protect against threats, implement defense in-depth and achieve policy-enforced continuous monitoring.
Private sector organizations are also urged in the executive order to shore up their cybersecurity, and like Microsoft, we think all organizations should take similar approaches as cyberattacks continue to run rampant across all sectors.
“Microsoft applauds this recognition of the Zero Trust strategy as a cybersecurity best practice, as well as the White House encouragement of the private sector to take “ambitious measures” in the same direction as the EO guidelines,” the company’s blog post said.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!