The digital transformation of the modern workforce has forced organisations to support an inconceivable number of devices that access business data from anywhere.
Before Zero Trust, Endpoint Security was limited to domain-joined devices accessing resources from inside the corporate network or remotely via VPN connections.
It’s also a normal occurrence for these endpoints to not be owned or managed by external parties to the business, which means they can have different patch levels as well as varied applications installed and configured. This increases the level of risk with untrusted endpoints accessing sensitive information and affects the security posture of the organisation.
As explained in Taking a strategic approach to Zero Trust, the principle of Zero Trust is “never trust, always verify”. This means businesses should always verify all endpoints trying to access business resources, including all corporate owned or Bring Your Own Device (BYOD) belonging to employees, contractors, partners and guests’ devices, regardless of device ownership.
Adopting a Zero Trust security model gives businesses the opportunity to transform their day-to-day business securely and allow all endpoints, whether PC, Mac, smartphone, tablet, wearable or IoT devices, to access business applications and information from wherever they are connected, whether it be on the corporate network, home broadband or from the public internet.
6 principles of a Zero Trust security model for securing devices
- Ensure visibility – register all endpoints, both corporate and personal with cloud identity providers. To monitor security and risk across endpoints used by any one person, you need visibility of all devices and access points that may be accessing your resources.
- Define compliance policies – establish minimum security requirements for all devices.
- Define control policies – cover device configurations, application protections, risk level and endpoint security health status.
- Define controls and data loss prevention policies – what can users do with data after granting access, e.g. prevent copy/paste rights to local devices or sharing classified information with external parties.
- Onboarding endpoints – implement a threat detection and response solution to protect against advanced threats.
- Establish analytics – integrate and transfer signals and logs from endpoint threat detection solution and other mobile threat defence vendors to SIEM platform to analyse, monitor and ease the security management of all endpoints in a single pane of glass portal.
At Byte, we recommend implementing Microsoft Endpoint Manager as a mobile device management platform to create a baseline for Zero Trust. Building on that platform with other Microsoft security stack solutions, including Microsoft Defender for Endpoint and Azure Sentinel – will provide the best and seamless integrated solutions for real-time protection of endpoints, allowing organisations to monitor and detect threats and respond to them in a timely manner.
Talk to Byte as a security Gold partner with Microsoft to assess your organisation’s security maturity, define the roadmap and work with your teams on best fit for purpose solutions.