Zero Trust Initiatives

CISA (2021)

The Seven Tenets of Zero Trust

All data sources and computing services are considered resources.
All communication is secured regardless of network location.
Access to individual enterprise resources is granted on a per-session basis.
Access to resources is determined by dynamic policy-including the observable state of client identity, application/service, and the requesting asset-and may include other behavioral and environmental attributes.
The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.

The links below are a great start to exploring zero trust on your own:

Zero trust closes the end-user gap in cybersecurity

An Overview of Zero Trust: What Is It?

NIST Special Publication (SP) 800-207, Zero Trust Architecture

What is Zero Trust Security? Principles of the Zero Trust Model

Zero Trust

Garner predicts that about 60% of corporations will phase out VPNs in favor of Zero Trust Architectures by 2023. Zero Trust Architectures (ZTA), Zero Trust Network Architectures (ZTNA), Software Defined Networks (SDN), Secure Access Service Edge (SASE), and Software Defined Wide Area Network (SD-WAN) are all acronyms you are going to continue to hear in the industry. Implicit vs explicit trust in any given network is a core concept of security. Implicit trust means that, once authenticated, users are able to move freely around a network laterally. The ability to copy, download, or even delete data does not require the ability to re-authenticate. This assumption that everything within a network is safe, is outdated. Explicit trust allows users to access explicitly defined data. Explicit trust should be grated/revoked at every stage, therefore eliminating implicit trust. A good way to think of zero trust concepts is: 'eliminating implicit trust'. Here's a great example of implicit vs explicit trust from Forcepoint:

Microsoft Zero Trust Corner

Zero Trust Model - Modern Security Architecture | Microsoft SecurityA Zero Trust model provides security against ransomware and cybersecurity threats by assigning the least required access needed to perform specific tasks.

Zero Trust Guidance CenterLearn what the Zero Trust security model is and how to implement deployment steps to apply the security architecture in your organization.

Microsoft Cybersecurity Reference Architectures - Security documentationDetailed technical reference architectures for multi-cloud cybersecurity including Microsoft and 3rd party platforms

Implementing a Zero Trust security model at MicrosoftLearn how Microsoft is implementing a Zero Trust security model to ensure a healthy and protected environment by using the internet as the default network with strong identity, device health enforcement, and least privilege access.

Transitioning to modern access architecture with Zero TrustThe shift to a more mobile, cloud-connected workforce introduced new and continuously evolving security threats. All these factors have contributed to Zero Trust as the new standard in access architecture. In this content suite, Microsoft Digital shares their strategic approach and lessons learned from our enterprise-wide transition to Zero Trust architecture.

What is Microsoft Sentinel?Learn about Microsoft Sentinel, a scalable, cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.

Two of the coolest concepts in Zero Trust today are the Cloud Access Security Broker and the Secure Access Service Edge.

Page updated

Google Sites

Report abuse