{"id":133998,"date":"2024-05-08T09:00:00","date_gmt":"2024-05-08T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=133998"},"modified":"2024-06-17T09:07:03","modified_gmt":"2024-06-17T16:07:03","slug":"how-implementing-a-trust-fabric-strengthens-identity-and-network","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/05\/08\/how-implementing-a-trust-fabric-strengthens-identity-and-network\/","title":{"rendered":"How implementing a trust fabric strengthens identity and network"},"content":{"rendered":"\n

The identity security landscape is transforming rapidly. Every digital experience and interaction is an opportunity for people to connect, share, and collaborate. But first, we need to know we can trust those digital experiences and interactions. Customers note a massive rise in the sheer number of identities they need to enable, connect, and protect. These include not only human identities like employees, partners, and customers, but also non-human or machine identities\u2014which outnumber humans and continue to grow exponentially. All these identities come with unique risks, but they\u2019re central to business organizations\u2019 need to create effective, seamless connections\u2014both for people and their apps, data, and networks. <\/p>\n\n\n\n

At the same time, the number and complexity of cyberthreats continues to grow. This makes the challenge of securing human and non-human identities urgent and critical. Phishing, ransomware, and both internal and external threats have increased significantly. And threat actors are quickly exploiting newer technologies like generative AI to create and scale their attacks.<\/p>\n\n\n\n

In the face of these challenges and the acceleration of AI opportunities and risks, what we think of as traditional identity and access management<\/a> is no longer enough. We need to ensure the right people, machines, and software components get access to the right resources at the right time, while keeping out any bad actors or cyberthreats. We need to be able to secure access for any trustworthy identity, anywhere, to any app, resource, or AI tool at any time.<\/p>\n\n\n\n

We take these challenges very seriously. Our teams have been hard at work, listening to customers and analyzing data\u2014and utilizing the modern technologies enabled by AI\u2014to stay ahead of threats and step up our defenses. This new era demands a comprehensive, adaptive, real-time approach to securing access.<\/strong><\/p>\n\n\n\n

At Microsoft, we call this approach the trust fabric<\/strong>.  <\/p>\n\n\n\n

Think global, act local<\/h2>\n\n\n\n

In years past, the firewall was the clear perimeter of network protection for customers. Then the buzz was \u201cidentity is the new perimeter\u201d as people began to work from home and do their work on personal devices. And recently, the term \u201cidentity fabric,\u201d coined by industry analysts in 2023, has been used by many to describe identity and access management (IAM) concepts and capabilities. But the move from a network control plane to an identity-centric control plane is just the beginning. Flexible work models, cloud apps and services, digitized business processes, AI, and more can no longer be managed by a single identity control plane. It would slow down the speed of business and become a choke point.<\/p>\n\n\n\n

Instead, to meet the needs of our ever-expanding digital estate, we need a \u201cthink global, act local\u201d approach. A combination of centralized decisions and policies would determine what is allowed to happen at the edges\u2014the points of interaction\u2014with multiple, distributed control planes at both the identity and network levels. In addition to identity, the network and endpoints are equally critical signals. The controls and policies should be unified with identity to reduce complexity and gaps. This is the distinction between identity fabric and the next step: trust fabric<\/strong>. In this era of ubiquitous, decentralized computing, data centers can serve as the intelligent cloud, facilitating interaction with smart devices and services on the intelligent edge. This decentralized identity model can also help achieve the speed required to authorize so many devices and services at scale. The vision for how to conceptually architect and move forward with this comprehensive defense-in-depth cybersecurity strategy is the same as a trust fabric. As such, Microsoft\u2019s trust fabric concept expands beyond traditional IAM to weave together comprehensive, unified identity, network access, and endpoint controls.<\/p>\n\n\n

\"Diagram<\/figure>\n\n\n\n

Figure 1. Identity security has evolved from directory services and firewalls to cloud-centered identity services to today\u2019s decentralized trust fabric approach.<\/em> <\/em><\/p>\n\n\n\n

Zero Trust and a trust fabric<\/h2>\n\n\n\n

Zero Trust<\/a> is the term for an evolving set of cybersecurity paradigms that move cybersecurity defenses from static, network-based perimeters to focus on users, assets, and resources. The concept of Zero Trust has been around in cybersecurity for some time and is increasingly important as enterprise infrastructure continues to become decentralized and increases in complexity. In 2020, the National Institute of Standards and Technology (NIST) released a security-wide framework<\/a> or model of Zero Trust based on three core principles: Verify explicitly, ensure least-privileged access, and assume breach. The Zero Trust principles are foundational to how organizations should architect a trust fabric, and instructional for how to build technology to bring the trust fabric to life.<\/strong><\/p>\n\n\n\n

A Zero Trust strategy is a proactive, integrated approach to security across all layers of the digital estate. A modern comprehensive implementation of Zero Trust protects assets wherever they are. It includes solutions for securing access<\/a>, securing your data, securing all your clouds<\/a>, defending against threats, and managing risk and privacy. Zero Trust benefits from AI-enabled solutions and provides the agile security required to protect the use of AI technologies. Developing and managing a trust fabric for your organization addresses the need for secure access. It can integrate with and inform each solution in your framework as needed for end-to-end visibility, defense, and optimization.     <\/p>\n\n\n\n

The core threads of a trust fabric<\/h2>\n\n\n\n

The first key word is trust<\/strong>. Trustworthiness of human and non-human identities will be determined by real-time evaluation and verification of valid decentralized identity credentials. It isn\u2019t an idea of \u201ctrust but verify.\u201d It\u2019s \u201cactively verify, then trust.\u201d And the second key word is fabric<\/strong>. According to Gartner\u00ae<\/sup>, \u201cCybersecurity mesh, or cybersecurity mesh architecture (CSMA), is a collaborative ecosystem of tools and controls to secure a modern, distributed enterprise. It builds on a strategy of integrating composable, distributed security tools by centralizing the data and control plane to achieve more effective collaboration between tools. Outcomes include enhanced capabilities for detection, more efficient responses, consistent policy, posture and playbook management, and more adaptive and granular access control\u2014all of which lead to better security”.1<\/sup> With a trust fabric<\/strong>, organizations first evaluate the risk level of any identity or action. Then, they apply a universal Conditional Access engine. It meters secure access with smart policies and decisions informed by governance, compliance, and current global cyberthreats. And it takes into account any important factors or anomalies relevant to the situation at any given moment.  <\/p>\n\n\n\n

\"An<\/figure>\n\n\n\n

Figure 2. A trust fabric verifies identities, validates access conditions, checks permissions, encrypts the connection channel, and monitors for compromise<\/em>.<\/p>\n\n\n\n

For a trust fabric, the following capabilities and conditions must be continuously evaluated in real-time:\u202f\u202f <\/p>\n\n\n\n