After more than 90 minutes of in-depth presentations and detailed demos from 4 speakers from Microsoft and Softline, the attendees had a chance to discover a modern security model named Zero Trust – a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data, which helps businesses stay fully secure in this current hybrid workplace environment.
According to Mr. Dat Luu - Modern Workplace Security Technical Specialist from Microsoft, with the complexity of the modern working environment, security architectures based on network firewall and VPN cannot guarantee enough security for data when employees have to constantly access applications and resources beyond the boundary. Therefore, organizations need a new security model that better adapts to today’s workplace environments, including the mobile workforce that ensures to protect users, devices, applications and data anywhere. This is the core value of Zero Trust.
Instead of believing everything behind the corporate firewall is safe, Zero Trust model assumes breach and verifies each request as it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust model suggests us “never trust, always verify”.
In details on the Zero Trust model, Mr. Sang Pham – Security Practise Lead from Softline shared 3 guiding principles of Microsoft Zero Trust:
- Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and unusual behaviors.
- Use least privileged access: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, performance and data protection.
- Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
Moreover, to reach 99.99% reliability, Zero Trust should be applied on 6 platforms:
- Identity: Zero Trust starts with identity, verifying that only the people, devices and processes that have been granted access to your resources can access them.
- Device: Next comes assessing the security compliance of device endpoints -the hardware accessing your data - including the IoT systems on the edge
- Application: This oversight applies to your applications too, whether local or in the Cloud, as the software-level entry points to your information.
- Network: Next, there are protections at the network layer for access to resources – especially those within your corporate perimeter.
- Infrastructure: Followed by the infrastructure hosting your data on-premises and in the cloud. This can be physical or virtual, including containers and micro-services and the underlying operating systems and firmware.
- Data: And finally, protection of the data itself across your files and content, as well as structured and unstructured data wherever it resides.
It can be said Zero Trust is gradually becoming a familiar model for businesses in the digitalization trend. However, to apply this model effectively and successfully, it is necessary to get support and advice from security experts and Softline is the reliable partner you can trust.
With a series of high-level security certifications as: “Threat Protection advanced specialization Threat Protection”; “Microsoft Identity and Access Management advanced specialization”; “Microsoft Information Protection and Governance advanced specialization”, Softline is proud to be the trusted partner accompanying customers on the journey of digital information, helping businesses improve with the most advanced and modern security system in the today’s market.
Contact Softline to get the webinar document and detailed support!