{"id":111528,"date":"2022-04-14T11:00:00","date_gmt":"2022-04-14T18:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=111528"},"modified":"2023-08-03T15:08:00","modified_gmt":"2023-08-03T22:08:00","slug":"a-clearer-lens-on-zero-trust-security-strategy-part-1","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/","title":{"rendered":"A clearer lens on Zero Trust security strategy: Part 1"},"content":{"rendered":"\n<p>Today&#8217;s world is flooded with definitions and perspectives on <a href=\"https:\/\/www.microsoft.com\/security\/business\/zero-trust\">Zero Trust<\/a>, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means.<\/p>\n\n\n\n<p>This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"849\" height=\"471\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture1-6250a1c290ee9.png\" alt=\"An open road with text overlay stating \u201cHonor the past, be honest about the present, and hope for the future.\u201d\" class=\"wp-image-111759\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture1-6250a1c290ee9.png 849w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture1-6250a1c290ee9-300x166.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture1-6250a1c290ee9-768x426.png 768w\" sizes=\"(max-width: 849px) 100vw, 849px\" \/><\/figure>\n\n\n\n<p>We start off with some observations and insights on how people are seeing Zero Trust, then highlight some great work at the National Institute of Standards and Technology (NIST) to make Zero Trust real using products available today, and then highlight work being done at The Open Group to standardize Zero Trust (including an origin story of The Jericho Forum from Steve Whitlock).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Perceptions and scope: How people see Zero Trust<\/h2>\n\n\n\n<p>As we talk to customers and partners, it&#8217;s become clear that most people see Zero Trust as either a strategic security transformation or as a specific initiative to modernize access control. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"357\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-1024x357.png\" alt=\"Zero Trust strategy chart highlighting multiple modernization initiatives.\" class=\"wp-image-111780\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-1024x357.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-300x104.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-768x267.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-1536x535.png 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2.png 2002w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>While Zero Trust principles are critical to securing access control to the cloud and digital assets, Zero Trust&#8217;s scope doesn\u2019t stop there. The urgent need to modernize security beyond the classic perimeter approach extends to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Detecting and responding to threats to your assets in the security operations center (SOC).<\/li><li>Protecting data anywhere it goes.<\/li><li>Continuously monitoring and improving IT infrastructure security posture.<\/li><li>Integrating security into application development processes like development operations (DevOps).<\/li><li>Continuously reporting and remediating compliance risks.<\/li><li>Extending these capabilities across IoT and operational technology (OT) assets that are frequently targeted by attackers.<\/li><\/ul>\n\n\n\n<p>The confusion comes because access control is almost always the first priority to solve, whether or not you are planning a major strategic overhaul. As business-critical assets move outside the perimeter to cloud and mobile, the first priority is always to rapidly put in controls to ensure only authorized people can access these business assets. Additional focus is added to this initiative as attackers have learned to reliably get past perimeter access controls with phishing and credential theft attacks.<\/p>\n\n\n\n<p>Access control is urgent but it isn&#8217;t the only security problem to solve across this transforming technical estate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">NIST: Zero Trust capabilities available today<\/h2>\n\n\n\n<p>The National Cybersecurity Center of Excellence (NCCoE) is bringing many vendors into the lab to implement their solutions for Zero Trust to create actionable guidance. This is creating clarity by implementing the actual technical capabilities of today in a highly transparent process.<\/p>\n\n\n\n<p>I also witnessed how this effort is driving consistency in the industry during my participation as a member of the Microsoft team supporting this effort. I watched many vendors share their vision of Zero Trust to the collective project team during the kickoff (which was like a condensed version of the RSA conference show floor). The only thing I saw in common among these presentations was that each vendor used the NIST Zero Trust diagram (often mapping their solutions to it). While this illustrated how challenging it is to get a common view of Zero Trust, it also showcases how valuable NIST\u2019s efforts are at creating much-needed consistency for Zero Trust.<\/p>\n\n\n\n<p>For more information, read our blog <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/17\/microsoft-and-nist-collaborate-on-eo-to-drive-zero-trust-adoption\/\">Microsoft and NIST collaborate on EO to drive Zero Trust adoption<\/a> or visit the <a href=\"https:\/\/www.nccoe.nist.gov\/projects\/implementing-zero-trust-architecture\" target=\"_blank\" rel=\"noreferrer noopener\">NCCoE project page<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Open Group: Standardizing Zero Trust<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.opengroup.org\/what-we-do-technology-standards\">The Open Group<\/a> is well on the path to defining Zero Trust as a global standard, similar to The Open Group Architecture Framework (TOGAF), Open FAIR, and others. This rigorous process is focused on clearly defining the scope of Zero Trust, what it is, what it isn&#8217;t, and how to link Zero Trust (and security) to business goals and priorities. This top-down approach complements the NIST technology-up approach to provide additional clarity for Zero Trust.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Some historical context from the Jericho Forum<sup>\u00ae<\/sup><\/h3>\n\n\n\n<p>The Open Group is no stranger to Zero Trust as they host the (now-retired) <strong><em>Jericho Forum<\/em><\/strong>\u00ae<strong><em> <\/em><\/strong>which is widely recognized as planting the seeds for what became the modern Zero Trust movement. The Open Group\u2019s Zero Trust work builds on this work from almost 20 years ago and focuses on the challenges faced by modern enterprises today.<\/p>\n\n\n\n<p>Before we get into the current work, we thought it would be helpful to do a quick review of the Jericho Forum\u00ae origin story. While the world was different back then in many ways, this effort was born of the truth that perimeter approaches were failing to meet security needs even back then.<\/p>\n\n\n\n<p>Steve Whitlock is one of the original Jericho Forum\u00ae members and graciously shared this origin story:<\/p>\n\n\n\n<p><strong><em>The mid to late 1990s<\/em><\/strong><em>\u2014By all measures, security costs were rising but the solutions weren\u2019t actually solving the problems. A few Chief Information Security Officers (CISOs) of large enterprises based in the United Kingdom met periodically to try and figure out what was going on. While their perspective didn\u2019t fit the accepted norm of &#8220;protect the network,&#8221; these CISOs were not novices. One CISO of a large United Kingdom-based energy company had been among the first professional CISOs in Britain and trained many people who would go on to run information security at other corporations. Another at a European energy company had written an internal document that evolved into the ISO 2700 series of security and risk management standards.<\/em><\/p>\n\n\n\n<p><em>In January of 2004, these four CISOs formed the Jericho Forum<em>\u00ae<\/em> to focus on defining the issue, termed de-perimeterisation, and proposing a way forward. Their efforts quickly attracted other strategic thinkers. In 2005, the first Jericho Forum<em>\u00ae<\/em> conference was held and a visioning white paper was released. This was followed in 2006 by the Jericho Forum<em>\u00ae<\/em> Commandments. This set of strategic principles is designed to enable an organization to survive in a world without traditional perimeters. The Jericho Forum<em>\u00ae<\/em> went on to issue a series of papers on related topics including cloud security, secure collaboration, security protocols, Voice over Internet Protocol (VoIP), wireless, and data security. And a second set of commandments concerning identity, entitlement, and access management was released in 2011.<\/em><\/p>\n\n\n\n<p><em>Later, the Jericho Forum<em>\u00ae<\/em> was fully absorbed into The Open Group, and having laid out its principles for change, formally shut down in 2013. The Jericho Forum<em>\u00ae<\/em> articulated the need for better data protection, including the use of smart data, and one of its founders created a global organization to define the parts of a global digital identity ecosystem. Others from the Jericho Forum<em>\u00ae<\/em><\/em> <em>contributed to a cloud security organization&#8217;s guidance documents.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Zero Trust Commandments and beyond<\/h3>\n\n\n\n<p>The <a href=\"https:\/\/www.opengroup.org\/forum\/security\/zerotrust\" target=\"_blank\" rel=\"noreferrer noopener\">current work of The Open Group<\/a> builds upon those hard-won lessons and updates them today with recent best practices, current trends, and expected future trends:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This started with the <a href=\"https:\/\/pubs.opengroup.org\/security\/zero-trust-principles\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust Core Principles<\/a> that defined Zero Trust, including key drivers and core principles.<\/li><li>This continued into the <a href=\"https:\/\/pubs.opengroup.org\/security\/zero-trust-commandments\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust Commandments<\/a> that updated the original Jericho Forum\u00ae Commandments, defining a non-negotiable list of criteria for Zero Trust.<\/li><li>Work is now underway in The Open Group to build on these commandments and provide a full technical standard for a Zero Trust reference model.<\/li><\/ul>\n\n\n\n<p>The Zero Trust commandments are one of the clearest ways available today to identify if something is Zero Trust or not. If you hear a claim of Zero trust, you can ask:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><em>Does this action support one or more commandments?<br><\/em>If yes, it can be part of Zero Trust.<\/li><li><em>Does this action violate a commandment?<br><\/em>Anything that violates a commandment is not Zero Trust (and is probably counterproductive to business goals, security, or both).<\/li><\/ul>\n\n\n\n<p>We will dive deeper into the Zero Trust Commandments through several upcoming blogs in this series.<\/p>\n\n\n\n<p>In the meantime, we encourage you to read up on the <a href=\"https:\/\/pubs.opengroup.org\/security\/zero-trust-commandments\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust Commandments<\/a> and use them to guide your Zero Trust planning and help filter out what is and isn\u2019t actually Zero Trust.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Embrace proactive security with a Zero Trust framework<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Read the full Forrester Consulting study commissioned by Microsoft, <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWRIEi\" target=\"_blank\" rel=\"noreferrer noopener\">The Total Economic Impact\u2122 of Zero Trust Solutions From Microsoft<\/a>, and learn more about the return on investment (ROI) of implementing a Zero Trust framework with Microsoft.<\/li><li>Read our whitepaper, <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT\" target=\"_blank\" rel=\"noreferrer noopener\">Evolving Zero Trust<\/a>, for key insights, Zero Trust architecture, and a maturity model to help accelerate your adoption.<\/li><\/ul>\n\n\n\n<p>Join other cybersecurity professionals at the <strong>Microsoft Security Summit<\/strong> digital event on May 12, 2022. Get fresh security insights during a live chat Q&amp;A with cyber strategy and threat intelligence experts and discover solutions you can use to lay the foundation for a safer and more innovative future. <a href=\"https:\/\/mssecuritysummit.eventcore.com\/?ocid=AID3046765_QSG_584182\">Register now<\/a>.<\/p>\n\n\n\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/business\/solutions\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today&#8217;s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality.<\/p>\n","protected":false},"author":162,"featured_media":111936,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3689],"products":[],"threat-intelligence":[],"tags":[3896,3822,3809],"coauthors":[1906],"class_list":["post-111528","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-zero-trust","tag-credential-theft","tag-microsoft-security-insights","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Today&#039;s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-14T18:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-03T22:08:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Simos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Simos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/\",\"@type\":\"Person\",\"@name\":\"Mark Simos\"}],\"headline\":\"A clearer lens on Zero Trust security strategy: Part 1\",\"datePublished\":\"2022-04-14T18:00:00+00:00\",\"dateModified\":\"2023-08-03T22:08:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\"},\"wordCount\":1456,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\",\"keywords\":[\"Credential theft\",\"Microsoft Security Insights\",\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\",\"name\":\"A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\",\"datePublished\":\"2022-04-14T18:00:00+00:00\",\"dateModified\":\"2023-08-03T22:08:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg\",\"width\":1200,\"height\":800,\"caption\":\"Security practitioner working to investigate threats.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A clearer lens on Zero Trust security strategy: Part 1\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/","og_locale":"en_US","og_type":"article","og_title":"A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog","og_description":"Today's world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/","og_site_name":"Microsoft Security Blog","article_published_time":"2022-04-14T18:00:00+00:00","article_modified_time":"2023-08-03T22:08:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","type":"image\/jpeg"}],"author":"Mark Simos","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","twitter_misc":{"Written by":"Mark Simos","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/","@type":"Person","@name":"Mark Simos"}],"headline":"A clearer lens on Zero Trust security strategy: Part 1","datePublished":"2022-04-14T18:00:00+00:00","dateModified":"2023-08-03T22:08:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/"},"wordCount":1456,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","keywords":["Credential theft","Microsoft Security Insights","Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/","name":"A clearer lens on Zero Trust security strategy: Part 1 | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","datePublished":"2022-04-14T18:00:00+00:00","dateModified":"2023-08-03T22:08:00+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/CLO22_Warehouse_016-62545a32113eb.jpg","width":1200,"height":800,"caption":"Security practitioner working to investigate threats."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/14\/a-clearer-lens-on-zero-trust-security-strategy-part-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"A clearer lens on Zero Trust security strategy: Part 1"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/111528"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/162"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=111528"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/111528\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/111936"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=111528"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=111528"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=111528"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=111528"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=111528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=111528"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=111528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}