How do I implement a Zero Trust security model for my Microsoft remote workforce?

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

READ MORE HERE

0