If you are not thinking about leveraging Zero Trust
principles when connecting to the Office 365 cloud, you should be.
The industry and customer shift from traditional on-premises application delivery to the cloud as well as the rapidly growing consumption of SaaS services has inverted network and security paradigms, shifting the focal point to the identity, device, application and data, and away from relying solely on traditional network perimeters, which are becoming less effective in reasoning and securing rich and complex application scenarios. Extending legacy network perimeter architectures into the cloud is becoming impractical, requiring customers to transform network and security architectures for the needs of the cloud. Such transformation is captured in the Zero Trust Architecture models that are being adopted by the private industry (Implementing a Zero Trust security model at Microsoft) and DoD (The Road to Zero Trust (Security)).
Office 365 incorporates Zero Trust principles in its
internal service design and operations as well as allows customers to natively
achieve Zero Trust outcomes in consuming the service by taking advantage of
built-in features which apply continuous validations across identity, device,
service, and data layers. This allows
customers to achieve the same or better security outcomes with Office 365
natively, compared to security outcomes that are achievable with legacy network
perimeter controls. Implementing Zero
Trust principles allow customers to modernize and in many cases simplify their
network perimeter dependencies, particular for Office 365 application
experiences and use a more differentiated and scaled-out connectivity approach.
This shortens the network distance between the user and Office 365, reduces
processing overhead at the enterprise network perimeter, thus improving user
experience.
Highly recommend reading the following.
The Road to Zero Trust (Security)
Implementing a Zero Trust security model at Microsoft
Highly recommend reading the following.
The Road to Zero Trust (Security)
Implementing a Zero Trust security model at Microsoft