{"id":87163,"date":"2018-12-17T09:00:45","date_gmt":"2018-12-17T17:00:45","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=87163"},"modified":"2024-12-23T15:56:36","modified_gmt":"2024-12-23T23:56:36","slug":"zero-trust-part-1-identity-and-access-management","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/12\/17\/zero-trust-part-1-identity-and-access-management\/","title":{"rendered":"Zero Trust part 1: Identity and access management"},"content":{"rendered":"

Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, I\u2019ll define Zero Trust<\/a> and then discuss the first step to enabling a Zero Trust model\u2014strong identity and access management. In subsequent blogs, we\u2019ll cover each capability of a Zero Trust model in detail and how Microsoft helps you in these areas and end the series of blogs by discussing Microsoft\u2019s holistic approach to Zero Trust and our framework.<\/p>\n

Zero Trust defined\u2014everything is on the open internet<\/h3>\n

In some ways, the easiest way to think about Zero Trust is to assume everything is on the open internet, even resources we think are safe in our \u201cwalled gardens.\u201d With Zero Trust, we move from the world of implicit assumptions made based on single elements to explicit verification of all elements of access.<\/p>\n

\"Security<\/p>\n

Attacks are at an all-time high, and most are effective because of assumptions based on the idea that users are safe on corporate networks. These assumptions may have made sense 25 years ago because only email could flow beyond the corporate network, remote work was rare, and personal device use for work was virtually unheard of.<\/p>\n

But even in the early days, hackers took advantage of these assumptions. From abusing dial-in numbers for remote work on FTP servers to stealing credentials for email, attackers have long known that once you have ports facing the outside world, your whole network is out there too.<\/p>\n

You may have hardened your external access points by requiring Multi-Factor Authentication (MFA) or certifications to access your VPN, but in our investigations we see time and time again that either because of new exploits, or because of exceptions made to reduce friction with demanding (and sometimes VIP) workers, the assumption that \u201cif they are on my network, it\u2019s OK\u201d is not good enough.<\/p>\n

First step to enable a Zero Trust model\u2014strong identity and access management<\/h3>\n

When we talk about a Zero Trust<\/a> model\u2014and assuming that all of our users, applications, machines, and users are on the internet\u2014we move from a model of implicit trust to one of explicit verification, where:<\/p>\n