Abstract image of a woman sitting on books and studying on a laptop

BATbern48_How Zero Trust can help your organisation keep safe.pdf

BATbern, profile picture
BATbern

The document discusses the importance of implementing a Zero Trust security model, emphasizing that 80% of breaches involve compromised credentials and that modern cyber threats often exploit legitimate access rather than breaking in. It outlines the core principles of Zero Trust, including continuous evaluation of access based on identities, data, network, and applications, as well as the importance of aligning implementation strategies with business goals. Furthermore, it provides insights from organizations that have started their Zero Trust journey, highlighting challenges faced and benefits gained through adopting such an architecture.

Software
1 of 20
Downloaded 69 times
1
2
3
4
5
6
7
8
9
10
Most read
11
12
13
Most read
14
Most read
15
16
17
18
19
20
How Zero Trust can help your organization keep safe BATBern 11.11.2022
Agenda Why Zero Trust? Zero Trust Goal, Principles & Benefits Zero Trust Components & Architecture Implementing Zero Trust Experience of different customers
Why Zero Trust? • 80% of breaches involve lost / stolen credentials • More sophisticated and devastating attacks Nowadays cyber criminals do not break in - they log in!
Zero Trust Overview ▪ Zero Trust assumes an open environment where the identity and security posture of each access request must be continuously evaluated and validated; ▪ Access is granted through a Policy Decision Point and Policy Enforcement Point and is minimized to resources which are validated as needing access; ▪ Context is important (→ data points on user behavior, device compliance, location, time of day, target application or service, etc.); ▪ Zero Trust is a framework, culture and philosophy, not a technical solution; ▪ Implementing Zero Trust is a journey, not a destination.
Zero Trust Core Principles Zero Trust Core Principles (opengroup.org)
What Business expects from Zero Trust Projects? Better security, compliance, agility, efficiency, productivity and attractiveness as employer • Business Models and partnerships • Technology trends • Regulatory, geopolitical, cultural forces • Disruptive events • Shift to remote work Employee → supplier → partners
Zero Trust Components The Open Group Zero Trust Initiative and The President’s Executive Order on Improving the Nation’s Cybersecurity – The Open Group Blog Enable flexible business workflows for the digitized world
Zero Trust Pillars Identities Data Network Endpoints Apps Infrastructure Governance Threat Protection
Zero Trust Policy Evaluation Enforcement Threat Protection Continuous Assessment Threat Intelligence Forensics Response Automation Identities Human Non-human Endpoints Corporate Personal Public Private Network Apps SaaS On-premises Data Emails & documents Structured data Strong authentication Device compliance Risk assessment Traffic filtering & segmentation Request enhancement Telemetry/analytics/assessment JIT & Version Control Runtime control Adaptive Access Classify, label, encrypt Policy Optimization Governance Compliance Security Posture Assessment Productivity Optimization Infrastructure Serverless Containers IaaS Paas Internal Sites Zero Trust Architecture
Where do Zero Trust Projects usually Start? ▪ Zero Trust is a journey across all security risk areas to be completed over time ▪ Organizations start the implementation in different places. They need to identify the individual components of each security risk area to prioritize, usually the following ones: Zero Trust components that are usually implemented first
How should Zero Trust Initiatives be Prioritized? • Define criteria to ensure a clear and consistent prioritized approach • Balance security, functionality, and usability • Understand what is the most important for your organization (alignment with business goals) Common prioritization criteria Estimated Security Value (threat modelling, risk appetite of the organization) Implementation effort Available resources (staff, skilling, budget) Number of users affected Required licensing types and costs Estimated productivity value and alignment with business mission End-User impact (low, medium, high) Legacy systems displacement (usually driven by cost reduction)
Microsoft Zero Trust Maturity Model maturity model Organizations who haven’t started their Zero Trust journey Organizations who have begun their Zero Trust journey Organizations have invested a lot of efforts in the implementation of Zero Trust concepts
Zero Trust Maturity Model Capabilities Identities • On-premises identity provider is in use • No SSO is present between cloud and on-premises apps • Visibility into identity risk is very limited • Cloud identity federates with on-premises system • Conditional access policies gate access and provide remediation actions • Analytics improve visibility • Passwordless authentication is enabled • User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection Devices • Devices are domain joined and managed with solutions like Group Policy Object or Config Manager • Devices are required to be on network to access data • Devices are registered with cloud identity provider • Access only granted to cloud managed & compliant devices • DLP policies are enforced for BYO and corporate devices • Endpoint threat detection is used to monitor device risk • Access control is gated on device risk for both corporate and BYO devices Apps • On-premises apps are accessed through physical networks or VPN • Some critical cloud apps are accessible to users • On-premises apps are internet-facing and cloud apps are configured with SSO • Cloud Shadow IT risk is assessed; critical apps are monitored and controlled • All apps are available using least privilege access with continuous verification • Dynamic control is in place for all apps with in- session monitoring and response Infrastructure • Permissions are managed manually across environments • Configuration management of VMs and servers on which workloads are running • Workloads are monitored and alerted for abnormal behavior • Every workload is assigned app identity • Human access to resources requires Just-In-Time • Unauthorized deployments are blocked and alert is triggered • Granular visibility and access control are available across all workloads • User and resource access is segmented for each workload Network • Few network security perimeters and flat open network • Minimal threat protection and static traffic filtering • Internal traffic is not encrypted • Many ingress/egress cloud micro-perimeters with some micro-segmentation • Cloud native filtering and protection for known threats • User to app internal traffic is Encrypted • Fully distributed ingress/egress cloud micro- perimeters and deeper micro-segmentation • ML-based threat protection and filtering with context-based signals • All traffic is encrypted Data • Access is governed by perimeter control, not data sensitivity • Sensitivity labels are applied manually, with inconsistent data Classification • Data is classified and labeled via regex/keyword methods • Access decisions are governed by encryption • Classification is augmented by smart machine learning models • Access decisions are governed by a cloud security policy engine • DLP policies secure sharing with encryption and tracking Traditional Advanced Optimal
Delivering with Objectives and Key Results (OKRs) Three Essential Aspects 1. OKRs make up a framework for defining clear objectives, providing clarity on the intent and direction at all levels in the organization. 2. They are reinforced with measurable key results. Key results are outcomes by which success is measured. 3. They drive an outcome mindset culture, enabling a clear shift from an output mindset to an outcome mindset. EPICs and OKRs must be aligned EPICs can spin up one or more initiatives to implement the OKR Reference: Explore Continuous Planning - Training | Microsoft Learn
Organizational and Team OKRs Technical Solution Delivery Technical Leadership Business Leadership CISO CIO CEO CFO COO Zero Trust Strategy Digital Transformation Zero Trust Implementation CTO Identity and Access Management Team Endpoint Management Team Application Team Data Protection team Infrastructure Team Networking Team
Roadmap Example of a Zero Trust Implementation Identities Devices Apps Infrastructure Network Data Jan Feb Mar Apr May Jun Jul 2022 55% Strong Identity Enforcement 75% Optimize Cloud Based Identity Management 46% Unify management across devices and applications 88% Threat and vulnerability management 39% Behavioral based real-time and endpointprotection, detection and response 61% Restrict user consent to applications 38% Real-time threat protection and detection of anomalies in IaaS and SaaS 25% Segment networks and implement context driven access control 45% Protection of data on-premises 38% Protection of data in the cloud Optimize device identities and health 56% 27% Secure Administrative Access Prevent lateral movement 13% Aug Sep Oct Nov Dec Optimize Single Sign On experiencewhile reducing risk 43% Extend access policy enforcement into session control using MCAS with Conditional Access 61% Discover Shadow IT and protect apps from risks and threats across multi-cloud environments 61% Rapidly find and fix vulnerabilitiesof IaaS and PaaS services 67% Protect users when browsing the Internet through web filtering 41% Protect Organizational Domain Name Services 88% Enhance security and productivity for remote work 72% Discovery and classification of data in the cloud and on-premises 53% Protect communication with any party 60% Monitor,investigate and remediatedata risks 53% Start of Zero Trust engagement(Phase 1) Expected end of Phase 1 Zero Trust engagement Last Update Apr 30
Experience on Implementing Zero Trust @UBS Return of experience from an Enterprise Architect @ UBS Zero Trust is a cloud adoption project. Increasing the flexibility and scalability of their technology infrastructure is critical to UBS’s strategy. Therefore, UBS has defined a cloud-first strategy. This goal is supported by a strategic partnership with Microsoft and the implementation of Zero Trust. Through this transformational initiative, UBS plans to modernize their global technology estate and have more than 50% of its applications, including critical workloads, running on Microsoft Azure. Their Zero Trust architecture based on NIST Zero Trust Architecture and SASE. It has been clear to them for many years that network perimeter no longer exists and that identity is the new perimeter. Conditional access to apps and sensitive data (customer data) is determined by PDP/PEP. Due to regulatory requirements, they had to centralize Identity & Access Management 20 years ago already. In the meantime, they have implemented internet-based identity with Azure AD. In 2021, their CTO ordered a review on their Zero Trust architecture. They wanted to define where they were on their ZT journey. Different initiatives (like network modernization) have been initiated. The review was made independently from any technology. Zero Trust implementation is a journey and a continuous process. They constantly need to adapt to technology changes, new risks and organizational needs. Challenges: - Costs for the consolidation were underestimated - Standardization regarding modern authentication with conditional access was a “cultural” shift - Adoption of business users (MFA and AAD is more intrusive for them) - Ensure implementation of ZT principles throughout the whole organization (minimal Enterprise requirements defined, but not checked if ZT applied) Zero Trust remains to 95% an IT project and topic (technology, network, Hosting Services, agile transformation).
Drivers & Benefits of Implementing Zero Trust Our survey on Zero Trust adoption shows that: Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
Challenges & Blockers while Implementing Zero Trust Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
© Copyright Microsoft Corporation. All rights reserved. Thank you for your attention. Questions?

More Related Content

PDF
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern
 
PDF
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
PPTX
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PPTX
MS. Cybersecurity Reference Architecture
angelohammond
 
PPTX
Solar winds supply chain breach - Insights from the trenches
Infosec
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PPTX
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
BATbern48_Zero Trust Architektur des ISC-EJPD.pdf
BATbern
 
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
MS. Cybersecurity Reference Architecture
angelohammond
 
Solar winds supply chain breach - Insights from the trenches
Infosec
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 

What's hot (20)

PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
PDF
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
PDF
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Enterprise Management Associates
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
PDF
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
PPTX
Secure SDLC Framework
Rishi Kant
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
PDF
Introduction to MITRE ATT&CK
Arpan Raval
 
PDF
MITRE ATT&CK Framework
n|u - The Open Security Community
 
PPTX
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
PPTX
Security operation center (SOC)
Ahmed Ayman
 
PPTX
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
PPTX
Understanding Zero Trust Security for IBM i
Precisely
 
PDF
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Enterprise Management Associates
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
Secure SDLC Framework
Rishi Kant
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Introduction to MITRE ATT&CK
Arpan Raval
 
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
Threat Intelligence
Deepak Kumar (D3)
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Security operation center (SOC)
Ahmed Ayman
 
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
Understanding Zero Trust Security for IBM i
Precisely
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
Ad

Similar to BATbern48_How Zero Trust can help your organisation keep safe.pdf (20)

PDF
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
PPTX
Zero Trust 20211105
Thomas Treml
 
PPTX
Zero trust model for cloud computing.pptx
kkhhusshi
 
PDF
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
jvinay0898
 
PPTX
Zero Trust and Data Security
Career Communications Group
 
PPTX
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
PPTX
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Understanding Zero Trust Network Security_ A Comprehensive Guide.pdf
shitolesonam7
 
PDF
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
PPTX
The Importance of Zero Trust Security in Modern.pptx
issahakukuwerej
 
PDF
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
Cristian Garcia G.
 
PDF
Fortinet ZTNA - Um contexto de sua Implementação
mjssbahia
 
PDF
Zero Trust Networks Evan Gilman Doug Barth
xovaniparpov15
 
PDF
Zero Trust Networks Evan Gilman Doug Barth
buracakerina41
 
PPTX
Zero Trust in the Age of AI by Deblohit Bose.pptx
null - The Open Security Community
 
PPTX
Microsoft Zero Trust Adoption Resources PPTX
philtraversa
 
PDF
BeyondCorp - Google Security for Everyone Else
Ivan Dwyer
 
PPTX
Architecting trust in the digital landscape, or lack thereof
Jonathan Sinclair
 
PDF
Zero Trust Network Security- A New Era of Cyber Defense.pdf
jvinay0898
 
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
Zero Trust 20211105
Thomas Treml
 
Zero trust model for cloud computing.pptx
kkhhusshi
 
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
jvinay0898
 
Zero Trust and Data Security
Career Communications Group
 
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Understanding Zero Trust Network Security_ A Comprehensive Guide.pdf
shitolesonam7
 
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
The Importance of Zero Trust Security in Modern.pptx
issahakukuwerej
 
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
Cristian Garcia G.
 
Fortinet ZTNA - Um contexto de sua Implementação
mjssbahia
 
Zero Trust Networks Evan Gilman Doug Barth
xovaniparpov15
 
Zero Trust Networks Evan Gilman Doug Barth
buracakerina41
 
Zero Trust in the Age of AI by Deblohit Bose.pptx
null - The Open Security Community
 
Microsoft Zero Trust Adoption Resources PPTX
philtraversa
 
BeyondCorp - Google Security for Everyone Else
Ivan Dwyer
 
Architecting trust in the digital landscape, or lack thereof
Jonathan Sinclair
 
Zero Trust Network Security- A New Era of Cyber Defense.pdf
jvinay0898
 
Ad

More from BATbern (20)

PDF
BATbern56 TrainVision – ein ehrlicher Erfahrungsbericht vom Prototyp bis zur ...
BATbern
 
PDF
BATbern56 RAG in Produktion bei der Mobiliar
BATbern
 
PDF
BATbern56 Vom Experiment zur Wirkung – Die KI-Initiative im ISC-EJPD
BATbern
 
PDF
BATbern56 Die Architektur der intelligenten Zukunft: Vom Code zum kooperative...
BATbern
 
PDF
BATbern56 GenAI beim Bund: Wie das BAFU komplexe Anfragen meistert!
BATbern
 
PDF
BATbern56 ariolilaw Rechtskonformer Einsatz von GenAI
BATbern
 
PPTX
BATbern55 Bridging the Gap from Telco to Techco with Agile Architecture
BATbern
 
PPTX
BATbern55 How can TWINT be agile in an inert ecosystem?
BATbern
 
PPTX
BATbern55 Agile Architektur und Transformation @Postfinance
BATbern
 
PDF
BATbern54 Build & Run on the same platform, embracing Platform Engineering & ...
BATbern
 
PDF
BATbern54 Plattform-Engineering für digitale Versicherungsprodukte: «Joint Ap...
BATbern
 
PDF
BATbern54 Plattform-Engineering für digitale Versicherungsprodukte: Erfahrung...
BATbern
 
PDF
BATbern53 Post Data persistence in the business-critical and event driven env...
BATbern
 
PPTX
BATbern53 BKW Easy Migration through Clean Architecture
BATbern
 
PDF
BATbern53 ETHZ Rethinking Cluster State Management for Lightweight Function a...
BATbern
 
PDF
BATbern53 SBB Wieso in jeder Zugfahrt der SBB ein Stück MongoDB drinsteckt
BATbern
 
PDF
BATBern53 - EPFL - Blue Brain and related technical challenges
BATbern
 
PDF
BATbern53 Die Mobiliar Bring die Algorithmen zu den Daten – nicht umgekehrt
BATbern
 
PDF
BATbern53 ELCA Analyticsdatenhaltung in der Cloud
BATbern
 
PDF
BATber53 AWS Modernize your applications with purpose-built AWS databases
BATbern
 
BATbern56 TrainVision – ein ehrlicher Erfahrungsbericht vom Prototyp bis zur ...
BATbern
 
BATbern56 RAG in Produktion bei der Mobiliar
BATbern
 
BATbern56 Vom Experiment zur Wirkung – Die KI-Initiative im ISC-EJPD
BATbern
 
BATbern56 Die Architektur der intelligenten Zukunft: Vom Code zum kooperative...
BATbern
 
BATbern56 GenAI beim Bund: Wie das BAFU komplexe Anfragen meistert!
BATbern
 
BATbern56 ariolilaw Rechtskonformer Einsatz von GenAI
BATbern
 
BATbern55 Bridging the Gap from Telco to Techco with Agile Architecture
BATbern
 
BATbern55 How can TWINT be agile in an inert ecosystem?
BATbern
 
BATbern55 Agile Architektur und Transformation @Postfinance
BATbern
 
BATbern54 Build & Run on the same platform, embracing Platform Engineering & ...
BATbern
 
BATbern54 Plattform-Engineering für digitale Versicherungsprodukte: «Joint Ap...
BATbern
 
BATbern54 Plattform-Engineering für digitale Versicherungsprodukte: Erfahrung...
BATbern
 
BATbern53 Post Data persistence in the business-critical and event driven env...
BATbern
 
BATbern53 BKW Easy Migration through Clean Architecture
BATbern
 
BATbern53 ETHZ Rethinking Cluster State Management for Lightweight Function a...
BATbern
 
BATbern53 SBB Wieso in jeder Zugfahrt der SBB ein Stück MongoDB drinsteckt
BATbern
 
BATBern53 - EPFL - Blue Brain and related technical challenges
BATbern
 
BATbern53 Die Mobiliar Bring die Algorithmen zu den Daten – nicht umgekehrt
BATbern
 
BATbern53 ELCA Analyticsdatenhaltung in der Cloud
BATbern
 
BATber53 AWS Modernize your applications with purpose-built AWS databases
BATbern
 

Recently uploaded (20)

PPTX
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
PPTX
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
PPTX
hospital managemt ,san.dckldnklcdnkdnkdnjadnjdjn
khushisoniwer2
 
PPT
3.Software Design for software engineering
anant5150ca6
 
DOCX
Modern SharePoint Intranet Templates That Boost Employee Engagement in 2025.docx
Sharepoint Designs
 
PPTX
Viber For Windows 25.7.1 Crack + Serial Keygen
captanhook047
 
PDF
novaPDF Pro 11.9.482 Crack + License Key [Latest 2025]
viktamscs
 
PDF
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
PPTX
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 
PPTX
Lecture 5 Software Requirement Engineering
Huda Nasir
 
PDF
AI-Powered Fuzz Testing: The Future of QA
Shubham Joshi
 
PPTX
Human-Computer Interaction for Lecture 2
ssuserca7fe9
 
PPTX
Presentation by Samna Perveen And Subhan Afzal.pptx
AbdullahShahbaz13
 
PPTX
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
PDF
What Makes a Great Data Visualization Consulting Service.pdf
Dreamer Technoland
 
PDF
Workplace Software and Skills - OpenStax
tranviettoan19672001
 
PDF
Internet Download Manager IDM Crack powerful download accelerator New Version...
imang66g
 
PDF
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
PDF
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
PDF
Website Design & Development_ Professional Web Design Services.pdf
narayanaduggempudi88
 
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
hospital managemt ,san.dckldnklcdnkdnkdnjadnjdjn
khushisoniwer2
 
3.Software Design for software engineering
anant5150ca6
 
Modern SharePoint Intranet Templates That Boost Employee Engagement in 2025.docx
Sharepoint Designs
 
Viber For Windows 25.7.1 Crack + Serial Keygen
captanhook047
 
novaPDF Pro 11.9.482 Crack + License Key [Latest 2025]
viktamscs
 
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 
Lecture 5 Software Requirement Engineering
Huda Nasir
 
AI-Powered Fuzz Testing: The Future of QA
Shubham Joshi
 
Human-Computer Interaction for Lecture 2
ssuserca7fe9
 
Presentation by Samna Perveen And Subhan Afzal.pptx
AbdullahShahbaz13
 
Download Adobe Photoshop Crack 2025 Free
kokilasc86
 
What Makes a Great Data Visualization Consulting Service.pdf
Dreamer Technoland
 
Workplace Software and Skills - OpenStax
tranviettoan19672001
 
Internet Download Manager IDM Crack powerful download accelerator New Version...
imang66g
 
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
Website Design & Development_ Professional Web Design Services.pdf
narayanaduggempudi88
 

BATbern48_How Zero Trust can help your organisation keep safe.pdf

  • 1. How Zero Trust can help your organization keep safe BATBern 11.11.2022
  • 2. Agenda Why Zero Trust? Zero Trust Goal, Principles & Benefits Zero Trust Components & Architecture Implementing Zero Trust Experience of different customers
  • 3. Why Zero Trust? • 80% of breaches involve lost / stolen credentials • More sophisticated and devastating attacks Nowadays cyber criminals do not break in - they log in!
  • 4. Zero Trust Overview ▪ Zero Trust assumes an open environment where the identity and security posture of each access request must be continuously evaluated and validated; ▪ Access is granted through a Policy Decision Point and Policy Enforcement Point and is minimized to resources which are validated as needing access; ▪ Context is important (→ data points on user behavior, device compliance, location, time of day, target application or service, etc.); ▪ Zero Trust is a framework, culture and philosophy, not a technical solution; ▪ Implementing Zero Trust is a journey, not a destination.
  • 5. Zero Trust Core Principles Zero Trust Core Principles (opengroup.org)
  • 6. What Business expects from Zero Trust Projects? Better security, compliance, agility, efficiency, productivity and attractiveness as employer • Business Models and partnerships • Technology trends • Regulatory, geopolitical, cultural forces • Disruptive events • Shift to remote work Employee → supplier → partners
  • 7. Zero Trust Components The Open Group Zero Trust Initiative and The President’s Executive Order on Improving the Nation’s Cybersecurity – The Open Group Blog Enable flexible business workflows for the digitized world
  • 8. Zero Trust Pillars Identities Data Network Endpoints Apps Infrastructure Governance Threat Protection
  • 9. Zero Trust Policy Evaluation Enforcement Threat Protection Continuous Assessment Threat Intelligence Forensics Response Automation Identities Human Non-human Endpoints Corporate Personal Public Private Network Apps SaaS On-premises Data Emails & documents Structured data Strong authentication Device compliance Risk assessment Traffic filtering & segmentation Request enhancement Telemetry/analytics/assessment JIT & Version Control Runtime control Adaptive Access Classify, label, encrypt Policy Optimization Governance Compliance Security Posture Assessment Productivity Optimization Infrastructure Serverless Containers IaaS Paas Internal Sites Zero Trust Architecture
  • 10. Where do Zero Trust Projects usually Start? ▪ Zero Trust is a journey across all security risk areas to be completed over time ▪ Organizations start the implementation in different places. They need to identify the individual components of each security risk area to prioritize, usually the following ones: Zero Trust components that are usually implemented first
  • 11. How should Zero Trust Initiatives be Prioritized? • Define criteria to ensure a clear and consistent prioritized approach • Balance security, functionality, and usability • Understand what is the most important for your organization (alignment with business goals) Common prioritization criteria Estimated Security Value (threat modelling, risk appetite of the organization) Implementation effort Available resources (staff, skilling, budget) Number of users affected Required licensing types and costs Estimated productivity value and alignment with business mission End-User impact (low, medium, high) Legacy systems displacement (usually driven by cost reduction)
  • 12. Microsoft Zero Trust Maturity Model maturity model Organizations who haven’t started their Zero Trust journey Organizations who have begun their Zero Trust journey Organizations have invested a lot of efforts in the implementation of Zero Trust concepts
  • 13. Zero Trust Maturity Model Capabilities Identities • On-premises identity provider is in use • No SSO is present between cloud and on-premises apps • Visibility into identity risk is very limited • Cloud identity federates with on-premises system • Conditional access policies gate access and provide remediation actions • Analytics improve visibility • Passwordless authentication is enabled • User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection Devices • Devices are domain joined and managed with solutions like Group Policy Object or Config Manager • Devices are required to be on network to access data • Devices are registered with cloud identity provider • Access only granted to cloud managed & compliant devices • DLP policies are enforced for BYO and corporate devices • Endpoint threat detection is used to monitor device risk • Access control is gated on device risk for both corporate and BYO devices Apps • On-premises apps are accessed through physical networks or VPN • Some critical cloud apps are accessible to users • On-premises apps are internet-facing and cloud apps are configured with SSO • Cloud Shadow IT risk is assessed; critical apps are monitored and controlled • All apps are available using least privilege access with continuous verification • Dynamic control is in place for all apps with in- session monitoring and response Infrastructure • Permissions are managed manually across environments • Configuration management of VMs and servers on which workloads are running • Workloads are monitored and alerted for abnormal behavior • Every workload is assigned app identity • Human access to resources requires Just-In-Time • Unauthorized deployments are blocked and alert is triggered • Granular visibility and access control are available across all workloads • User and resource access is segmented for each workload Network • Few network security perimeters and flat open network • Minimal threat protection and static traffic filtering • Internal traffic is not encrypted • Many ingress/egress cloud micro-perimeters with some micro-segmentation • Cloud native filtering and protection for known threats • User to app internal traffic is Encrypted • Fully distributed ingress/egress cloud micro- perimeters and deeper micro-segmentation • ML-based threat protection and filtering with context-based signals • All traffic is encrypted Data • Access is governed by perimeter control, not data sensitivity • Sensitivity labels are applied manually, with inconsistent data Classification • Data is classified and labeled via regex/keyword methods • Access decisions are governed by encryption • Classification is augmented by smart machine learning models • Access decisions are governed by a cloud security policy engine • DLP policies secure sharing with encryption and tracking Traditional Advanced Optimal
  • 14. Delivering with Objectives and Key Results (OKRs) Three Essential Aspects 1. OKRs make up a framework for defining clear objectives, providing clarity on the intent and direction at all levels in the organization. 2. They are reinforced with measurable key results. Key results are outcomes by which success is measured. 3. They drive an outcome mindset culture, enabling a clear shift from an output mindset to an outcome mindset. EPICs and OKRs must be aligned EPICs can spin up one or more initiatives to implement the OKR Reference: Explore Continuous Planning - Training | Microsoft Learn
  • 15. Organizational and Team OKRs Technical Solution Delivery Technical Leadership Business Leadership CISO CIO CEO CFO COO Zero Trust Strategy Digital Transformation Zero Trust Implementation CTO Identity and Access Management Team Endpoint Management Team Application Team Data Protection team Infrastructure Team Networking Team
  • 16. Roadmap Example of a Zero Trust Implementation Identities Devices Apps Infrastructure Network Data Jan Feb Mar Apr May Jun Jul 2022 55% Strong Identity Enforcement 75% Optimize Cloud Based Identity Management 46% Unify management across devices and applications 88% Threat and vulnerability management 39% Behavioral based real-time and endpointprotection, detection and response 61% Restrict user consent to applications 38% Real-time threat protection and detection of anomalies in IaaS and SaaS 25% Segment networks and implement context driven access control 45% Protection of data on-premises 38% Protection of data in the cloud Optimize device identities and health 56% 27% Secure Administrative Access Prevent lateral movement 13% Aug Sep Oct Nov Dec Optimize Single Sign On experiencewhile reducing risk 43% Extend access policy enforcement into session control using MCAS with Conditional Access 61% Discover Shadow IT and protect apps from risks and threats across multi-cloud environments 61% Rapidly find and fix vulnerabilitiesof IaaS and PaaS services 67% Protect users when browsing the Internet through web filtering 41% Protect Organizational Domain Name Services 88% Enhance security and productivity for remote work 72% Discovery and classification of data in the cloud and on-premises 53% Protect communication with any party 60% Monitor,investigate and remediatedata risks 53% Start of Zero Trust engagement(Phase 1) Expected end of Phase 1 Zero Trust engagement Last Update Apr 30
  • 17. Experience on Implementing Zero Trust @UBS Return of experience from an Enterprise Architect @ UBS Zero Trust is a cloud adoption project. Increasing the flexibility and scalability of their technology infrastructure is critical to UBS’s strategy. Therefore, UBS has defined a cloud-first strategy. This goal is supported by a strategic partnership with Microsoft and the implementation of Zero Trust. Through this transformational initiative, UBS plans to modernize their global technology estate and have more than 50% of its applications, including critical workloads, running on Microsoft Azure. Their Zero Trust architecture based on NIST Zero Trust Architecture and SASE. It has been clear to them for many years that network perimeter no longer exists and that identity is the new perimeter. Conditional access to apps and sensitive data (customer data) is determined by PDP/PEP. Due to regulatory requirements, they had to centralize Identity & Access Management 20 years ago already. In the meantime, they have implemented internet-based identity with Azure AD. In 2021, their CTO ordered a review on their Zero Trust architecture. They wanted to define where they were on their ZT journey. Different initiatives (like network modernization) have been initiated. The review was made independently from any technology. Zero Trust implementation is a journey and a continuous process. They constantly need to adapt to technology changes, new risks and organizational needs. Challenges: - Costs for the consolidation were underestimated - Standardization regarding modern authentication with conditional access was a “cultural” shift - Adoption of business users (MFA and AAD is more intrusive for them) - Ensure implementation of ZT principles throughout the whole organization (minimal Enterprise requirements defined, but not checked if ZT applied) Zero Trust remains to 95% an IT project and topic (technology, network, Hosting Services, agile transformation).
  • 18. Drivers & Benefits of Implementing Zero Trust Our survey on Zero Trust adoption shows that: Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
  • 19. Challenges & Blockers while Implementing Zero Trust Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
  • 20. © Copyright Microsoft Corporation. All rights reserved. Thank you for your attention. Questions?