{"id":93942,"date":"2021-06-30T06:00:43","date_gmt":"2021-06-30T13:00:43","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=93942"},"modified":"2023-05-15T23:10:30","modified_gmt":"2023-05-16T06:10:30","slug":"the-critical-role-of-zero-trust-in-securing-our-world","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/30\/the-critical-role-of-zero-trust-in-securing-our-world\/","title":{"rendered":"The critical role of Zero Trust in securing our world"},"content":{"rendered":"

We are operating in the most complex cybersecurity landscape that we\u2019ve ever seen. While our current ability to detect and respond to attacks has matured incredibly quickly in recent years, bad actors haven\u2019t been standing still. Large-scale attacks like those pursued by Nobelium1<\/sup>\u00a0and Hafnium, alongside ransomware attacks on critical infrastructure indicate that attackers have become increasingly sophisticated and coordinated. It is abundantly clear that the work of cybersecurity and IT departments are critical to our national and global security.<\/p>\n

Microsoft has a unique level of access to data on cyber threats and attacks globally, and we are committed to sharing this information and insights for the greater good.\u00a0As illustrated by recent attacks, we collaborate across the public and private sectors, as well as with our industry peers and partners,\u00a0to create a stronger, more intelligent\u00a0cybersecurity community for the protection of all.<\/p>\n

This collaborative relationship includes the United States government, and we celebrate the fast-approaching milestones of the US Cybersecurity Executive Order2<\/sup> (EO). The EO specifies concrete actions to strengthen national cybersecurity and address increasingly sophisticated threats across federal agencies and the entire digital ecosystem. This order directs agencies and their suppliers to improve capabilities and coordination on information sharing, incident detection, incident response, software supply chain security, and IT modernization, which we support wholeheartedly.<\/p>\n

With these national actions set in motion and a call for all businesses to enhance cybersecurity postures, Microsoft and our extensive partner ecosystem stand ready to help protect our world. The modern framework for protecting critical infrastructure, minimizing future incidents, and creating a safer world already exists: Zero Trust<\/a>. We have helped many public and private organizations to establish and implement a Zero Trust approach, especially in the wake of the remote and hybrid work tidal wave of 2020-2021. And Microsoft remains committed to delivering comprehensive, integrated security solutions at scale and supporting customers on every step of their security journey, including detailed guidance for Zero Trust deployment<\/a>.<\/p>\n

Zero Trust\u2019s critical role in\u00a0helping secure\u00a0our world<\/h2>\n

The evidence is clear\u2014the old security paradigm of building an impenetrable fortress around your resources and data is simply not viable against today\u2019s challenges. Remote and hybrid work realities mean people move fluidly between work and personal lives, across multiple devices, and with increased collaboration both inside and outside of organizational boundaries. Entry points for attacks\u2014identities, devices, apps, networks, infrastructure, and data\u2014live outside the protections of traditional perimeters. The modern digital estate is distributed, diverse, and complex.<\/p>\n

This new reality\u00a0requires\u00a0a Zero Trust approach.<\/p>\n

Section 3<\/a> of the EO calls for \u201cdecisive steps\u201d for the federal government \u201cto modernize its approach to cybersecurity\u201d by accelerating the move to secure cloud services and Zero Trust implementation, including a mandate of multifactor authentication and end-to-end encryption of data. We applaud this recognition of the Zero Trust strategy as a cybersecurity best practice, as well as the White House encouragement of the private sector to take \u201cambitious measures\u201d in the same direction as the EO guidelines.<\/p>\n

Per Section 3, federal standards and guidance for Zero Trust are developed by the National Institute of Standards and Technology<\/a> (NIST) of the US Department of Commerce, similar to other industry and scientific innovation measurements. NIST has defined Zero Trust in terms of several basic tenets<\/a>:<\/p>\n