Digital transformation has shifted the emphasis on IT security from being an IT-issue to being a business imperative, and protection of data (and systems) has become increasingly key to all facets of organisations.
Microsoft recently released an Adoption Framework for Zero Trust security and NBConsult, a South African-based IT services and solutions company with offices in London and Hong Kong and a Microsoft Solution Partner, played a key role in the development of Microsoft’s Zero Trust Adoption Framework.
Zero Trust is a security approach designed to address continually evolving security threats whilst ensuring business agility and improved user experiences.
“Our goal is to help every organization strengthen its security capabilities through a Zero Trust architecture built on our comprehensive solutions that span identity, security, compliance, and device management across all clouds and platforms,” says Satya Nadella, executive chairman and CEO of Microsoft.
“As a Microsoft partner, NBConsult contributed to- and provided material feedback to- this adoption guidance.”
Zero Trust is security for digital business, and organizations are implementing Zero Trust to enable the new normal of working anywhere, with anyone, at any time. Shifting from a traditional security model to Zero Trust represents a significant transformation that requires buy-in, adoption, and change management across the entire organization. Business leaders, technology leaders, security leaders, and security practitioners all play critical parts in creating an agile Zero Trust security approach.
“We are honoured to have assisted Microsoft in the development of their Zero Trust Adoption Framework,” says Nicolas Blank, founder and CEO of NBConsult. “This framework is a significant milestone in security thinking, moving away from security as a standalone discipline, to a risk inclusive business scenario-based approach. As a team, we wrestled with how we deliver Zero Trust thinking in an inclusive manner across the entire organisation, to engage participation from senior leadership to security analyst, and across again to the normal human ultimately affected by a security breach.
“At the core of Zero Trust are three key principles: Verify explicitly; Use least privilege access: and Assume breach. Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to ‘never trust, always verify’.”
This is designed to adapt to the complexities of the modern environment that embraces the mobile workforce, protects people, devices, applications, and data wherever they are located.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy, this is done by implementing Zero Trust controls and technologies.
Alistair Pugin, NBConsult chief technical officer, says: “The Microsoft Zero Trust Adoption Framework includes actionable steps in each scenario to answer the question of “what do I do first” without needing to boil the ocean, at the same time incrementally raising friction against malicious intent and ruining attacker ROI. Alongside this adoption framework, we have developed an implementation protocol which we are rolling out at various organisations.”