Zero Trust teaches us to “never trust, always verify”
For those of you readers who follow me on LinkedIn know that I have a passion for cloud technology. In the recent years I have made it my mission to lead most infrastructure conversations that I have with clients by putting the focus on security.
From experience, many clients unfortunately focus too much on the central infrastructure components of the solution but either ignore completely or de-prioritise security when designing a solution. Here is where risual and the role we as Enterprise Architects have, can add real value to organisations.
Last month, the largest Security event in the UK took place at London ExCeL. To underline the importance of security, risual was invited to present at the Microsoft stand on not one but 2 security topics.
I had the pleasure on presenting in front of a large audience about two subjects. The first was Microsoft’s Zero Trust Architecture. The second was the strategic re-alignment of many Microsoft services and product features around Data Governance, Risk and Compliance under the Purview brand.
In this month’s blog, I want to give an overview on Microsoft’s Zero Trust Architecture. In my next post, I’ll write about ‘The New Microsoft Purview’.
What is Zero Trust
The Zero Trust approach takes a very defensive and critical view when assessing security risk. Although your environment might have a certain level of protection, consider every request as a potential breach, so that each request will require verification. Zero Trust teaches us to “never trust, always verify”. Every access request is fully authenticated, authorised, and encrypted before granting access.
There are some principles and best practices that should be a applied when adopting Zero Trust:
- Micro-segmentation of your environment and service components.
- Least privileged access principles are applied to minimise lateral movement.
- Rich intelligence and analytics are used to detect and respond to anomalies in real time.
Microsoft’s Zero Trust Architecture
The Microsoft Zero Trust Architecture is best described, when exploring this diagram from the inside out.
In the centre you find the representation of the client infrastructure in a hybrid design, comprising of on-premises datacentre, Azure footprint and third-party cloud components as well as intranet and extranet. Flanked on the right is the Azure Security stack with services such as Azure Firewall, Key Vault and DDoS Protection.
The main protection layer for this hybrid infrastructure is Microsoft’s Defender for Cloud which makes use of Secure Score and the Compliance Dashboard to surface key information.
To the left of the hybrid infrastructure you find the vertical that represents endpoints and devices, managed through Microsoft Endpoint Manager and with its own Security suite: Microsoft Defender for Endpoint.
Further to the right you find 2 more pillars. The first of these is Information Protection, which is now represented by Purview and its group of products which I will describe in next month’s blog. The last pillar is Identity and Access which again has it’s own Security suite, called Microsoft Defender for Identity.
Spanning from left to right is Conditional Access, which is Microsoft’s powerful engine that can process signals from devices, data, apps, identity and the cloud to assess if a transaction is legitimate or not and whether or not a transaction is permitted or not, depending on conditions. For example, a multi-factor response needs to be triggered or even the access is denied straight away.
All of the Microsoft Defender signals and data can funnel into Microsoft’s Security Information and Event Management (SIEM)/Security orchestration, automation, and response (SOAR) product, Microsoft Sentinel, which allows for detailed threat hunting or real-time mitigation.
Why an all-up Microsoft Security architecture
Over many years now, Microsoft has evolved as a security vendor. Gartner recognises Microsoft as a leader in four of their Magic Quadrant reports:
- Gartner Magic Quadrant for Access Management
Microsoft named a Leader in the 2021 Magic Quadrant for Access Management 2
- Magic Quadrant for Unified Endpoint Management tools
Microsoft named a Leader in the 2021 Magic Quadrant for Unified Endpoint Management Tools. 3
- Magic Quadrant for Enterprise Information Archiving
Microsoft named a Leader in the 2022 Magic Quadrant for Information Archiving. 4
- Magic Quadrant for Endpoint Protection Platforms
Microsoft named a Leader in the 2021 Magic Quadrant for Endpoint Protection Platforms. 5
In addition to Microsoft’s capabilities of each of the products, it should be considered, Microsoft has a unique ability to integrate their entire product stack by design. This means that the attack surface is significantly reduced. Compare this to an infrastructure estate where a wide range of different security products are brought together. The majority are not designed to work together and so each time data traverses from one product to the next, this is naturally a boundary and an attack surface where vulnerabilities can occur.
Conversely, when using a collection of third-party security products, they are rarely perfectly aligned, so you end up with an overlap of features where protection occurs. This can sometimes cause these to compete. In other cases, misalignment between different products might leave gaps which are exposed as vulnerabilities.
risual has many years’ experience in designing Zero Trust architectures and as part of our Managed Service, we operate our own Security Operations Centre (SOC) for our clients.
If you want to hear more about Zero Trust security architecture, contact us at firstname.lastname@example.org to learn more about how risual can help you.
- Microsoft Cybersecurity Reference Architectures – Security documentation | Microsoft Docs
- Gartner Magic Quadrant for Access Management, Michael Kelley | Abhyuday Data | Henrique Teixeira, 17 November 2021.
- Gartner Magic Quadrant for Unified Endpoint Management Tools, Dan Wilson | Chris Silva | Tom Cipolla
- Gartner Magic Quadrant for Enterprise Information Archiving, Michael | Jeff Vogel, 24 January 2022.
- Gartner Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook | Dionisio Zumerle | Prateek Bhajanka | Lawrence Pingree | Paul Webber, 05 May 2021.