Cloud Technology

What are the first steps for a mid-sized firm to implement a Zero Trust Architecture?

RO Asked by Robert Wilson · 22-09-2023
0 upvotes 8,957 views 0 comments
The question

Our leadership is pushing for a Zero Trust Security approach after reading about recent ransomware attacks. We currently rely heavily on a legacy VPN for remote access to our Azure environment. Is it better to start with Identity and Access Management (IAM) and MFA, or should we be looking at micro-segmentation of our virtual networks first to prevent lateral movement of threats?

3 answers

0
JE
Answered on 23-09-2023

Transitioning to Zero Trust is a journey, not a single software purchase. The most effective starting point is robust Identity and Access Management. Implementing Multi-Factor Authentication (MFA) across all entry points should be your priority, as it instantly mitigates credential-based attacks. Once identity is secure, you should move toward micro-segmentation. This involves breaking your network into smaller zones to ensure that even if one segment is compromised, the attacker cannot easily move to sensitive databases. It effectively replaces the "flat network" model of traditional VPNs. 

0
CH
Answered on 24-09-2023

Starting with IAM is logical, but how do you plan to handle "device health" as part of your Zero Trust strategy? Are you looking into Conditional Access policies that check if a laptop is patched before granting it access to your cloud production environment? 

JA 25-09-2023

We are definitely looking into Microsoft Intune for device compliance. The idea is that identity isn't enough; the device itself must be verified as secure and "healthy" before any tokens are issued for cloud services, which adds that extra layer of validation Zero Trust requires.

0
LI
Answered on 25-09-2023

Zero Trust is built on the principle of "never trust, always verify." Start with MFA and then look into Least Privilege Access for every user. 

RO 27-09-2023

Absolutely agree. Removing local admin rights and enforcing Just-In-Time (JIT) access are also critical components of this strategy to reduce the attack surface.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session