The increasing prevalence of cloud-based services, mobile computing, internet of things (IoT), and bring
your own device (BYOD) in the workforce have changed the technology landscape for the modern
enterprise. Security architectures that rely on network firewalls and virtual private networks (VPNs) to
isolate and restrict access to corporate technology resources and services are no longer sufficient for a
workforce that regularly requires access to applications and resources that exist beyond traditional
corporate network boundaries. The shift to the internet as the network of choice and the continuously
evolving threats led Microsoft to adopt a Zero Trust security model. The journey began a few years ago
and will continue to evolve for years to come.
The Zero Trust model
Based on the principle of verified trust—in order to trust, you must first verify—Zero Trust eliminates the
inherent trust that is assumed inside the traditional corporate network. Zero Trust architecture reduces risk
across all environments by establishing strong identity verification, validating device compliance prior to
granting access, and ensuring least privilege access to only explicitly authorized resources.
Zero Trust requires that every transaction between systems (user identity, device, network, and
applications) be validated and proven trustworthy before the transaction can occur. In an ideal Zero Trust
environment, the following behaviors are required:
Identities are validated and secure with multifactor authentication everywhere. Using
multifactor authentication eliminates password expirations and eventually will eliminate
passwords. The added use of biometrics ensures strong authentication for user-backed identities.
Devices are managed and validated as healthy. Device health validation is required. All device
types and operating systems must meet a required minimum health state as a condition of access
to any Microsoft resource.
Telemetry is pervasive. Pervasive data and telemetry are used to understand the current security
state, identify gaps in coverage, validate the impact of new controls, and correlate data across all
applications and services in the environment. Robust and standardized auditing, monitoring, and
telemetry capabilities are core requirements across users, devices, applications, services, and
access patterns.
Least privilege access is enforced. Limit access to only the applications, services, and
infrastructure required to perform the job function. Access solutions that provide broad access to
networks without segmentation or are scoped to specific resources, such as broad access VPN,
must be eliminated.
Zero Trust scenarios
We have identified four core scenarios at Microsoft to help achieve Zero Trust. These scenarios satisfy the
requirements for strong identity, enrollment in device management and device-health validation,
alternative access for unmanaged devices, and validation of application health. The core scenarios are
described here:
Scenario 1. Applications and services can validate multifactor authentication and device health.
Scenario 2. Employees can enroll devices into a modern management system that enforces device
health to control access to company resources.
Scenario 3. Microsoft employees and business guests have a secure way to access corporate
resources when using an unmanaged device.
March 19, 2021
Implementing a Zero Trust security model at Microsoft
资源评论
安全方案
- 粉丝: 2181
- 资源: 3894
最新资源
- (源码)基于C语言的系统服务框架.zip
- (源码)基于Spring MVC和MyBatis的选课管理系统.zip
- (源码)基于ArcEngine的GIS数据处理系统.zip
- (源码)基于JavaFX和MySQL的医院挂号管理系统.zip
- (源码)基于IdentityServer4和Finbuckle.MultiTenant的多租户身份认证系统.zip
- (源码)基于Spring Boot和Vue3+ElementPlus的后台管理系统.zip
- (源码)基于C++和Qt框架的dearoot配置管理系统.zip
- (源码)基于 .NET 和 EasyHook 的虚拟文件系统.zip
- (源码)基于Python的金融文档智能分析系统.zip
- (源码)基于Java的医药管理系统.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
