In the era of the Internet of Everything, if modern enterprises rely only on local security protection systems and deploy security strategies from physical boundaries, it is difficult to foresee internal security risks. Faced with multiple terminal security vulnerabilities, network attackers will use methods such as stealing identity credentials to continuously threaten the corporate security system. Today, corporate security often faces the following pain points:
- How corporate decision-makers can balance safety protection and stable services;
- How to reduce costs and increase efficiency in the field of security protection;
- In the cloud era, how to protect the IT equipment and employee information of cloud-based companies;
- IT department has heavy repetitive work, how to automate operation and maintenance.
Aggressive zero trust
When the traditional border-centric security protection system encounters bottlenecks, concepts such as zero trust and cloud-native security have emerged, providing guidance for enterprises to build a new generation of security systems. At the Trusted Cloud Conference in 2021, "Zero Trust" will be included in the "2021 Cloud Computing Top Ten Keywords" officially released by the Institute of Cloud Computing and Big Data, China Academy of Information and Communications Technology. In short, Zero-Trust is a concept rather than a specific technology. This kind of security concept no longer distinguishes between internal and external networks, but needs to build a trusted access security system based on identity dynamics in untrusted networks.
At present, zero trust and cloud-native security are in a state of continuous integration. In the research and development stage, more and more companies are beginning to design application systems based on the principle of zero trust, cloud services or applications on the cloud to achieve native zero trust, thereby greatly improving security capabilities; in the operation phase, zero trust as a cloud security product continues to change. Biochemical, Zero Trust evolves from privatized deployment to SaaS services, which can respond to massive access requests. At the same time, micro-isolation, as a key technology of zero trust, controls east-west traffic in the cloud to make up for the shortcomings of traditional security protection mechanisms in the cloud environment.
On the whole, building an enterprise security system has never been a monologue, and it cannot be done by a dedicated team. This requires the collaboration of business/technical leadership, architects and technical managers, and implementation teams. Take Microsoft as an example, it is manifested in the following three aspects:
- When Microsoft built the zero trust model, the top-down process in turn was to ensure digital transformation, business and security integration, formulate security policy procedures, deploy architecture and strategies, and plan and implement at the technical level;
- Zero-trust architecture components under the Microsoft system: security operation center, cloud service protection, device management, hybrid cloud architecture security, IoT and OT security architecture, information protection, identity management, and personnel security;
- The four phases of Microsoft's zero-trust model are: identity verification, device verification, access verification, and service verification.
Microsoft's hard power
In response to the ever-changing cyber security risks, Microsoft has long focused on the development and reform of the zero-trust field, and has conducted in-depth exploration and practice. The upcoming Microsoft IT Live Room will share the best practices based on Microsoft IT management and Microsoft enterprise security experience. Overall, Microsoft has the following advantages in the security field:
- Based on the Cyber Security Reference Architecture (MCRA), Microsoft uses various security services, security products, and the Microsoft Smart Cloud Matrix platform to ensure secure access to more than 150 countries, more than 300,000 employees, and 640,000 devices at all times; Microsoft Safely migrate 90%+ business applications to the cloud, transfer the complete local experience from the Microsoft cloud to any personal device, carry out efficient office and team collaboration anytime and anywhere, make IT deployment more flexible and conduct business more convenient.
- Microsoft has now implemented the zero-trust security model within the company, allowing the zero-trust security strategy to permeate the organization's structure, technology selection, operating procedures, and the organization's overall culture and the way of thinking of employees. In the process of continuous zero-trust practice, Microsoft based on the concept of "never trust, always verify", and put forward its own zero-trust principle: explicit verification, granting least privileged access, and assuming violations.
- In order to ensure the unity between the short-term security needs of the enterprise and the long-term security strategy, Microsoft has put forward the zero-trust maturity model in order to promote the "zero-trust" system engineering practice in an orderly manner, which is divided into traditional, mid-term, and ideal three stages, and Developed a zero-trust assessment tool to help customers determine the stage in the zero-trust implementation process, and provided the next implementation plan and deployment guidelines for the key nodes of zero-trust. During the implementation and deployment process, Microsoft recommends that enterprises proceed with the improvement of the six elements of identity, equipment, applications, data, infrastructure and networks, so as to continue to strengthen the security protection system of the enterprise.
- Based on its own digital transformation experience, Microsoft provides Azure migration support from theory to practice, and puts forward an overall practical plan from three aspects: manpower, planning and process, and technology. At the organizational human level, it is advisable to promote cultural change from top to bottom, establish a complete migration center, ensure stakeholder participation and provide learning pathways and certification; in the planning and process, set up a planning migration strategy, and start to track migration and optimize the cloud. Support; in terms of technical layout, expand network identification to Azure to establish a strong security foundation, and provide continuously evolving workload management methods and migration tools.
To learn more about Zero Trust and Microsoft IT preferred practices, scan the code immediately to lock the live broadcast.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。