Microsoft is a big proponent of Zero Trust architecture. For those unaware, this is a security model under which each request to an organizational resource is verified under the assumption that a breach has already happened, via "never trust, always verify" principles. The company has emphasized multiple times how it envisions a passwordless future in Zero Trust environments. Today, it has revealed how it is collaborating with federal agencies to drive the adoption of Zero Trust models under a recent Presidential Executive Order (EO).
The company has explained that EO 14028 - which was issued on May 12, 2021 - requires that it works with federal agencies and undertake significant investments to improve cybersecurity and proactively react to threats. As such, the Redmond tech giant is working with the National Institute of Standards and Technologies' National Cybersecurity Center of Excellence (NIST NCCoE) to drive Zero Trust adoption among organizations.
The goal is to develop and document Zero Trust architectures according to the NIST Special Publication 800-27 (SP 800-27), which will act as a form of guidance as to how organizations should implement these security models using commercially available and interoperable technologies. As such Microsoft is currently working on five scenarios that it believes will aid organizations the most.
One scenario is utilizing cloud-ready authentication apps as part of software as a service (SaaS). For legacy web apps that can't support modern authentication methods, Microsoft is encouraging Azure Active Directory (AD) Application Proxy, which it says is more restrictive than conventional VPN solutions. Other use-cases include the establishment of privileged-access workstations and "strongly authenticated" admin accounts for remote server administration, implementation of the segment cloud administration design pattern, and network microsegmentation via Azure. All of these scenarios also feature multi-factor authentication (MFA), continuous monitoring, and endpoint detection and response (EDR).
Read more at: Neowin