Overview
Your organization needs a security model that adapts to the complexities of the modern business environment, supports a mobile workforce and protects employees, devices, apps and data, regardless of location.
Zero Trust Security
Microsoft’s Zero Trust Security model is designed to support these modern security needs focusing on three key components:
- Mobile Access: Empower end users to work more securely anywhere, anytime, on any device.
- Cloud Migration: Enable digital transformation with intelligent security for today’s complex environment.
- Risk Mitigation: Close security gaps and minimize risk of lateral movement.
Zero Trust Security Defined
The Zero Trust Security model assumes breach and verifies each and every request as though it originates from an open network as opposed to assuming that everything behind the corporate firewall is safe. This means that regardless of where a request originates from or what resource it attempts to access, Zero Trust approaches everything from a "never trust, always verify" standpoint.
Zero Trust Security Principles
- Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
- Use least privileged access: Limit end user access with just-in-time and just-enough-access, risk-based adaptive policies and data protection productivity.
- Assume breach: Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and app awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility and drive threat detection and improve defenses.
Getting Started
Concurrency has the Zero Trust Security expertise to help you secure your enterprise amidst today’s complex business environment. We can help you leverage Zero Trust and segment applications, users and data from each other and provide access only to those that require it, are healthy and authorized.
Zero Trust Security Education Session
Contact us today to schedule a complimentary one-hour Zero Trust Security Education Session. Hosted by a Concurrency Security Expert, this session will help your organization’s security stakeholders understand how Zero Trust can mitigate risk and secure your enterprise.
ADDITIONAL RESOURCES
-
NIST Cyber security Framework (CSF)
The U.S. National Institute of Standards and Testing’s NIST Cyber security Framework (CSF) has come to be recognized as the most mature and accepted standard for cybersecurity management.
Some of the key ideas in the CSF form a cyclical process of analysis and action that must be an ongoing aspect of any organization’s Digital Transformation:
- Identify the potential threats, vulnerabilities, and what’s most likely to occur. Also, identify what you have that’s worth stealing.
- Protect what you’ve identified as vulnerable and important. Prioritize your approach.
- Detect suspect activity. Know when something bad is happening. Use as many automated techniques as possible.
- Respond to malicious activity in ways that eliminate the problem. Build technologies in each functional area to enable effective response.
- Recover by getting systems back to normal and improving processes and protections going forward.
-
Map to Microsoft Technologies
To help organizations make quick and effective progress on applying the CSF to each security layer, Concurrency has created a map that unites the CSF with Microsoft technology.
This map is a practical guide to applying CSF concepts across many areas of Microsoft enterprise solutions, including:
- Service Management Platform
- Operations Management Suite & System Center
- Visual Studio Team Services & Deployment Practices
- Predictive Analytics
- Enterprise Mobility + Security Suite & System Center
- Office 365 & Dynamics 365
- Azure Platform & Best Practices